Google is rolling out client-side encryption to Gmail and Calendar, which will allow users to create meeting events as well as send and receive emails that have been encrypted before being sent to Google servers. Client-side encryption will be available to organizations with Google Workspace Enterprise Plus, Education Standard, and Education Plus plans. All other types of Google Workspace accounts and personal Gmail accounts will not get client-side encryption.
Google enabled client-side encryption for Google Drive, Docs, Slides, Sheets, and Meet last year, so with the latest update, client-side encryption is now available across Workspace applications. Workspace administrators have to enable client-side encryption before users can use it.
Client-side encryption means the data is encrypted within the user’s browser before it is transmitted or stored on Google servers. Because the client-side decryption keys are created by a cloud-based key management service, an organization retains control over who has access to its data. For example, if there is a government request for Google Workspace data, Google will not be able to provide the information because Google doesn’t have the decryption keys. Adversaries would have to target the organization’s specific key to access the data. For some organizations, this level of control is necessary to meet regulatory compliance requirements.
Media giant Groupe Le Monde relies on client-side encryption across Workspace to ensure journalists’ safety by protecting communications, appointments, and files from potential leaks, said Ganesh Chilakapati, a Google Workspace group product manager, and Andy Wen, director of product management for Google Workspace Security, in a Google Workspace blog post.