Google Workspace has expanded its client-side encryption to Gmail and Google Calendar for users of Workspace Enterprise Plus, Education Standard and Education Plus, Google announced on Tuesday. This gives admins who use these products more control over their organization’s data and how it is secured.
SEE: Google Workspace vs. Microsoft 365: A side-by-side analysis w/checklist (TechRepublic Premium)
This new security measure for Gmail and Calendar was already in place for Google Drive, Docs, Slides, Sheets and Meet. It has been in beta since June 2021 for users of Google Workspace Enterprise Plus and Google Workspace Education Plus.
What does client-side encryption for Gmail and Calendar do?
Client-side encryption allows admins to use their own encryption keys to secure their data, giving them direct control over the keys and the identity provider who gives access to them. The information is encrypted before it gets to Google servers. Information protected this way can be made indecipherable to external entities, including Google.
Client-side encryption for Google Workspace is now available for the following:
- Google Drive for web browser, Drive for Desktop (non-Google file formats only), and Drive on Android and iOS mobile apps (view-only for non-Google file formats).
- Gmail for web browser only.
- Google Calendar for web browser, and Calendar on Android and iOS mobile apps in beta.
- Google Meet for web browser only.
Google has partnered with four key access service providers: FlowCrypt, Futurex, Thales and Virtru. Organizations can also use their own proprietary key services via Google’s key access service API. First, admins will need to set up key access service with one of the participating providers or with the Google Workplace CSE API.
Client-side encryption for Gmail applies to sent and received emails and meeting invitations, including inline images and attachments; it’s also a factor in some data sovereignty and compliance requirements. Users will see a lock icon on their email composition window; clicking it shows an option to add “additional encryption”.
SEE: Data governance checklist for your organization (TechRepublic Premium)
Google expects to add client-side encryption support for Gmail Android and iOS mobile apps at a later date. They also plan to bring Meet on Android, iOS mobile apps and meeting room hardware into the fold in a later release.
Google Workspace takes regulations into account
Some of Google’s major enterprise customers, including Groupe Le Monde, PwC and Verizon, are subject to shifting regulatory requirements, which may have encouraged Google to push client-side encryption through.
“These features now being available across Google Workspace represents a pivotal moment for us. We’re enthusiastic about the ability to continue to benefit from the efficiency of work that Workspace provides us with, whilst at the same time maintaining trust with our customers that their confidential data will stay private and compliant,” said Shaun Bookham, UK operations & technology director at PwC.