Google creates new email encryption model: Google took a different approach and created a new model that no longer requires complex user certificate management or exchanging keys with external organizations to decrypt messages.Google’s new E2EE Gmail implementation relies on the existing client-side encryption (CSE) feature in Google Workspace, which allows customers to use their own encryption keys to encrypt files and emails on the client-side before they are stored on Google’s servers. This feature allows organizations to control the identity provider used to grant access to the encryption keys and the third-party key management service used to store them.In its new integration with Gmail, currently available in beta, customers can choose from the regular Gmail message compose web interface if they want to encrypt the message. For now, the feature only works between Gmail users who are members of the same organization, but over the coming weeks, it will be enabled for all Gmail recipients, both enterprise and personal accounts.Later this year, when the feature is fully implemented, Workspace users with E2EE enabled will be able to send encrypted messages to any external email users. Instead of the message, recipients will receive a link that, when clicked, will take them to a restricted version of Gmail where they need to authenticate with the organization’s chosen identity provider to view the decrypted message. External users will also be able to reply within the same restricted Gmail interface.
Restricted view allows for more control: By default, Gmail users won’t have to go through this restricted Gmail experience, and emails will automatically decrypt when they arrive in their inbox if they are the intended recipients. However, administrators can choose to enforce the restricted Gmail view for everyone, including Gmail users, to ensure sensitive communications are not downloaded locally on third-party servers or devices.Because this option requires authentication with an approved account and identity provider, organizations can easily revoke access and apply additional security policies. Google describes this experience as similar to a shared document stored in Google Drive.”At a structural level, this approach offers more comprehensive encryption protection,” Julien Duplant, product manager at Google Workspace, told CSO. “It doesn’t matter who you send a message to or what email they are using; your message will be encrypted, and you are in sole control. There’s just one set of keys, and you’re the only one who has them.”
First seen on csoonline.com
Jump to article: www.csoonline.com/article/3952075/google-adds-end-to-end-email-encryption-to-gmail.html
