Google has announced its client-side encryption for Gmail, which has been in beta for Workspace, has now been extended to businesses. This means that businesses can apply to test out the feature which is designed to make data encryption more powerful. The beta program is expected to run till January 20, 2023.
With this feature, which comes at a time when concerns about online privacy and data security are at an all-time high, Workspace users will have an additional level of security and option when using the web version of Gmail.
Prior to the announcement, client-side encryption was only available to Google Workspace Enterprise Plus, Education Plus, and Education Standard customers. However, it is now open to businesses and organizations that rely on Google’s productivity tools.
Businesses and users on the beta program can now click on the padlock icon on the top right corner of the screen to turn on additional encryption for the message, although, the users will have to give up some features like the ability to use emoji, signature, and Smart Compose.
What is client-side encryption?
Client-side encryption is a type of encryption that is done on the user’s device (called client-side) before it is sent to the server. With this type of encryption, there is more security of data because data is secured using keys that are generated and managed by a key management service, which is hosted in the cloud, before it leaves the device at all. This makes it even more difficult for the data to be intercepted and read by unauthorized persons.
Client-side encryption is not without its own limitations as it does not encrypt the email header data, including the subject, timestamps, and recipient list. The encryption technology also does not support features like Gmail Smart Compose, confidential mode, multi-send, and emojis.
Client-side encryption (CSE) should not be confused with end-to-end encryption (E2EE). E2EE is a method of communication where information is encrypted on the sender’s device and can be decrypted only on the recipient’s device with a key known only to the sender and the recipient, while in CSE, the administrator has control over the keys and can revoke a user’s access to the keys, even if they were generated by the user themselves.