Google has announced the general availability of client-side encryption (CSE) for Gmail and Calendar, months after piloting the feature in late 2022.
The data privacy controls enable “even more organizations to become arbiters of their own data and the sole party deciding who has access to it,” Google’s Ganesh Chilakapati and Andy Wen said.
To that end, users can send and receive emails or create meeting events within their organizations or to other external parties in a manner that’s encrypted “before it reaches Google servers.”
The company is also making available a decrypter tool in beta for Windows to decrypt client-side encrypted files and emails exported via its Data Export tool or Google Vault. macOS and Linux versions of the decrypter are expected to be released in the future.
The development follows the rollout of CSE to other products such as Google Drive, Docs, Slides, Sheets, and Meet.
The solution, the tech behemoth said, is aimed at reducing the “burden of compliance” for enterprises and public sector organizations, ensuring that no third-party, including Google, can access confidential data.
The feature is globally available to Workspace Enterprise Plus, Education Standard, and Education Plus customers. It does not extend to personal Google Accounts.
It once again bears repeating that client-side encryption is different from end-to-end encryption (E2EE), as Google Workspace users with super administrator privileges can toggle the setting on/off and have control over the encryption keys created.
It’s also different from Pretty Good Privacy (PGP), which also provides the benefits of CSE via public-key cryptography but requires users to exchange keys with each party first before sending an email. To add to the complexity, it passes the burden of creating and managing the keys to the users.
The integration of CSE to Gmail is the newest addition after Google launched a confidential mode to help protect sensitive information from unauthorized access when sending messages and attachments.