In order to safeguard emails sent via the online version of the platform, Google on Friday revealed that client-side encryption for Gmail is in beta testing for its Workspace and school users.
This innovation comes at a time when worries about online privacy and data security are at an all-time high, and people who value the safety of their personal data are certain to applaud it.
In order to participate in the beta programme, customers of Google Workspace Enterprise Plus, Education Plus, and Education Standard may apply until January 20, 2023. Personal Google Accounts cannot access it.
The business wrote in a blog post that "client-side encryption in Gmail ensures sensitive data in the email body and attachments are indecipherable to Google servers." The identification service to access encryption keys remains under the hands of the customer.
It's crucial to understand that end-to-end encryption is different from the additional security Gmail is offering.
As the name suggests, client-side encryption is a method for securing data that is at rest. It enables enterprises to use their own cryptographic keys to encrypt data on Google services. Keys generated and managed by a key management service that is located in the cloud are used to decrypt the data on the client side.
In order to use Google's new feature, administrators must either create their own service using the company's client-side encryption API or set up an encryption key service through one of the company's partner services, which are provided by Flowcrypt, Fortanix, Futurex, Stormshield, Thales, or Virtru.
This indicates that nobody, not even the server or service provider, will be able to access the data without authorization. However, even if the keys were created by the user themselves, the organisation or administrator retains control over them and can monitor users' encrypted data or cancel a user's access to the keys.
On the other hand, end-to-end encryption (E2EE) is a communication technique in which data is encrypted on the sender's device and can only be unlocked by the recipient's device using a secret key that is shared between the two parties.
The new feature, which is now only available in web browsers, enables users to send and receive encrypted emails both inside and outside of their domains. The subject and recipient lists are not encrypted, but the email content and attachments, including inline images, are. Other Google products outside Gmail also have client-side encryption enabled. The internet behemoth made the same feature available for Google Meet and Google Drive earlier this August. On November 11, 2022, a similar test for Google Calendar came to an end.
It's important to note that client-side encryption is supported by Google Drive apps for PC, Android, and iOS. In a future update, Meet and Calendar mobile apps will both include the capability, according to Google.
The company continued, "Client-side encryption helps reinforce the confidentiality of your data while helping to address a wide range of data sovereignty and compliance concerns.Interested in the article? For access to more of our posted unique material, follow us on LinkedIn and Twitter.
No comments:
Post a Comment