Client-Side Encryption Comes To Gmail As Google Dials In Tighter Security
On Friday, the Mountain View, California-based company announced that it would be expanding access to client-side encryption for Gmail. This means that data contained in the email body and any attachments are “indecipherable to Google servers.” So effectively, Gmail users will have full control over their data and content, provided they maintain control of their encryption keys and the service used to access them.
To sign up for the client-side encryption capability, Google Workspace Enterprise Plus, Education Plus, and Education Standard can all apply to the beta before the cutoff of January 20th, 2023. In any event, this is only an added layer of security as Google already encrypts data in transit and at rest between and at Google facilities, respectively.
Of course, this new addition will likely get some pushback from law enforcement agencies akin to the FBI’s concern with iCloud backups. However, what Google is doing is nothing terrifically new, as email providers like ProtonMail have always offered client-side encryption if that is something you desire. Therefore, there likely won’t be any real teeth behind any pushback, and the additions will only benefit consumers.
At the end of the day, we are excited to see enhancements to personal privacy and security through encryption. Defense in depth is a common cybersecurity strategy used to protect data, personal information, and assets, which can be extended to include any data you might have in an email. Therefore, Google’s addition of client-side encryption adds another layer to that strategy, only strengthening the controls consumers have over their data and its security.