Skip to main content

Google Workspace brings client-side encryption to Gmail, Calendar apps

Google today announced the latest security features, like client-side encryption (CSE) in the Gmail mobile apps, for enterprise Workspace customers and other corporate environments.

Gmail CSE

After adding on the web, CSE is coming to the Google Calendar, Gmail, and Meet mobile apps (in general availability). This means a company directly controls and manages encryption keys so that Google and other unintended parties cannot read text, hear audio, or see video. It’s meant for companies that deal with regulated or sensitive data.

In Docs, comments will be possible (in preview this year) with CSE, while support for viewing, editing, and converting Microsoft Excel files is being tested. Similarly, guest access support in Google Meet is coming, and admins will be able to mandate CSE for select organizational units.

Elsewhere on the digital sovereignty front, CSE users can select the country in which their encryption keys are stored. Google is expanding beyond letting customers choose the storage location of data at rest to where covered data is processed (US or EU). There will also be an option to “store a copy of their Workspace data in a country of their choice.”

Meanwhile, Google will use confidentiality-preserving AI models that can be “customized uniquely” for an organization to classify/label new and existing files in Drive. This data loss prevention (DLP) measure works automatically and continuously while allowing file owners to change labels as necessary.

Similarly, Workspace admins can require users to meet certain device location or security status requirements before being able to share sensitive content in Drive. Enhanced DLP controls are also coming to Gmail after launching in Chrome, Google Chat, and Drive.

On the security side, Google is making it so that changing certain sensitive actions, like changing 2FA, can require the approval of two Workspace admins for it to go into effect.

Additionally, taking sensitive actions in Gmail, like setting up email filtering or forwarding, will prompt Google to verify your identity again via 2SV to ensure that it’s really you and not a third-party that got access to your account.

Google will soon require “select administrator accounts of our resellers and largest enterprise customers” to enable 2-Step Verification. This is starting “later this year” and is similar to efforts with personal accounts.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Abner Li Abner Li

Editor-in-chief. Interested in the minutiae of Google and Alphabet. Tips/talk: abner@9to5g.com

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications