<img src="https://ad.doubleclick.net/ddm/activity/src=11631230;type=pagevw0;cat=pw_allpg;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=${GDPR};gdpr_consent=${GDPR_CONSENT_755};ord=1;num=1?" width="1" height="1" alt=""> Gmail Confidential Mode: Maybe Not So Confidential After All

Gmail Confidential Mode: Maybe Not So Confidential After All


    { content.featured_image.alt }}

    It’s no secret that Gmail is now the most widely used email client in the world. And for good reason— it is a powerful, user-friendly email platform that supports organizations’ need for rapid collaboration and information sharing. Plus, it has some advanced security features already baked in. Earlier this year, Google introduced Gmail confidential mode, providing senders with basic access controls for Gmail messages and attachments.  

    Gmail confidential mode gives Gmail users basic rights management controls for their email—including the ability to prevent recipients from forwarding, copying, printing or downloading message contents or attachments, and setting an expiration date. Senders can also revoke access at any time. 

    Although Gmail users get some added control over their email messages and attachments with confidential mode,  it’s important to understand where this feature falls short—and what to do about it. To illustrate this, let’s take a look at the Gmail confidential mode experience for administrators, senders, and recipients. 

    Does Your Data Truly Remain Confidential? Not Exactly.

    With Gmail confidential mode, administrators cannot enforce confidential mode as part of G Suite’s Data Loss Prevention (DLP) and compliance rules, so admins have to rely on end users to proactively apply it, introducing security and privacy risks. Visibility is limited as well. Neither Google Vault nor the G Suite Admin Console supports direct reporting on confidential mode activity, restricting audit workflows. Admins currently have no way of integrating confidential mode logs with SIEM tools, inhibiting threat response workflows.

    For senders, expiration and disable forwarding, copying, printing, and download must be applied all at once, making collaboration unnecessarily rigid. For example, you can’t set an expiration date but then allow forwarding. Attachments can’t be shared beyond the initial email, and confidential mode doesn’t support watermarking attachments, so there is nothing stopping recipients from leaking photos or screenshots of sensitive files. 

    Recipients with Gmail accounts access the message transparently within their inbox, but non-Gmail recipients must authenticate themselves with a verification code from an additional email, and there is no way for them to respond securely with confidential mode. For example, if a healthcare organization’s IT staff used confidential mode to request a report from a new patient, patients without Gmail are likely to send their PHI in a separate, unprotected email, introducing HIPAA compliance risks. 

    Finally, your messages are not truly “confidential,” Confidential mode simply sends email and attachments to a TLS-protected subnetwork. Google still has access to the unprotected plaintext (even after recipient access has expired) failing to meet privacy and compliance requirements of organizations concerned about third-party access to their data. 

    Layered Protection and Control for Gmail

    While Google’s native protections for Gmail provide a helpful baseline, many organizations determine additional protection and control measures are needed to ensure privacy and compliance, especially as increasing volumes of sensitive data are stored and shared via Gmail. 

    Data-centric protection for Gmail is a best practice for organizations looking to get the most out of Gmail’s rapid collaboration and productivity features while keeping messages and attachments protected, wherever they’re shared. This approach protects Gmail messages and attachments down to the object level and enables secure sharing and mobility, while the owner maintains control and visibility.

    As Google’s recommended encryption solution, Virtru provides data-centric protection that keeps Gmail messages and attachments private and compliant while fostering secure collaboration. Virtru is embedded directly within the native Gmail user interface via a Google Chrome browser extension, enabling end-to-end encryption, directly within the client. By simply toggling a switch, Virtru encrypts the message body and any attachments before it reaches Google’s servers—preventing access by Google and other unauthorized parties—to ensure privacy throughout collaboration workflows. 

    In order to ensure messages and their attachments remain secure, Virtru:

    • Offers protections that give customers complete control over who can access sensitive content.
    • Enables the secure sharing of attachments with persistent protections and watermarking that offer superior control to prevent data leaks.
    • Supports more seamless and secure collaboration workflows for recipients, helping mitigate compliance and privacy risks.
    • Provides administrators with DLP rules that automatically enforce protection, so admins don’t have to rely on end users to proactively do so.
    • Provides fine-grained audit capabilities—including SIEM integrations— for enhanced threat response.

    To learn more about how Virtru can support you organization’s privacy and security programs, download our free Guide to Gmail Protection for an in-depth walkthrough of Google’s native security features—including Gmail confidential mode, TLS, DLP, and S/MIME—and an orientation to the benefits of true confidentiality with data-centric encryption.

    Editorial Team

    Editorial Team

    The editorial team consists of Virtru brand experts, content editors, and vetted field authorities. We ensure quality, accuracy, and integrity through robust editorial oversight, review, and optimization of content from trusted sources, including use of generative AI tools.

    View more posts by Editorial Team