Businesses may test client-side encryption for Gmail thanks to Google.
- For select Workspace customers, the long-promised feature has entered beta.
- Personal accounts won't likely get it any time soon.
- A few features are sacrificed in exchange for the added privacy.
Businesses may now apply to test out Google's client-side encryption for Gmail, which is designed to render 'critical data' and attachments inaccessible even to Google. In a blog post published on Friday, the business announced the beta, for which Workspace admins can sign up until January 20.
Users of a workspace will have an additional option when using the web version of Gmail once the feature has been enabled and set up for them. They can choose to enable more encryption for the message by clicking on a padlock, albeit doing so will prevent them from using Smart Compose, adding a signature, or using emoji.
Client-side encryption will be enabled to Google's Gmail app for Android and iOS 'in a future update,' the company said. The ability for users to encrypt messages will be controlled by their administrators, who in most cases will be the organisations they work for.
However, the feature is not just for use in intra-office communications. According to a Google help article, you'll be able to send encrypted emails 'outside of your domain' and even to users who use other email clients or services, such those from Microsoft or Apple, said Google spokesperson Ross Richendrfer.
This is so because S/MIME, an existing email standard, forms the foundation of CSE for Gmail. For a very long time, Google has been working on enhancing Gmail's encryption. Although client-side encryption isn't quite the same thing, there were rumours that the company was working on end-to-end encryption for the service in 2014.
Google's client-side implementation gives administrators control over the keys and enables them to 'monitor users' encrypted files,' according to a help document from the company explaining the distinction between the two types of encryptions. Encryption and decryption always take place on the source and destination devices when using either method.
