Google announced the general availability of client-side encryption (CSE) for Gmail and Calendar, months after piloting the feature in late 2022.
Google’s Ganesh Chilakapati and Andy Wen said data privacy controls “enable more organizations to become arbiters of their own data and the sole party deciding who has access to it.” said.
To do so, users can send and receive emails and create meeting events within the organization or with other external parties in an encrypted manner “before it reaches Google servers.”
The company also offers a decryption tool in beta for Windows that decrypts client-side encrypted files and emails exported via the Data Export Tool or Google Vault. macOS and Linux versions of the decryptor will be released in the future.
Development will follow the rollout of CSE to other products such as Google Drive, Docs, Slides, Sheets and Meet.
The solution aims to reduce the “compliance burden” for businesses and public sector organizations, and to prevent third parties, including Google, from accessing sensitive data, the company said.
This feature is available globally to Workspace Enterprise Plus, Education Standard, and Education Plus customers. It does not apply to personal Google accounts.
Let me reiterate that client-side encryption is different from end-to-end encryption (E2EE). This is because Google Workspace users with Super Admin privileges can turn the setting on or off and control the encryption keys that are created.
It is also different from PGP (Pretty Good Privacy). PGP also offers his CSE benefits via public key cryptography, but users must first exchange keys with each party before sending email. To further complicate things, it shifts the burden of key creation and management to the user.
CSE’s integration into Gmail is the latest feature after Google launched Confidential Mode to protect sensitive information from unauthorized access when sending messages and attachments.
