OAKLAND–Google is making a pair of changes to its hosted G Suite Gmail service for enterprises to enhance the security of the service.
The most significant change is the addition of hosted S/MIME encryption. This will allow enterprise customers to get the benefits of secure email without having to deal with all of the challenges themselves.
“With Google’s new hosted S/MIME solution, once an incoming encrypted email with S/MIME is received, it is stored using Google’s encryption. This means that all normal processing of the email can happen, including extensive protections for spam/phishing/malware, admin services (such as vault retention, auditing and email routing rules), and high value end user features such as mail categorization, advanced search and Smart Reply. For the vast majority of emails, this is the safest solution – giving the benefit of strong authentication and encryption in transit – without losing the safety and features of Google’s processing,” Nicolas Kardas and Nicolas Lidzborski of Google said in a post on the new feature.
“Using hosted S/MIME provides an added layer of security compared to using SMTP over TLS to send emails. TLS only guarantees to the sender’s service that the first hop transmission is encrypted and to the recipient that the last hop was encrypted. But in practice, emails often take many hops (through forwarders, mailing lists, relays, appliances, etc). With hosted S/MIME, the message itself is encrypted. This facilitates secure transit all the way down to the recipient’s mailbox.”
Google also is adding Security Key enforcement to G Suite accounts. That means administrators now have the ability to only allow the use of Security Keys as the second factor of authentication.
“2SV with only a Security Key offers the highest level of protection from phishing. Instead of entering a unique code as a second factor at sign-in, Security Keys send us cryptographic proof that users are on a legitimate Google site and that they have their Security Keys with them. Since most hijackers are remote, their efforts are thwarted because they cannot get physical possession of the Security Key,” Christiaan Brand and Guemmy Kim of Google said.
Google has had two-step verification for Gmail for more than five years, and rolled out Security Keys three years ago.