On the 21st birthday of Gmail, Google has announced a major update that allows enterprise users to send end-to-end encrypted (E2EE) to any user in any email inbox in a few clicks.
The feature is rolling out starting today in beta, allowing users to send E2EE emails to Gmail users within an organization, with plans to send E2EE emails to any Gmail inbox in the coming weeks and to any email inbox later this year.
What makes the new encryption model – an alternative to the Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol – stand out is that it eliminates the need for senders or recipients to use custom software or exchange encryption certificates.
“This capability, requiring minimal efforts for both IT teams and end users, abstracts away the traditional IT complexity and substandard user experiences of existing solutions, while preserving enhanced data sovereignty, privacy, and security controls,” Google Workspace’s Johney Burke and Julien Duplant said.
The technology that powers E2EE emails is client-side encryption (CSE), which Google has already rolled out to Gmail and other services like Calendar, Drive, Docs, Slides, Sheets, and Meet.
Thus when an E2EE email is sent to another Gmail recipient, the message is automatically decrypted on the other end. In the case of a non-Gmail recipient (e.g., Microsoft Outlook), the Google email platform sends them an invitation to view the E2EE email in a restricted version of Gmail, which can be accessed via a guest Google Workspace account to securely view and respond to the message.
The fact that this is driven by CSE means that data gets encrypted on the client before it is transmitted or stored in Google’s cloud-based storage, thereby making it indecipherable to other third-party entities, including Google.
That said, one crucial difference between CSE and E2EE is that the clients use encryption keys that are generated and stored in a cloud-based key management service, thus allowing an organisation’s administrator to control the keys, revoke a user’s access to the keys, and even monitor encrypted files.
“First, at a structural level this approach offers more comprehensive encryption protection,” Burke and Deplane said. “It doesn’t matter who you send a message to, what email they are using, your message will be encrypted and you are in sole control. There’s just one set of keys, and you’re the only one who has them.”
“Second, it’s simple and easy to implement and use. It reduces friction for both IT teams and users, as no one has to be an encryption savant to make this work. It’ll save teams tons of time and money, and finally give them a path to what everyone craves: email encryption that is painless and just works.”
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
The Hacker News
