Here is the rewritten content:
On Gmail’s 21st birthday, Google has introduced a significant update, enabling enterprise users to send end-to-end encrypted (E2EE) emails to any user, regardless of their email provider, with just a few clicks.
The feature, which is currently in beta, allows users to send E2EE emails to other Gmail users within their organization, with plans to expand to all Gmail inboxes in the coming weeks and other email providers later this year.
This new encryption model, an alternative to the Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol, eliminates the need for senders or recipients to use custom software or exchange encryption certificates, making it more user-friendly.
According to Google Workspace’s Johney Burke and Julien Duplant, “This capability requires minimal effort from both IT teams and end-users, abstracting away the traditional IT complexity and substandard user experiences of existing solutions, while preserving enhanced data sovereignty, privacy, and security controls.”
The technology behind E2EE emails is client-side encryption (CSE), which Google has already implemented in Gmail and other services like Calendar, Drive, Docs, Slides, Sheets, and Meet.
When an E2EE email is sent to another Gmail recipient, the message is automatically decrypted on the recipient’s end. For non-Gmail recipients, the Google email platform sends an invitation to view the E2EE email in a restricted version of Gmail, accessible via a guest Google Workspace account.
The fact that this is driven by CSE means that data gets encrypted on the client before it is transmitted or stored in Google’s cloud-based storage, making it indecipherable to other third-party entities, including Google.
However, it’s essential to note that there is a crucial difference between CSE and E2EE: the clients use encryption keys generated and stored in a cloud-based key management service, allowing an organization’s administrator to control the keys, revoke access, and monitor encrypted files.
According to Burke and Deplane, “First, this approach offers more comprehensive encryption protection. It doesn’t matter who you send a message to or what email they use; your message will be encrypted, and you are in sole control. There’s just one set of keys, and you’re the only one who has them.”
“Second, it’s simple and easy to implement and use. It reduces friction for both IT teams and users, as no one has to be an encryption expert to make this work. It’ll save teams tons of time and money and finally give them a path to what everyone craves: email encryption that is painless and just works.”
