Google has launched client-side encryption (CSE) for Gmail, providing additional security measures to email communication. The CSE feature encrypts data sent in emails, including attachments, before it reaches Google’s servers. This ensures that confidential data is unreadable and encrypted, which boosts organizations’ confidence that third parties, including Google and foreign governments, cannot access their sensitive information.
The new feature is available for Google Workspace Enterprise Plus, Education Plus, and Education Standard customers. It is disabled by default, and company administrators must take steps to enable CSE, which can be accessed on the domain or Google Group level. Once enabled, end-users will see a lock icon on the recipient bar’s right side, and additional encryption can be added by clicking “turn on” in the Additional Encryption section.
While CSE adds a layer of security to email communication, it is not equivalent to end-to-end encryption (E2EE). E2EE encrypts the message locally on the sender’s device, and only the recipient can unscramble the message. Gmail CSE is aimed at corporate users, which means company administrators could theoretically have the encryption tokens required to read information sent with the encryption feature.
While Google’s CSE is a commendable development, privacy-focused email service ProtonMail has already implemented end-to-end encryption (E2EE) as a default feature, which provides stronger security for users. ProtonMail’s E2EE guarantees that only the sender and recipient can access the decrypted message content, making it a popular choice for those who value privacy.
Nevertheless, Google’s move towards CSE demonstrates its commitment to data privacy and protection, a crucial consideration in today’s digital landscape.
To activate:
- Make sure your admin enabled CSE
- Click ‘Compose’ on Gmail
- Find the lock symbol on the right side
- Clicking on the symbol prompts security options
- Find ‘Additional Encryption’
- Click ‘Turn On’
