Google just announced that end-to-end encryption (E2EE) is now available for Gmail for business users. According to Google's official announcement, this new feature is being rolled out more broadly after a beta phase and is now accessible to all Google Workspace customers using Gmail on the web. The goal? Help organizations protect sensitive data in email messages, even from Google itself.
The Verge covered the announcement as well, explaining how Google is extending encryption options to more enterprise users. Users can now toggle encryption settings on a per-message basis when composing an email, assuming that the feature has been enabled for a given instance of Google Workspace.
The folks over at Ars Technica dig a bit deeper and point out that this isn’t true E2EE in the traditional sense. Admins still have access to encryption keys. And while Gmail and Google servers might not be able to see the content of the email, your organization’s IT team certainly can. That’s not quite the fully locked-down privacy promised by tools like ProtonMail or PGP.
Also: “When the recipient is not a Gmail user, Gmail sends them an invitation to view the E2EE email in a restricted version of Gmail. The recipient can then use a guest Google Workspace account to securely view and reply to the email.” Meaning that external non-Gmail recipients have to rely on Google to be able to verify themselves, decrypt and display the contents.
Wizard level security nerds (something I most definitely am not) may potentially take issue with this functionality based on both key management and external recipient limitation issues. But, if you're an enterprise Gmail user, this might be a useful tool in your compliance or security toolkit — especially for internal comms or regulated industries. Just be careful to note potential limitations.
For those of us in the deliverability or authentication space, it’s worth being aware of this functionality, in case of future effects on things like message processing, headers, and content visibility for spam filtering. At first glance, it looks like this only impacts content encryption — meaning most mail flow and anti-spam tools should still function normally. I think. Let's keep an eye on it together, shall we?
Google just announced that end-to-end encryption (E2EE) is now available for Gmail for business users. According to Google's official announcement, this new feature is being rolled out more broadly after a beta phase and is now accessible to all Google Workspace customers using Gmail on the web. The goal? Help organizations protect sensitive data in email messages, even from Google itself.
The Verge covered the announcement as well, explaining how Google is extending encryption options to more enterprise users. Users can now toggle encryption settings on a per-message basis when composing an email, assuming that the feature has been enabled for a given instance of Google Workspace.
The folks over at Ars Technica dig a bit deeper and point out that this isn’t true E2EE in the traditional sense. Admins still have access to encryption keys. And while Gmail and Google servers might not be able to see the content of the email, your organization’s IT team certainly can. That’s not quite the fully locked-down privacy promised by tools like ProtonMail or PGP.
Also: “When the recipient is not a Gmail user, Gmail sends them an invitation to view the E2EE email in a restricted version of Gmail. The recipient can then use a guest Google Workspace account to securely view and reply to the email.” Meaning that external non-Gmail recipients have to rely on Google to be able to verify themselves, decrypt and display the contents.
Wizard level security nerds (something I most definitely am not) may potentially take issue with this functionality based on both key management and external recipient limitation issues. But, if you're an enterprise Gmail user, this might be a useful tool in your compliance or security toolkit — especially for internal comms or regulated industries. Just be careful to note potential limitations.
For those of us in the deliverability or authentication space, it’s worth being aware of this functionality, in case of future effects on things like message processing, headers, and content visibility for spam filtering. At first glance, it looks like this only impacts content encryption — meaning most mail flow and anti-spam tools should still function normally. I think. Let's keep an eye on it together, shall we?
Comments
Post a Comment
Comments policy: Al is always right. Kidding, mostly. Be polite, please and thank you.