U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Google Gmail client-side encryption is available globally

Gmail client-side encryption (CSE) is now available for Workspace Enterprise Plus, Education Plus, and Education Standard customers. Google announced that Gmail client-side encryption (CSE) is now available for all Google Workspace Enterprise Plus, Education Plus, and Education Standard customers. In December, Google announced end-to-end encryption for Gmail (E2EE), with Gmail client-side encryption beta users can […]

Gmail client-side encryption 2

Gmail client-side encryption (CSE) is now available for Workspace Enterprise Plus, Education Plus, and Education Standard customers.

Google announced that Gmail client-side encryption (CSE) is now available for all Google Workspace Enterprise Plus, Education Plus, and Education Standard customers.

In December, Google announced end-to-end encryption for Gmail (E2EE), with Gmail client-side encryption beta users can send and receive encrypted emails within their domain and outside of their domain. 

Google E2EE was already available for users of Google Drive, Google Docs, Sheets, Slides, Google Meet, and Google Calendar (beta).

The client-side encryption in Gmail on the web was initially available in beta for Google Workspace Enterprise Plus, Education Plus, and Education Standard customers.

Using end-to-end encryption for Gmail will make sensitive data in the email body and attachments from indecipherable to Google servers.

Google Workspace Client-side encryption (CSE) allows handling content encryption in the client’s browser before data is transmitted or stored in Drive’s cloud-based storage.

The company pointed out that it can’t access users’ encryption keys.

End users can add client-side encryption to any message by clicking the lock icon and select additional encryption.

“Client-side encryption takes this encryption capability to the next level by ensuring that customers have sole control over their encryption keys—and thus complete control over all access to their data. Starting today, users can send and receive emails or create meeting events with internal colleagues and external parties, knowing that their sensitive data (including inline images and attachments) has been encrypted before it reaches Google servers.” reads the announcement published by the company.

The move to expand CSE capabilities across Google Workspace will give organizations more confidence that any third party, including Google and foreign governments, cannot access their confidential data.

“Users can continue to collaborate across other essential apps in Google Workspace while IT and security teams can ensure that sensitive data stays compliant with regulations.” continues the announcement. “As customers retain control over the encryption keys and the identity management service to access those keys, sensitive data is indecipherable to Google and other external entities.”

Users can enable “additional encryption” by clicking the lock icon next to the Recipients field.

Gmail client-side encryption 2

The Gmail client-side encryption (CSE) will be off by default, but admins can turn on the feature from Admin console > Security > Access and data control > Client-side encryption.

The company published a guide to “Set up organization for Gmail client-side encryption“.

“The company says the feature is not yet available to users with personal Google Accounts, as well as for Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Education Fundamentals, Frontline, and Nonprofits, or legacy G Suite Basic and Business customers.

“While each customer’s digital transformation journey is different, with all essential Google Workspace apps now being covered by CSE, companies of all sizes in all industries can benefit from these protections.” concludes Google.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Google Gmail client-side encryption)