Reading Time: 3 minutes

Now Google offers next-level Gmail security with client-side encryption. On Friday Google announced client-side encryption for Gmail in beta for its workspace and education customers to secure emails sent using the web version of the platform.

Amidst growing concerns about online privacy and data security, this is a good move for users who value the protection of their personal data.

Now Google Workspace Enterprise Plus, Education Plus, and Education Standard customers can sign up for the beta until January 20, 2023, though it is not available for personal Google Accounts.

The search engine giant in a blog post said, “Using client-side encryption in Gmail ensures sensitive data in the email body and attachments are indecipherable to Google servers. Customers retain control over encryption keys and the identity service to access those keys.”

It is important to know that the new protection offered by Gmail is different from end-to-end encryption.end to end encrytptionThe current protection offered by Google is different from the end-to-end encryption. As the name implied, client-side encryption will protect data at rest. This means it will allow organizations to encrypt data on Google services with their own cryptographic keys. Data is encrypted locally, then decrypted client-side via a key management service that is hosted on the cloud.

In order to help their users maintain high levels of security, Google has implemented a new feature that requires administrators to set up an encryption key service through one of their company’s partner services. There are FlowCrypt, Fortanix, Futurex, and Stormshield as well as Thales and Virtru with whom Google works. Alternately, Google allows the user to build their own encryption key service using its client-side encryption API.

Encryption protects the data and is protected from unauthorized access, even from the server or service provider. However, the organization or administrator, who has control over keys, can monitor encrypted files or revoke a user’s access to keys that you generated with your own private password (e.g. letmein) by changing the permissions on your public keys in the public key ring.

Conversely, end-to-end encryption (E2EE) is a method of communication in which encrypted data can be decrypted only by the recipient. This means that anyone who gets hold of the message while it’s being sent will not be able to read its contents.

While PGP has been around for many years, Mailvelope offers a new – encrypted email option. This is an extension for web browsers, which will permit both sending and receiving encrypted emails but not the recipient list or subject.

Gmail is not the only Google product that has client-side encryption turned on. Google Drive and Google Meet both were made to have encrypted data, just like Gmail had. The test for Google Calendar ended on November 10, 2022.

Google Drive has the option for client-side encryption that takes place on your device. In other words, when you use their apps on any of your devices, it will be encrypted before it goes back to Google. The company said that an update to Meet and Calendar is planned for this feature in an upcoming release.

“Client-side encryption helps strengthen the confidentiality of your data and help address a broad range of data sovereignty and compliance needs,” their support team further added.

Related Articles:
Samba Security Updates to Patch Multiple High-Severity Vulnerabilities
FBI’s Info Sharing Network ‘InfraGard’ Hacked
Ex-Twitter Employee Jailed for 3.5 Years for Spying on Behalf of Saudi Arabia