Security news that informs and inspires

Google Turning On Confidential Mode by Default in G Suite


Enterprises that use Google’s G Suite for email will soon see a significant change in the way the system handles sensitive messages. In late June, Google will turn on a feature by default called Confidential mode that prevents recipients from forwarding, copying, or printing the messages and allows senders to set expiration times for their emails, as well.

Confidential mode for G Suite has been available in beta for a few months now, but on June 25 Google plans to make it the default setting for all enterprise customers. Administrators still will have the option to disable Confidential mode if they choose, though. In practice, Confidential mode enables people to send messages that don’t actually contain text in the body. Instead, each message contains a link to the content, including any attachments.

“Confidential mode provides built-in information rights management controls in your emails by allowing senders to create expiration dates and revoke previously sent messages. Because a sender can require additional authentication via text message to view an email, it’s also possible to protect data even if a recipient’s email account has been hijacked while the message is active. Additionally, with confidential mode, recipients don’t have the option to forward, copy, print, or download their content or attachments,” Google said.

By turning on Confidential mode by default, Google is giving enterprises another line of defense against email-based attacks and surveillance. While it’s not a cure-all defense, the change to make Confidential mode the normal setting makes it simpler for administrators to safeguard sensitive information sent via email. As it stands, email is among the more vulnerable areas of many enterprise infrastructures, both because of deliberate attacks from the outside and inadvertent leaks by employees. Confidential mode will be helpful in defending against the latter.

Confidential mode messages are still available to the Vault feature in G Suite, though, which is used for archiving, compliance, and eDiscovery purposes. If both the sender and recipient of a message are inside the same organization, Vault will keep a copy of the message’s content and attachments.

“Only the subject and body containing the link are sent via SMTP. This means that if your users send or receive messages in Gmail confidential mode, Vault will retain, preserve, search and export confidential mode messages. The message body of received messages will be accessible in Vault only if the sender of the message is from within your organization,” Google said.