Google rolls out easy end-to-end encryption for Gmail business users
Google has started rolling out a new end-to-end encryption (E2EE) model for Gmail enterprise users, making it easier to send encrypted emails to any recipient.
While businesses also have the option to configure the Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol to send digitally signed and encrypted messages, this requires significant resources, including deploying certificates to all users and exchanging them before sending the emails.
Google says that after Gmail's new E2EE model rolls out, business users will be able to send fully encrypted emails to any user on any email service or platform without having to worry about complex certificate requirements.
"This capability, requiring minimal efforts for both IT teams and end users, abstracts away the traditional IT complexity and substandard user experiences of existing solutions, while preserving enhanced data sovereignty, privacy, and security controls," Google said today.
"We're rolling this out in a phased approach, starting today, in beta, with the ability to send E2EE emails to Gmail users in your own organization. In the coming weeks, users will be able to send E2EE emails to any Gmail inbox, and, later this year, to any email inbox."

To send a new encrypted email, Gmail users only have to turn on the "Additional encription" option when writing the message. The email will be automatically decrypted when the recipient is a Gmail user with an enterprise or personal account.
Recipients using Google's Gmail mobile app or non-Gmail email clients will receive a link to sign in and view the email in a restricted version of Gmail. The recipient can then use a guest Google Workspace account to view and reply to the encrypted message.
However, when the recipient has S/MIME configured on their account, Gmail will automatically send an E2EE email via S/MIME (just as it does today).
Gmail's new E2EE capability is powered by the client-side encryption (CSE) Workspace technical control that enables organizations to use encryption keys stored outside Google's servers and under their control to protect sensitive emails and documents,
This ensures that all transmitted data is encrypted on the client before being sent to Google's cloud-based storage, which helps meet regulatory requirements, such as data sovereignty, HIPAA, and export controls, by rendering it indecipherable to Google and third-party entities.
Gmail CSE has been available for Google Workspace Enterprise Plus, Education Plus, and Education Standard customers since February 2023, and was introduced in Gmail on the web as a beta test in December 2022 after an initial rollout to Google Drive, Google Docs, Sheets, Slides, Google Meet, and Google Calendar (in beta).
Top 10 MITRE ATT&CK© Techniques Behind 93% of Attacks
Based on an analysis of 14M malicious actions, discover the top 10 MITRE ATT&CK techniques behind 93% of attacks and how to defend against them.
Lucid PhaaS Hits 169 Targets in 88 Countries Using iMessage and RCS Smishing
Nearly 24,000 IPs behind wave of Palo Alto Global Protect scans
CVE-2024-20439 Cisco Smart Licensing Utility Static Credential Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2019-9874 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2019-9875 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2025-30154 reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability
CVE-2025-1316 Edimax IC-7100 IP Camera OS Command Injection Vulnerability
CVE-2024-48248 NAKIVO Backup and Replication Absolute Path Traversal Vulnerability
CVE-2017-12637 SAP NetWeaver Directory Traversal Vulnerability
CVE-2025-24472 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
InformationalInformation Disclosure - Suspicious Comments
InformationalRe-examine Cache-control Directives
CWE-567 Unsynchronized Access to Shared Data in a Multithreaded Context
CWE-180 Incorrect Behavior Order: Validate Before Canonicalize
CWE-1088 Synchronous Access of Remote Resource without Timeout
CWE-581 Object Model Violation: Just One of Equals and Hashcode Defined
CWE-1303 Non-Transparent Sharing of Microarchitectural Resources
Free online web security scanner