Monday, May 5, 2025
HomeGmailGoogle’s New End-To-End Encryption for Gmail on the Web

Google’s New End-To-End Encryption for Gmail on the Web

Published on

SIEM as a Service

Follow Us on Google News

On Friday, Google released a beta version of Client-side encryption (CSE) for Gmail. This newest service is only useful to organisations that can produce their own decryption keys because CSE is designed for organisational use.

Google has now made “end-to-end encryption” available for Gmail on the web, following Meta’s 2016 offer to use it for WhatsApp. However, it only provides client-side encryption (CSE).

Notably, Client-side encryption (Google refers to as E2EE) was already available for users of Google Drive, Google Docs, Sheets, Slides, Google Meet, and Google Calendar (beta).

- Advertisement - Google News

“We’re expanding customer access to client-side encryption in Gmail on the web. Google Workspace Enterprise plus, Education plus, and Education Standard customers are eligible to apply for the beta until January 20th, 2022”, Google announces.

End-To-End Encryption for Gmail

Sensitive information in the email body and attachments are rendered unreadable by Google servers using client-side encryption in Gmail. Customers retain control of both the identity service used to access encryption keys.

“You can use your own encryption keys to encrypt your organization’s data, in addition to using the default encryption that Google Workspace provides,” explains Google.

“With Google Workspace Client-side encryption (CSE), content encryption is handled in the client’s browser before any data is transmitted or stored in Drive’s cloud-based storage.

“That way, Google servers can’t access your encryption keys and decrypt your data. After you set up CSE, you can choose which users can create client-side encrypted content and share it internally or externally.”

Google Workspace already uses the latest cryptographic standards to encrypt all data at rest and in transit between our facilities. Client-side encryption supports a wide range of data sovereignty and compliance requirements while enhancing the secrecy of your data.

For customers of Google Workspace Enterprise Plus, Education Plus, and Education Standard, Gmail E2EE beta is presently available.

By submitting their Gmail CSE Beta Test Application, which should include the email address, Project ID, and test group domain, they can apply for the beta until January 20, 2023.

Google says this feature will be OFF by default and can be enabled at the domain, OU, and Group levels (Admin console > Security > Access and data control > Client-side encryption).

To add client-side encryption to any message, click the lock icon and select additional encryption, compose your message and add attachments as normal.

Also, the feature is not available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Education Fundamentals, Frontline, and Nonprofits, as well as legacy G Suite Basic and Business customers. Also, the service has not yet been rolled out for personal accounts.

Finally, End-to-end encryption is something we take for granted in the modern era when hacking and data leakage is becoming more frequent occurrences. 

Secure Web Gateway – Web Filter Rules, Activity Tracking & Malware Protection – Download Free E-Book

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

NCSC Warns of Ransomware Attacks Targeting UK Organisations

National Cyber Security Centre (NCSC) has issued technical guidance following a series of cyber...

Claude AI Abused in Influence-as-a-Service Operations and Campaigns

Claude AI, developed by Anthropic, has been exploited by malicious actors in a range...

Threat Actors Attacking U.S. Citizens Via Social Engineering Attack

As Tax Day on April 15 approaches, a alarming cybersecurity threat has emerged targeting...

TerraStealer Strikes: Browser Credential & Sensitive‑Data Heists on the Rise

Insikt Group has uncovered two new malware families, TerraStealerV2 and TerraLogger, attributed to the...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Seven Malicious Packages Exploit Gmail SMTP to Run Harmful Commands

A major supply chain security incident has rocked the Python open-source community as researchers...

Cybercriminals Exploit Google OAuth Loophole to Evade Gmail Security

A sophisticated phishing attack exploiting a loophole in Google’s OAuth infrastructure has surfaced, raising...

Google Introduces End-to-End Encryption for Gmail Business Users

Google has unveiled end-to-end encryption (E2EE) capabilities for Gmail enterprise users, simplifying encrypted email...