By applying for a beta, Google Workspace admins can now enable client-side encryption to help secure work emails even more than before.
Select Google Workspace admins with a compatible paid plan now have another extra way to secure Gmail for their end-users. That’s because Google recently announced client-side encryption in beta for Gmail on the web, through a beta program that will run until January 20, 2023.
This new beta brings security in the (sometimes more important) Gmail suite to a whole new level. Gmail already allowed for encrypting data at rest and in transit as it moves between Google’s servers, but client-side encryption is more secure and better for regulatory compliance. Both within the company domain, and outside the domain, email body and attachments, and inline images will now be fully encrypted on both the receiving and sending ends. Header in emails, including the subject, time stamps, and recipients, though, will not. Note that this only applies to Google Workspace Enterprise Plus, Education Plus, and Education Standard edition plans, however, consumer accounts on personal Google Accounts won’t see this feature.
Of course, for this to work, all recipients will need to have enabled the client-side encryption first and have the feature turned on, as well as valid certificates. At the moment, it is up to IT admins to do that by applying for the beta program. Once the admin enables it on Google Workspace, you can click on the right corner of the email compose box, and choose Message security. From there, under additional encryption users can pick the Turn on option and send the message as usual, or sign in to an identity provider. Those who receive the encrypted message will see the encrypted message below the originals enders name and will be prompted to sign in to the identity provider to decrypt in Gmail.
IT admins interested in the feature can visit Google’s support page for assistance. Once an organization is entered into the beta, the feature will be off by default. It can be enabled at the domain, OU, and Group levels if need be.
Source: Google
