Google on Tuesday announced that enterprise users can now send end-to-end encrypted (E2EE) email messages to Gmail inboxes within their organization.
Currently rolling out in beta, the capability will soon allow enterprise users to send E2EE emails to any Gmail inbox, and then to any inbox, by the end of the year.
The improved security measure, the internet giant explains, is an alternative to the Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol, which requires the acquisition, management, and per-user deployment of certificates to use.
“And end users have to figure out whether they and the recipient have S/MIME configured (few do), and then go through the hassle of exchanging certificates before the encrypted emails can be exchanged,” Google notes.
While other alternatives to S/MIME exist, they also require the sharing of encryption keys or complex resources, impacting the user experience and adding burden to the IT staff.
Google says its approach significantly simplifies things by allowing the use of E2EE for any message, regardless of its recipient, using encryption keys controlled by the organization, without the need for additional resource investment, such as S/MIME setup or certificate management.
Messages sent to Gmail inboxes are automatically decrypted and made available to the recipients. If sent to a different email service, the recipient will receive an invitation to view the message in a restricted version of Gmail, and offered the option to use a guest Google Workspace account to interact with it.
If the recipient’s email service has S/MIME configured, Gmail will deliver the E2EE message using this protocol.
“IT teams also have the option to require all external recipients (even if they are Gmail users) to use the restricted version of Gmail. This helps ensure that their organization’s data does not end up stored on third-party servers and devices,” Google explains.
The new feature, the internet giant says, leverages client-side encryption (CSE), a Workspace technical control that allows organizations to safeguard emails, documents, and other resources using encryption keys they control and store outside of Google’s infrastructure.
“Data gets encrypted on the client before it is transmitted or stored in Google’s cloud-based storage, rendering it indecipherable to Google and other third-party entities and helping to meet regulatory requirements, such as data sovereignty, HIPAA, and export controls,” Google explains.
On Tuesday, Google also announced the general availability of several security features in Gmail, including CSE default mode, data loss prevention (DLP), message classification labels, and a new threat protection AI model.
Related: Zoom Adding Post-Quantum End-to-End Encryption to Products
Related: Meta Makes End-to-End Encryption a Default on Facebook Messenger
Related: Google Now Lets US Users Search Dark Web for Their Gmail ID
Related: Google Workspace Client-Side Encryption Now Generally Available in Gmail, Calendar
