This week, Google is rolling out a new encryption standard for Gmail as it approaches its 21st birthday on April 1. The aim? To move beyond the aging S/MIME standard for end-to-end encrypted email and simplify the whole process.
S/MIME, originally developed by RSA, allows for public-key encryption and signing of email data. While it’s useful, many email services don’t enable it by default. To use S/MIME, both the sender and recipient need to manage their own certificates, which can be a hassle. They have to check if they both set it up and exchange certificates before sending encrypted emails. This complexity often keeps encrypted emailing out of reach for many organizations.
According to Neil Kumaran from Google’s Gmail security team, IT admins face several challenges with encryption. They recognize a need to encrypt some of their data due to regulations or contracts, but implementing encryption across the email ecosystem is often riddled with difficulties. Even when they find solutions, gaps in security frequently remain. Many organizations end up using convoluted workarounds that lead to frustrating experiences.
Google wants to change that. Their new encryption model simplifies the process and lets users send fully encrypted messages to anyone, no matter which platform they use. “We’re creating a protective bubble for emails that feels automatic,” says Julian Duplant, a Gmail security product manager. With this model, organizations will control the encryption keys entirely, meaning Google won’t have access to the messages anymore.
Here’s how it works: Organizations will manage who can access encryption keys, which means they dictate who can decrypt messages. Google has also introduced a feature that allows organizations to create temporary accounts for external recipients, giving them access to encrypted messages while adhering to the organization’s rules.
If you’re sending an encrypted email to another Gmail user, they’ll automatically decrypt it based on those rules. If the recipient uses a different email provider, they’ll receive a notification about the encrypted message and can easily open a secure interface through their browser to read and respond. No more complicated certificate exchanges—it’s all streamlined.
For those still using S/MIME, Gmail will continue to support it. This new approach not only simplifies encryption but also improves security as organizations take back control over their email data.
Another significant advantage is data sovereignty. By allowing customers to control who accesses their email, Google helps them better comply with regulations and safeguard against unwanted data requests from governments. This tech is in beta for Gmail users now and will soon be available for sending encrypted emails to any inbox, not just Gmail. Interested organizations can sign up for the beta program right now.