Google announced that CSE (client-side encryption) is now generally available for Gmail and Calendar users. This will let more companies become the sole arbiters of their own data and determine who has access to it.
Google Drive, Docs, Slides, Sheets, and other Workspace previously offered this feature. By protecting user data in the event of a server breach at Google, CSE is predicted to offer added benefits.
For users of Google Workspace Enterprise Plus, Education Plus, and Education Standard, client-side encryption (CSE) is currently generally available.
Benefits of Gmail Client-Side Encryption
Data on a client’s device is encrypted before it is delivered to Google in order to accomplish Gmail CSE. The security is increased since only a machine using the same key as the sender may decrypt the encrypted data.
“Starting today, users can send and receive emails or create meeting events with internal colleagues and external parties, knowing that their sensitive data (including inline images and attachments) has been encrypted before it reaches Google servers”, Google.
Hence, it makes sure that any private information sent in an email’s body or attachments (including embedded photos) is encrypted and rendered unreadable before it reaches Google’s servers.
Notably, the email header, which contains the subject, timestamps, and recipient lists, will not be encrypted.
“Client-side encryption takes this encryption capability to the next level by ensuring that customers have sole control over their encryption keys — and thus complete control over all access to their data”, says Google.
Customers maintain control of the encryption keys, and they use an identity management service to gain access to them, rendering sensitive information unreadable by Google and other outside parties.
“As customers retain control over the encryption keys and the identity management service to access those keys, sensitive data is indecipherable to Google and other external entities”, Google.
By clicking the lock icon next to the Recipients section for any email after it has been toggled on, you can enable “additional encryption.” Users of Gmail can then create their email messages and include attachments as usual.
Any emails you send using end-to-end encryption (E2EE) is encrypted on your end and only decoded upon arrival at the recipient’s end.
Only the sender and receiver will be able to see the complete contents of an email due to this sort of encryption.
With Gmail CSE, other applications and company administrators may have access to the private keys used to decrypt encrypted emails.
Admins can enable the feature at the domain, organization, and Group levels via the Admin console > Security > Access and data control > Client-side encryption. The option will be disabled by default.
The customers of Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Education Fundamentals, Frontline, and Nonprofits, as well as legacy G Suite Basic and Business customers, according to the firm, are not currently able to access the feature.
Network Security Checklist – Download Free E-Book