Google announced that it has expanded end-to-end encryption support for Gmail. Users with a Google Workspace Enterprise Plus account and the Assured Controls add-on can now send secure messages to recipients with different email providers through Gmail.
How Does Gmail End-to-End Encryption Work?
Gmail previously encrypted data transmissions using TLS. With the new system, the encryption process occurs directly in the user’s browser. This protects email content, attachments, and images before they reach Google’s servers. However, the email header, subject line, and recipient information are not included in this additional layer of security.
With the new system, recipients no longer need to share an S/MIME certificate, and users using providers other than Gmail can also receive secure messages. The recipient of the encrypted email cannot directly view the content. They receive a notification in their inbox, and the link in the notification redirects them to Google’s secure portal. A temporary Google guest account is created in the portal. After verifying their email address, the user can access the message content by entering the code sent to them.
When composing a new email, users can see the “Message Security” option in the bottom right corner of the window. To enable security, enable the “Additional Encryption” section. If encryption is not enabled before starting to write, the existing draft will be deleted and a new window will open. Therefore, it is crucial for users to enable the encryption option from the outset.
Another point for company administrators to note is that the feature is disabled by default. To send end-to-end encrypted emails to external recipients, the setting must be enabled at the organizational unit and group level.
{{user}} {{datetime}}
{{text}}