Google is rolling out a major update to Gmail that will allow Google Workspace users to send and receive encrypted emails with ease—no third-party tools required. While Gmail has long supported end-to-end encryption (E2EE), the process was notoriously complex. That’s about to change.
Currently, enabling E2EE through Gmail involves implementing S/MIME (Secure/Multipurpose Internet Mail Extensions), which requires administrators to purchase and manage encryption certificates for every user. According to Julien Duplant, product manager for Google Workspace, this setup has been a barrier for many businesses. “Only the most sophisticated organizations could manage it all,” he says. “We’re removing that pain.”
With the new update, Gmail introduces a client-side encryption (CSE) control directly inside Google Workspace. This simplifies encryption for emails, files, meetings, and calendar events—making E2EE a built-in feature rather than a complex add-on.
Once CSE is activated by IT admins, Gmail users will see an option to encrypt messages before sending. For recipients within Gmail, the experience remains seamless: encrypted messages appear directly in their inbox, decrypted and ready to read. For those outside Gmail, the system provides a secure link to access the message through a guest Workspace account—ensuring that the content never leaves Google’s protected environment.
“When recipients click the link, a browser window opens for secure authentication and message decryption,” Duplant explains. “We automatically create temporary Workspace accounts, so encrypted emails stay within the private cloud.”
This move positions Gmail as a more secure and user-friendly alternative to third-party encryption platforms like Virtru, Mimecast, and Proofpoint. Jennifer Glenn, research director at IDC, believes the update could appeal to IT teams eager to simplify operations without compromising email privacy.
“Organizations using Google Workspace no longer need to jump through hoops to secure their communications,” Glenn notes. “This reduces admin overhead and makes secure messaging far more accessible.”
Although Microsoft doesn’t offer a similar built-in E2EE feature through its Exchange Online service, it has bolstered its security suite with data loss prevention (DLP) and data classification tools via Microsoft Purview and Intune. Google is catching up fast. In addition to CSE, Google has released Gmail-specific DLP features to detect sensitive information in outgoing messages and manage data sharing across organizations.
Administrators can now assign sensitivity labels to emails, similar to Microsoft’s labeling system. This helps enforce data-handling policies and ensures that confidential information stays protected.
Google plans to release the beta version of its new E2EE tool during the upcoming Google Cloud Next conference in San Francisco. At launch, the feature will be limited to emails exchanged within the same organization. However, support for encrypted messages sent to any external email address is expected to roll out later this year.
The new functionality could mark a turning point for secure business communications—particularly for organizations already relying on Google Workspace. With encryption now embedded into Gmail’s workflow, email privacy becomes more manageable and more scalable.
