Google is updating Gmail to permit enterprise customers to ship encrypted messages to any inbox in only a few clicks. Google says it’s developed a brand new encryption mannequin that, in contrast to the present encryption characteristic on Gmail, doesn’t require senders or recipients to make use of customized software program or change encryption certificates.
The characteristic is rolling out in beta beginning at the moment, and can initially be accessible for Google enterprise customers to ship encrypted emails to different Gmail customers throughout the similar group. Google says this can develop to emails despatched to any Gmail inbox “within the coming weeks,” and to inboxes from any third-party e-mail supplier “later this 12 months.”
Gmail’s present encryption characteristic, primarily based on the Safe/Multipurpose Web Mail Extensions (S/MIME) protocol, can already be used to ship exterior emails. Doing so requires the recipient to have S/MIME configured and full a number of steps with the sender earlier than emails might be securely exchanged, nonetheless.
The brand new course of will enable Gmail customers to easily toggle on “further encryption” within the e-mail draft window to ship an encrypted message. Non-Gmail recipients with out S/MIME will then be supplied a hyperlink to signal right into a visitor Google Workspace account to securely view and reply to the e-mail in a restricted model of Gmail. If the recipient already has S/MIME configured then Gmail will ship the message by way of the S/MIME course of it presently makes use of. Emails to each enterprise and private Gmail accounts can be mechanically decrypted within the recipient’s inbox.
The encryption supplied utilizing this new system is greater than the usual Transport Layer Safety Gmail makes use of by default on all emails, however we should always word that this isn’t technically end-to-end encryption (E2EE), even when that’s what Google is asking it. The up to date functionality is powered by client-side encryption, which provides workspace directors management over encryption keys, permitting them to revoke person entry and “monitor person’s encrypted recordsdata,” in keeping with Google’s assist web page.
