Gmail strengthens security with client-side encryption

Gmail logo on desktop
(Image credit: Jay Bonggolto / Android Central)

What you need to know

  • Google announces client-side encryption for Gmail (for web) in beta.
  • It adds an extra layer of protection for sensitive data and attachments in an email.
  • Google Workspace Enterprise Plus, Education Plus, and Education Standard customers can apply for the beta until January 20, 2023.

Google announced that it is expanding its Google Workspace’s client-side encryption for Gmail through a new beta program.

The search giant’s proprietary client-side encryption (CSE) is already available for Google Drive, Google Docs, Sheets, Slides, Google Meet, and Google Calendar (beta). The company plans to expand it to Gmail for Google Workspace Enterprise Plus, Education Plus, and Education Standard customers. They are eligible to apply for the beta till January 20, next year, per the Google Workspace announcement post.

When utilized in Gmail, the CSE promises to make the sensitive data in the email body and attachments indecipherable to even Google and its servers. Google says that "consumers can retain control over encryption keys and the identity service to access those keys."

That said, there are some limitations to what is actually encrypted. According to a support page, the email header — including subject, timestamps, and recipients lists — is not encrypted. Some features are also not supported with client-side encryption, such as Smart compose, confidential mode, multi-send, emoji, and more. CSE is also only available on the mobile app for iOS and Android phones for now.

Still, it can be beneficial for organizations handling sensitive intellectual property. Those can include highly industry-regulated firms like defense, government, and financial firms.

Google says it will accept beta applications from businesses willing to try out the new CSE program over the next several weeks. After acceptance, the feature will be turned off by default for Admins. They can be enabled at the domain, OU, and Group levels by heading to Admin console > Security > Access and data control > Client-side encryption.

Gmail Client-side encryption

(Image credit: Google)

The end-users can add the CSE to any message sent internally or externally via Gmail by clicking the new padlock icon right next to Cc and Bcc tags. It showcases a new additional protection window featuring a "Turn on" button. Users can then send their sensitive data in the body and attachments after enabling the feature and stay protected.

Vishnu Sarangapurkar
News Writer

Vishnu works as a freelance News Writer for Android Central. For the past four years, he's been writing about consumer technology, primarily involving smartphones, laptops, and every other gizmo connected to the Internet. When he is away from keyboard, you can see him going on a long drive or chilling on a couch binge-watching some crime series.