Google announced on Friday that it is adding end-to-end encryption (E2EE) to Gmail on the web, allowing registered Google Workspace users to send and receive encrypted emails indoors and out. of their domain.

Client-side encryption (as Google calls E2EE) was Already available for Google Drive, Google Docs, Sheets, Slides, Google Meet, and Google Calendar (Beta) users.

Once enabled, Gmail’s client-side encryption ensures that sensitive data provided as part of the email body and attachments cannot be decrypted by Google servers.

“With Google Workspace’s client-side encryption (CSE), content encryption is handled in the client’s browser before the data is transmitted or stored in Drive’s cloud-based storage,” Google said. explained on its support site.

“This way, Google servers cannot access your encryption keys and decrypt your data. After setting up CSE, you can choose which users can create client-side encrypted content and share it internally or externally.”

They can request the beta until January 20, 2023, by submitting their Gmail CSE beta test app which should include the email address, project ID, and domain of the test group.

The Gmail E2EE beta is currently available for Google Workspace Enterprise Plus, Education Plus, and Education Standard customers.

The company says the feature is not yet available to users with personal Google accounts or Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Education Fundamentals, Frontline, and Nonprofits, as well as alumni. G Suite Basic and Business customers. .

After Google responds by email that the account is ready, administrators can set up Gmail CSE for their users by going through the following procedure to configure their environment, prepare S/MIME certificates for each user in the test group, and configure the key service and identity provider.

​The feature will be disabled by default and can be enabled at the domain, OU, and group level by going to Admin Console > Security > Access & Data Control > Client-Side Encryption.

Once enabled, you can enable E2EE for any message by clicking the lock icon next to the Recipients field and clicking “Enable” under the “Additional Encryption” option.

You can then compose your Gmail message and add attachments as you normally would.

“Google Workspace already uses the latest cryptographic standards to encrypt all data at rest and in transit between our facilities,” Google said. added.

“Client-side encryption helps strengthen the privacy of your data while helping to meet a wide range of data sovereignty and compliance needs.”