Google has made client-side encryption available to some Gmail and Google Calendar users, allowing them to significantly secure their correspondence and event schedule.
Client-side encryption (CSE) in Google’s implementation means that the admin of the Google Workspace group holds the access keys – so the service occupies an intermediate position between end-to-end, where only sender and receiver have the keys, and server-side Encryption used when storing data. Users of the service thus have the guarantee that neither Google employees nor hackers can access their data if they hack into the search giant’s resources.
Previously, CSE was already available for enterprise versions of the Google Workspace platform – the function works for users of Drive, Documents, Presentations, Sheets and the Messenger Meet. Now Gmail and Calendar are connected to them. However, the fact that the users have sole control over the encryption keys is an exaggeration given that only a few services that Google partners with give them out. In other words, these services also have access to the keys.
CSE is certainly inferior to the once-popular PGP library, which proved impractical due to the need to manage large numbers of keys and was eventually supplanted by services like Signal. As such, CSE is a sort of middle ground for organizations implementing encryption to meet legal or contractual obligations.