Gmail and Google Calendar are the next services from Google to take advantage of client-side encryption. An option reserved only for Workspace customers, i.e. organizations and professionals. This type of encryption offers more security, since even Google does not have access to user data.
Credits: Unsplash // Kon Karampelas
Last year, Google enabled client-side encryption for Drive, Docs, Slides, Sheets, and Meet. Added to this list of services are Gmail and Calendar: a function reserved for Workspace customers.
Gmail and Google Calendar go for encryption
This is the media 9to5Google which reports the news: client-side encryption is available for all Workspace users on Gmail and Google Calendar. Service users (primarily businesses and schools) can control their encryption keys and manage who can access them. What is called “client-side encryption” is a cryptographic technique that encrypts a user’s data before it is transmitted to a server (here, those of Google). They can only be decrypted by the sender or by the receiver of said data, using a secret key.
Client-side encryption in Gmail // Source: 9to5Google
Emails sent, events added to the calendar, attachments, etc. all this data is encrypted before being sent to Google’s servers. This also works for an email with a recipient outside the organization. Until now, Workspace services already encrypted so-called “in-transit” data, and Google says it’s taking it to the next level with this “client-side encryption.”
Client-side encryption in Google Calendar // Source: 9to5Google
For example, in Gmail, one can find a padlock icon next to the recipient field when sending an email. There is now an option to enable “additional encryption”. In Google Calendar, this is materialized by a shield icon for the “description, attachments and video conferencing via Google Meet to benefit from additional encryption. »
Why Google is expanding data encryption
In its announcement blog post, Google states that “Extending client-side encryption capabilities across Google Workspace is helping to significantly reduce the compliance burden for businesses and public sector organizations. The company also relies on the fact that no one can access its customers’ data: neither it nor “foreign governments”. It is the users who have control of the keys and therefore of the data they produce.
This type of encryption is therefore available for Workspace Enterprise Plus, Education Standard and Education Plus customers. A way also for Google to reassure on the confidentiality of data when using its services, the brand may suffer from a bad reputation on this point.
To follow us, we invite you to download our Android and iOS application. You can read our articles, files, and watch our latest YouTube videos.
