Google is expanding its rollout of client-side encryption to Gmail and Calendar, allowing more users to send and receive encrypted email and calendar invites.
The client-side encryption (CSE) feature is now generally available for Google Workspace Enterprise Plus, Education Plus, and Education Standard customers following the beta launch in December.
Also: Google brings client-side encryption to Gmail for Workspace
CSE is similar to end-to-end encryption (E2EE), but differs in that encryption keys are generated and stored in a cloud-based key management service that can be managed by admins, who need to select a non-Google key management service.
While it has reached general availability for some Workspace accounts, Gmail users with a personal account aren’t being offered the feature. It’s also not available for Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Education Fundamentals, Frontline, and Nonprofits, as well as legacy G Suite Basic and Business customers.
CSE is already available for Drive, Docs, Slides, Sheets, and Meet. The feature for Gmail and Calendar is off by default, so admins need to enable it in the Workspace admin console before users can send encrypted email and invites, according to Google. If it is enabled, Gmail users can click the padlock icon and select additional encryption to send a message that is encrypted before it reaches Google’s servers.
“Client-side encryption takes existing encryption capabilities to the next level by ensuring that customers have sole control over their encryption keys — and thus complete control over access to their data,” Google explains.
Google is positioning the feature as a compliance-related effort to give organizations in regulated sectors greater confidence that third parties, including Google, can’t access confidential data. Clients that are using CSE include PwC UK, Verizon, Airbus, and Groupe Le Monde.
“As customers retain control over the encryption keys and the identity management service to access those keys, sensitive data is indecipherable to Google and other external entities,” Google Workspace representatives Ganesh Chilakapati and Andy Wen explain in a blogpost.
Also: Remote work is everywhere now. Here’s how to make it work
Third-party key management services that work with Gmail CSE include FlowCrypt, Fortanix, FutureX, Stormshield, Thales, and Virtru.