Google's push to simplify email encryption
Add Axios as your preferred source to
see more of our stories on Google.
Google Workspace is rolling out a new encryption model designed to make sending secure emails with Gmail dramatically easier.
Why it matters: Google's new enterprise model will lift several of the burdens both IT teams and end users face when sending encrypted messages, including the need to manage certificates.
The big picture: Organizations in highly regulated industries are required to encrypt sensitive emails sent internally and to other businesses.
- However, current encryption protocols are clunky, hard to scale and frustrating for users, Neil Kumaran, a group product manager at Gmail Security, told Axios.
- IT managers typically have to rotate and assign new certificates, which act like digital IDs for email users.
- Recipients outside an organization usually need to set up a guest account or use a third-party service to receive messages.
Zoom in: Under the new protocol, IT administrators and users will no longer need to trade certificates or install a customer's software before sending a message. Gmail will handle that work behind the scenes.
- Gmail will start rolling out its new encryption model in beta to enterprise customers this week.
- In the coming weeks, that feature will expand to emails sent between any two Google Workspace Gmail users, no matter their workplace.
- Organizations will also continue to manage and store their own encryption keys, meaning Google can't access message contents.
How it works: End users can turn on encrypted messaging in their settings — or, if admins choose, it can be set as the default for specific groups, like legal or finance teams.
- Encrypted messages won't show preview text in recipients' inboxes, and they cannot be forwarded or downloaded.
Between the lines: Google built the new tool in close partnership with several customers, including a U.S. government agency that previously was printing out its materials and sending them via physical mail to avoid the hassle of setting up encryption, Kumaran said.
What's next: Later this year, Gmail in Google Workspace will introduce the ability to send end-to-end encrypted emails to users outside the Google ecosystem.
