Google Workspace brings client-side encryption to Gmail, Calendar apps

Google Workspace brings client-side encryption to Gmail, Calendar apps

Google today announced the latest security features, like client-side encryption (CSE) in the Gmail mobile apps, for enterprise Workspace customers and other corporate environments.

Gmail CSE

After adding on the web, CSE is coming to the Google Calendar, Gmail, and Meet mobile apps (in general availability). This means a company directly controls and manages encryption keys so that Google and other unintended parties cannot read text, hear audio, or see video. It’s meant for companies that deal with regulated or sensitive data.

In Docs, comments will be possible (in preview this year) with CSE, while support for viewing, editing, and converting Microsoft Excel files is being tested. Similarly, guest access support in Google Meet is coming, and admins will be able to mandate CSE for select organizational units.

Elsewhere on the digital sovereignty front, CSE users can select the country in which their encryption keys are stored. Google is expanding beyond letting customers choose the storage location of data at rest to where covered data is processed (US or EU). There will also be an option to “store a copy of their Workspace data in a country of their choice.”

Meanwhile, Google will use confidentiality-preserving AI models that can be “customized uniquely” for an organization to classify/label new and existing files in Drive. This data loss prevention (DLP) measure works automatically and continuously while allowing file owners to change labels as necessary.

Similarly, Workspace admins can require users to meet certain device location or security status requirements before being able to share sensitive content in Drive. Enhanced DLP controls are also coming to Gmail after launching in Chrome, Google Chat, and Drive.

On the security side, Google is making it so that changing certain sensitive actions, like changing 2FA, can require the approval of two Workspace admins for it to go into effect.

Additionally, taking sensitive actions in Gmail, like setting up email filtering or forwarding, will prompt Google to verify your identity again via 2SV to ensure that it’s really you and not a third-party that got access to your account.

Google will soon require “select administrator accounts of our resellers and largest enterprise customers” to enable 2-Step Verification. This is starting “later this year” and is similar to efforts with personal accounts.


Add 9to5Google to your Google News feed. 

FTC: We use income earning auto affiliate links. More.

Leave a Reply

Your email address will not be published. Required fields are marked *