Google Makes Sending Encrypted Emails Easier for Gmail Users
Google is making it easier for all Gmail users to send emails with end-to-end encryption (E2EE), something the company said “as historically a privilege reserved for organizations with significant IT resources, due to the complexity of S/MIME and proprietary solutions.”
The cloud giant this week said it was beginning a multi-step process for enabling Gmail users to protect messages with E2EE in just a few clicks, starting immediately with a beta allowing them to send such emails to Gmail users in their own organizations.
That will expand in the coming weeks to being able to send E2EE emails to any Gmail inbox, and later this year it will extend more to sending such messages to any email box.
“This capability, requiring minimal efforts for both IT teams and end users, abstracts away the traditional IT complexity and substandard user experiences of existing solutions, while preserving enhanced data sovereignty, privacy, and security controls,” Johney Burke and Julien Duplant, product managers with Google Workspace, wrote in a blog post.
Cutting Out the Complexity
Those complex and substandard offerings include the use of Secure/Multipurpose Internet Mail Extensions (S/MIME), a protocol that lets users send digitally signed and encrypted messages and that is primarily used for particularly sensitive emails sent by highly regulated organizations like government agencies and companies that work with them.
Google has used such technology by default in Gmail for data at rest and in transit.
“While more organizations have real needs for E2EE emails, few have the resources to implement S/MIME,” Burke and Duplant wrote. “IT teams need to acquire and manage certificates and deploy them to each user, resulting in additional efforts and costs. And end users have to figure out whether they and the recipient have S/MIME configured (few do), and then go through the hassle of exchanging certificates before the encrypted emails can be exchanged.
It’s a frustrating process that often means they can’t send encrypted emails, they wrote, adding that while there are proprietary options, there also are challenges with those. Encryption features from email providers involve encryptions keys that threaten data privacy and sovereignty while proprietary point products make the user experience more complex by involving custom applications, browser extensions, or portals.
A Few Clicks
Google’s effort gets rid of the need to exchange certificates or use custom software and instead protects the emails through encryption keys controlled by the user and unavailable to Google’s servers. In addition, IT teams don’t have to set up S/MIME or manage certificates.
If the recipient of the email is a Gmail user, the system sends an E2EE email that is automatically decrypted their inbox. If they’re not a Gmail user, the system gives the recipient the option of viewing the encrypted email in a restricted version of Gmail by using a guest Workspace account. When the recipient has S/MIME configured, Gmail sends the encrypted message though the protocol.
“IT teams also have the option to require all external recipients (even if they are Gmail users) to use the restricted version of Gmail,” Burke and Duplant wrote. “This helps ensure that their organization’s data does not end up stored on third-party servers and devices. It also makes it easier for organizations to protect their data by having the ability to apply security policies and revoke access to emails, no matter how long ago they were sent.”
Riding With CSE
The E2EE encryption capability is part of Google’s larger client-side encryption (CSE) control in Workspace that protects emails, documents, calendar events, and meetings via encryption keys. Data is encrypted on the client before its sent or stored in Google’s cloud storage. Google and third parties can’t read the data, which makes it easier for organizations to comply with regulations like HIPAA.
The new E2EE capability will touch a lot of people. There are about 1.8 billion people around the world who use Gmail – almost 31% of the global population – it ranks second behind Apple Mail as the most popular email client, and it’s the preferred email of more than 60% of SMBs. Workspace has more than 3 billion monthly users.
