Google announced the addition of end-to-end encryption (E2EE) to Gmail on the web. It will allow google workspace users to send and receive encrypted emails within and outside their domain.

Client-side encryption also known as E2EE by Google was previously available for Google Drive, Google Docs, Sheets, Slides, Google Meet, and Google Calendar users (beta).

Upon activation, Gmail client-side encryption ensures Google servers cannot decrypt that any sensitive data provided as part of the email’s body and attachments including inline pictures. Furthermore, the email header containing the topic, timestamps, and recipients’ lists will not be encrypted.

Google explained on the support page that users can use the default encryption provided by google workspace admin. Moreover, they can also encrypt their organization’s data using their encryption keys.

So how this works?

Before transferring any data or storing it in any cloud storage online backup. The content is encrypted in the client’s browser with Google Workspace Client-side encryption.

 This prevents Google servers from accessing users’ encryption keys and decrypting their data. The senders can also select which users can produce client-side encrypted material and publish it internally or externally after configuring CSE.

How to activate Gmail CSE?

After receiving an email from Google confirming that the account is ready. Administrators can configure Gmail CSE for their users by following the steps below. These steps will enable google workspace admins to set up their environment, prepare S/MIME certificates for each user in the test group, and configure the key service and identity provider.

This feature is disabled by default and may be turned on at the domain, organizational unit, and Group levels by navigating to Admin interface > Security > Access and data management > Client-side encryption.

 Once enabled, you may enable E2EE for any message by clicking the lock symbol next to the Recipients box and then selecting “Turn on” from the “Additional encryption” menu.

 Why Gmail E2EE is important for your organization?

Soon users will be able to create Gmail messages and attach email attachments as usual. Google claims that Google Workspace already encrypts all data at rest and in transit between their facilities using the latest cryptographic standards. Client-side encryption improves data security while addressing a wide range of data sovereignty and compliance requirements.

Gmail E2EE availability

Gmail E2EE beta is now accessible to customers’ google workplace plans. Mainly it is available to Google Workspace Enterprise Plus, Education Plus, and Education Standard users.

They can apply for the beta until January 20, 2023. Senders can apply by submitting a Gmail CSE Beta Test Application, which includes their email address, Project ID, and test group domain.

According to the company, users with personal Google Accounts or Google Workspace Essentials, Business Starter, and  Business Standard cannot access this functionality. Similarly, users with Business Plus, Enterprise Essentials, Education Fundamentals, Frontline, and Nonprofits, as well as legacy G Suite Basic and Business customers do not have access yet.