Security News

Google has announced the general availability of client-side encryption for Gmail and Calendar, months after piloting the feature in late 2022. The data privacy controls enable "Even more organizations to become arbiters of their own data and the sole party deciding who has access to it," Google's Ganesh Chilakapati and Andy Wen said.

Gmail client-side encryption is now generally available for Google Workspace Enterprise Plus, Education Plus, and Education Standard customers. The feature was first introduced in Gmail on the web as a beta test in December 2022, after being available in Google Drive, Google Docs, Sheets, Slides, Google Meet, and Google Calendar since last year.

We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning.

Google is trying to help enterprise and educational users of Gmail better secure their messages. Adding to the encryption already used by Google Drive, Google Meet, Google Docs, Google Sheets and Google Slides, the new Gmail encryption is designed to keep data private and confidential while at the same time meeting regulatory and compliance requirements for security.

Google has added client-side encryption for some email customers, allowing enterprise and education Gmail users to send and receive encrypted messages. It allows Gmail customers - not the cloud provider - to retain control over encryption keys, thus ensuring Google servers can't access the keys or decrypt customer data in the body of the email or delivered as an attachment.

Google on Friday announced that its client-side encryption for Gmail is in beta to its Workspace and education customers to secure emails sent using the web version of the platform. "Using client-side encryption in Gmail ensures sensitive data in the email body and attachments are indecipherable to Google servers," the company said in a post.

Google announced on Friday that it's adding end-to-end encryption to Gmail on the web, allowing enrolled Google Workspace users to send and receive encrypted emails within and outside their domain.The company says that the feature is not yet available to users with personal Google Accounts or Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Education Fundamentals, Frontline, and Nonprofits, as well as legacy G Suite Basic and Business customers.

The UK's Home Secretary - the minister in charge of policing and internal security - has been forced to apologize for breaching IT security protocols in government. On another occasion, she accidentally forwarded official documents to a Member of Parliament from her Gmail account because she did not have her phone with her.

Phishers taking advantage of Gmail's SMTP relay service to impersonate brands. It was recently found by cloud email security company Avanan that phishers have been exploiting Gmail's SMTP relay service since at least April.

Google's Threat Analysis Group has warned multiple Gmail users that they were targeted in phishing attacks conducted by a Chinese-backed hacking group tracked as APT31. "In February, we detected an APT31 phishing campaign targeting high profile Gmail users affiliated with the U.S. government," Google Threat Analysis Group's Director Shane Huntley revealed today.