Google plans to roll out end-to-end encryption (E2EE) of email to all users, even those who do not use Google Workspace, in the near future. The E2EE protocol is based on the exchange of certificates and is positioned as an alternative to S/MIME (Secure/Multipurpose Internet Mail Extensions), which is used in large organizations. The company assured that the encryption procedure will not complicate the lives of ordinary users and will not create an excessive burden on IT administrators.
Image source: Google
The way E2EE works is that client-side encrypted emails can be sent from corporate Gmail users to anyone. If the recipient is a Gmail user, no additional configuration is required, and the Gmail interface will display information about the new encrypted message.
If the recipient does not use Gmail, they will receive an email informing them that an encrypted message has arrived, which will include a link to re-authenticate their email account. Once authenticated, the recipient will have temporary access through a limited Gmail account to view and reply to the encrypted message.
Google noted that the entire process is comparable to granting access to a Workspace document to someone outside the company. IT administrators can require recipients to use restricted Gmail to view encrypted messages, allowing them to control access through policies and ensure that data is not stored on third-party servers.
An email containing a link with a request can be considered phishing. That’s why Google recommends in the warning above the link to click on it only if the recipient completely trusts the sender.
In cases where E2EE emails are sent to recipients who already have S/MIME configured, the encrypted email will arrive to the recipient as normal.
Image source: unsplash.com
«This capability, which requires minimal effort from both IT and end users, abstracts away the traditional complexity and non-standard user experience of existing solutions while maintaining improved data sovereignty, privacy, and security control,” Google said in a blog post.
The rollout of end-to-end encryption will occur in stages, starting today.
In addition to E2EE emails being the default for all end users, Google has launched a number of other features for Gmail, including classification labels that show the sensitivity level of each email. These labels will also inform new data loss prevention rules that IT administrators can set up to automatically handle emails based on the labels they assign.
Google has also added AI-powered tools to Gmail’s existing spam and phishing detectors, which in theory should reduce the number of malicious emails that slip through the filters.