Google has announced that its client-side encryption for Gmail is in beta for Workspace and education customers as part of its efforts to secure emails sent using the web version of the platform.
Google Workspace Enterprise Plus, Education Plus, and Education Standard customers can apply to sign up for the beta until January 20, 2023. It's not available to personal Google Accounts. The latest safeguards offered by Gmail are different from end-to-end encryption.
Client-side encryption, as the name implies, is a way to protect data at rest. It allows organizations to encrypt data on Google services with their own cryptographic keys. The data is decrypted on the client-side using keys that are generated and managed by a key management service, which is hosted in the cloud.
Google's opt-in feature requires administrators to set up an encryption key service through one of the company's partners — which are offered by Flowcrypt, Fortanix, Futurex, Stormshield, Thales, or Virtru — or alternatively, build their own service using its client-side encryption API.
This means the data is protected from unauthorized access, even from the server or the service provider. However, the organization or administrator has control over the keys and can monitor users' encrypted files or revoke a user's access to the keys, even if they were generated by the user themselves.
End-to-end encryption (E2EE) is a method of communication in which information is encrypted on the sender's device and can be decrypted only on the recipient's device with a key known only to the sender and the recipient.
The new option – limited to the web browser for now – permits users to send and receive encrypted emails both within and outside of their domains. The encryption covers email body and attachments, including inline images, but not the subject and recipient lists.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.