Google he said on Friday that the new Client-side Encryption function as a Beta for the web version of the Gmail service. During the Beta version, access to the feature will be limited to selected Enterprise and Education customers.
Client-side Encryption will protect email messages, the message body and attachments, from being accessed by unauthorized parties. Emails protected with client-side encryption are stored "unencrypted on Google's servers" and third parties that "listen" to network traffic. Gmail, by default, uses TLS encryption.
Customers can set their own encryption keys according to Google to encrypt data. The security feature is already available for select Google services, such as Google Drive, Google Meet and Google Calendar (also in Beta).
The data will be encrypted in the local browser before it is transferred or stored by Google in the cloud. Google servers do not have access to the data, as the encryption key will only be available on the user system.
The email header, including the email subject and recipients, will not be encrypted by the feature.
Client-side encryption is currently only available to Google Workspace Enterprise Plus, Education Plus, and Education Standard customers. Those customers can apply for the beta until January 20, 2023, according to Google. The feature will not be available in all other Google Workspace plans, legacy Google Suite customers, and personal Google Accounts.
The security feature is disabled by default and should be enabled at the “domain, OU, and Group levels” using the admin console. It is located under Security > Access and data control > Client-side encryption or Security > Access and data control > Client-side encryption.
End users should enable the lock icon when composing a message to enable the encryption feature. The GIF below shows the functionality.
Emails that are encrypted will show “encrypted message” under the sender's name in Gmail. Opening the email may prompt the user to log in with authentication. Once completed, the email content will be decrypted.
Google published a support document which provides more details on implementing client-side encryption for Google Workspace administrators.