Google says client-side encryption (CSE) is now generally available for Gmail after it enabled the feature on Drive, Docs, Slides, Sheets and Meet last year and in Calendar earlier this month. The company opened a CSE beta for Gmail and Calendar late last year, but now all organizations on a Google Workspace Enterprise Plus, Education Plus or Education Standard plan can enable the privacy protection feature. The option isn’t available on personal Workspace plans or Google accounts just yet.
Although Workspace “encrypts data at rest and in transit by using secure-by-design cryptographic libraries,” CSE gives organizations total control over their encryption keys. “Starting today, users can send and receive emails or create meeting events with internal colleagues and external parties, knowing that their sensitive data (including inline images and attachments) has been encrypted before it reaches Google servers,” Google wrote in a blog post.
Workspace admins will need to enable CSE, which is off by default. Once it’s enabled for your organization, you can add CSE to any message in Gmail by clicking the lock icon on the right side of the “To” field and turning on the “Additional encryption” option. The compose panel will turn blue and may read “New encrypted message.” Meanwhile, in Calendar, you can click the shield icon next to an event title to add “additional encryption” to the description, attachments and Google Meet call.
Encrypting the likes of Drive files and Calendar events is certainly welcome, but CSE protections may be most effective in Gmail. Organizations are perhaps more likely to send emails externally than share files or calendar invites with third-parties, after all. In any case, Google says that all essential Workspace apps are now covered by CSE.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission. All prices are correct at the time of publishing.