Google is this week unveiling an enhanced client-face encryption (CSE) Standard across its widely-used gmail service-which marks its 21ST Birthday on 1 April-That It Hopes may render the long-in-the-tooth Secure/Multipurpaose Internet Mail Extensions (S/mime) Standard for End-to-Ed Encrypted Email (E2EE) obsolete once and for all.
S/Mime is used for public-key encryption and signing of mime data and was originally developed by Rsa many years ago. Today, Although S/Mime Functionality is widely used, it is not allays enabled by default for most email services and it only works when sent and receiving parties meet the standard.
This is beCAuse Bot It Teams Need to Acquire and Manage The Needed Certificates and Deploy Them to Each User, Added to which users then have to have to have ut whether they and the recipient have s/mime set set up and thehan exchan Certificates before they can exchange encrypted emails.
And While Alternatives Such as Built-in Features from Email Providers or Point Solutions Exist EXISTS EXIST, they suffer from similar drawbacks.
To google's mind, this limits the use of e2ee to organizations that have significant it resources to call on and strong use cases for sending encrypted mail, and even next next next next do using Workarounds that create fragmented, limited and sub-optimal experiences for everything involved.
“When you talk to any it admins, they'll tell you a few things about encryption,” said neil kumaran, group product manager for gmail seconds at Google. “First, they will probally tell you that for some subset of their data, they need to be full encrypted in some way – usually believe of regulatory obligation and maybe succual obligation.
“The second thing they'll tell you is that current state of encryption is super hard to implement account Are usually holes in their encryption posture.
Google said its solution to this effectively democraties encryption while requires minimal effort for bot it teams and users, abstracting away old headaches associat Enhancing Data Control, Privacy and Sovereignty.
New model
Google's solution is a new encryption model that it said removs the need for complex certification requires or complex admin rights and enables users to send full-encyged message to any user Any platform.
“The idea is that we are creating sort of a protective bubble for emails that feels automatic to the point that it is just feels like Normal Email,” Julian Duplant, Gmail Security Pruduct Manage, Told Computer weekly. “We've created a service that makes the organisations that use this functionality within the total gatekeeper for that data.”
With the new bubble technology, google said it is the first putting control of the certificates, or keys, needed to encrypt or decrypt messages into the Hands of its customers, RLINQUISING OWN Ability to access the messages for good.
Second, it is giving them control of the user directory that decides who have access to the keys.
Third, it has created a new guest functionality where customers can automatically generate temporary accounts in their Organization for External Recipients to access and decrypt the message Subject to the Customer Rules.
“What that looks like as a functionality is, if you sending to a recipe Organization's rules. [But] If the Organization is any other email provider in the world, they're going to receive is an email notification saying saying Julian has sent you an encrypted message, click here to read it, “Said Duplant.
“When the user clicks that message, the browser will open and they will see a safe gmail interface where they can decrypt the message and write their own reply. The best part about it is about it Doesnj Control of that data. “
It is also important to note that when the recipient has s/mime configured, gmail will still send the email via s/time as it alredy does.
Google beLieves this approach offers a more Comprehensive Encryption Effectively.
Data Sovereignty a Key Benefit
Another side effect of this Approach to Client-Side Encryption, Said Google, is that in making its customers the ultimate arbiters of who can access their email data, it can helpguard themesalves Against, For Example, Unwarranted Intrusions by Governments Demanding The Service Provider hand over the data,
Google said this will hopefully heighten customer compliance with data sovereignty regulations, Export controls and other requirements Such as hipaa in the us.
The new technology is available today in Beta for Organizations Using Gmail Internally, but in the Coming Weeks Users will be able to send e2ee emails to any gmail inbox and to any emaile in the year. More information is available from google And Organisations can Sign up here For the beta program.