Wednesday, October 16, 2024
HomeGmailGoogle’s New End-To-End Encryption for Gmail on the Web

Google’s New End-To-End Encryption for Gmail on the Web

Published on

Malware protection

On Friday, Google released a beta version of Client-side encryption (CSE) for Gmail. This newest service is only useful to organisations that can produce their own decryption keys because CSE is designed for organisational use.

Google has now made “end-to-end encryption” available for Gmail on the web, following Meta’s 2016 offer to use it for WhatsApp. However, it only provides client-side encryption (CSE).

Notably, Client-side encryption (Google refers to as E2EE) was already available for users of Google Drive, Google Docs, Sheets, Slides, Google Meet, and Google Calendar (beta).

- Advertisement - SIEM as a Service

“We’re expanding customer access to client-side encryption in Gmail on the web. Google Workspace Enterprise plus, Education plus, and Education Standard customers are eligible to apply for the beta until January 20th, 2022”, Google announces.

End-To-End Encryption for Gmail

Sensitive information in the email body and attachments are rendered unreadable by Google servers using client-side encryption in Gmail. Customers retain control of both the identity service used to access encryption keys.

“You can use your own encryption keys to encrypt your organization’s data, in addition to using the default encryption that Google Workspace provides,” explains Google.

“With Google Workspace Client-side encryption (CSE), content encryption is handled in the client’s browser before any data is transmitted or stored in Drive’s cloud-based storage.

“That way, Google servers can’t access your encryption keys and decrypt your data. After you set up CSE, you can choose which users can create client-side encrypted content and share it internally or externally.”

Google Workspace already uses the latest cryptographic standards to encrypt all data at rest and in transit between our facilities. Client-side encryption supports a wide range of data sovereignty and compliance requirements while enhancing the secrecy of your data.

For customers of Google Workspace Enterprise Plus, Education Plus, and Education Standard, Gmail E2EE beta is presently available.

By submitting their Gmail CSE Beta Test Application, which should include the email address, Project ID, and test group domain, they can apply for the beta until January 20, 2023.

Google says this feature will be OFF by default and can be enabled at the domain, OU, and Group levels (Admin console > Security > Access and data control > Client-side encryption).

To add client-side encryption to any message, click the lock icon and select additional encryption, compose your message and add attachments as normal.

Also, the feature is not available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Education Fundamentals, Frontline, and Nonprofits, as well as legacy G Suite Basic and Business customers. Also, the service has not yet been rolled out for personal accounts.

Finally, End-to-end encryption is something we take for granted in the modern era when hacking and data leakage is becoming more frequent occurrences. 

Secure Web Gateway – Web Filter Rules, Activity Tracking & Malware Protection – Download Free E-Book

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

HORUS Protector Delivering AgentTesla, Remcos, Snake, NjRat Malware

The Horus Protector crypter is being used to distribute various malware families, including AgentTesla,...

ErrorFather Hackers Attacking & Control Android Device Remotely

The Cerberus Android banking trojan, which gained notoriety in 2019 for its ability to...

Hackers Allegedly Selling Data Stolen from Cisco

A group of hackers reportedly sells sensitive data stolen from Cisco Systems, Inc.The...

Fortigate SSLVPN Vulnerability Exploited in the Wild

A critical vulnerability in Fortinet's FortiGate SSLVPN appliances, CVE-2024-23113, has been actively exploited in...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Beware of Fake AI Scam calls that Takeover your Gmail Account

Scammers use sophisticated AI technology to impersonate tech giants like Google, aiming to take...

Google’s New Dark Web Monitoring Feature for Gmail Users

Google declared that all Gmail users within the United States would shortly be able...

How to Send A Fax From Gmail

Google’s Gmail gives millions of people around the world to send and receive emails....