The use of end-to-end encryption for email and other cloud services is expanding. This comes as no surprise given that email is one of the top two cyberattack vectors.
Mail servers made up 28% of all affected hardware, according to Verizon's annual 2022 Data Breach Investigations Report, and 35% of ransomware activities involved email. In its 2022 report, the EU Agency for Cybersecurity noted that ransomware is responsible for 10 terabytes of data theft each month, with 60% of businesses likely having paid a ransom. An updated Gartner study from 2021 found that 40% of ransomware attacks begin with email.
To address these issues, Google, Microsoft, and Proton, whose Proton Mail service was a pioneer in secure email, expanded their end-to-end encryption offerings.
Google revealed a beta of client-side encryption services for Gmail on the web in a blog post last month. Up until January 20, 2023, customers of Google Workspace Enterprise Plus, Education Plus, and Education Standard may apply for the beta.
The tech giant stated that client-side encryption "helps strengthen the confidentiality of your data while helping to address a broad range of data sovereignty and compliance needs," noting that it encrypts all data at rest and in transit in Google Workspace between its facilities.
Moreover, it claims that Google Drive, Google Docs, Sheets, Slides, Google Meet, and Google Calendar already support client-side encryption.
Users simply need to click the lock icon and choose the option for additional encryption, according to Google, in order to add client-side encryption to any message. Writing and including attachments work as expected.
Microsoft, which last updated its message encryption in 2019, declared in April of last year that updates to Windows 11 would include security patches to address phishing and malware threats.
If so, Microsoft will probably also include end-to-end encryption since Office 365 Message Encryption currently uses Transport Layer Security encryption. Despite the fact that this service, according to the provider, enables users to encrypt and rights-protect messages intended for internal and external recipients using Office 365, non-Office 365 email applications, and web-based email services like Gmail.com and Outlook.com, it does not shield users from phishing or malware attacks as well as E2EE.
Google's announcement came after that of Proton, a platform for encrypted cloud storage that was introduced in 2013 by CEO Andy Yen in Geneva, Switzerland. With a focus on mobile devices, the company increased its encryption offerings last fall. These new additions included secure cloud storage and a secure calendar feature, both of which have apps for iOS and Android devices.
Users can safely upload, save, and share files to and from their phone using Proton Drive, a free encrypted cloud service that was made available in late September and made its iOS and Android debuts in December.
The three main functions of Proton Drive are as follows:
- Any uploaded file on the user's device is encrypted before it is stored on Proton servers.
- Metadata such as file and folder names, file extensions, file sizes, and thumbnails are encrypted.
- File expiration and viewing passwords are included, allowing for secure sharing with non-Proton users.
Proton said that since the beta launch of Proton Drive last September, with over 500,000 users participating, it has seen an average of one million files uploaded per day, roughly half of which are photos.
Additionally, it offers two paid levels of service for its encrypted drive, Drive Plus with 200GB storage for $4.99/month or $47.88/year and Proton Unlimited with 500GB for $11.99/month or $119.88/year, all of which are available to individual users.