Google brings client-side encryption to Gmail for Workspace

Image: Getty Images/iStockphoto

Google is rolling out what it calls client-side encryption (CSE), giving Workspace customers the ability to use their own encryption to shield their data before it reaches Google’s servers. 

With client-side encryption (CSE) enabled, the email body, attachments, and inline images are encrypted. The email header, subject, timestamps, and recipients lists are not. 

Google Workspace Enterprise Plus, Education Plus, or Education Standard customers can now apple to Google to join the Gmail CSE Beta test via its new support page for the feature. 

Also: Google warns: Android ‘patch gap’ is leaving these smartphones vulnerable to attack

It’s not available to users with personal Google Accounts, and not available to users with Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Education Fundamentals, Frontline, and Nonprofits, as well as legacy G Suite Basic and Business customers

Google explains CSE is different to end-to-end encryption (E2EE) because clients use encryption keys that are generated and stored in a cloud-based key management service, so admins can control the keys and who has access to them. This way, the admin can revoke a user’s access to keys, even if that user generated them. With E2EE, admins don’t have control over the keys on the clients and who can use them, nor can the admin see which content users have encrypted. 

Google has partnered with several key management service providers, including FlowCrypt, Fortanix, FutureX, Stormshield, Thales, and Virtru. Users can’t use Google as

Read more

Explore the site

More from the blog

Latest News