• I Received a Virtru Email

Gmail Confidential Mode: How Secure Is It?

Google has announced the general availability date for Gmail confidential mode – a feature that gives users basic rights management controls over their email. As of June 25, 2019, organizations using confidential mode will be able to prevent email recipients from forwarding, copying, printing or downloading message content or attachments. Senders can also set an expiration date for messages and revoke access at any time.

Although users get added control over their email messages and attachments, does the data truly remain confidential? Not exactly.

Quick Capability Summary:

Here are the Main Things to Know:

Virtru offers complete control over who can access sensitive content.

Confidential mode sends email and attachments to a secure web channel that recipients can access via a URL in a manner that closely resembles email encryption portals. This means Google has access to plaintext message content (even after messages expire or senders revoke access), failing to meet privacy and compliance requirements of organizations concerned about third-party access to their data.

Virtru’s end-to-end encryption ensures unauthorized parties can’t access sensitive data, whereas confidential mode leverages TLS encryption that secures the communication channel but still gives Google access to sensitive data. Customer-hosted keys and centralized policy management give Virtru customers total control over who can access their data.

Virtru’s persistent protections and attachment watermarks offer more control to prevent data leaks.

Gmail confidential mode forces users to apply all rights management features at once while limiting secure sharing workflows. Virtru’s protections and access controls persist wherever data is shared, allowing file attachments to stay under your control even as they’re moved from email to other unknown environments. Virtru’s attachment watermarks prevent data exfiltration activity as documents are shared. Confidential mode lacks this capability, so nothing is stopping recipients from taking pictures of sensitive content and leaking your data.

Virtru provides administrative controls that enforce encryption to better support secure cross-enterprise sharing workflows.

Virtru offers administrative controls that protect content via policies that are enforced globally, so you don’t need to rely solely on end users to protect data. Virtru’s administrative Data Loss Prevention (DLP) lets security teams enforce end-to-end encryption and granular access control policies to enable secure collaboration. When combined with Virtru’s on-demand protections for end users, these policy-defined controls ensure emails stay protected wherever they’re shared. G Suite DLP rules don’t currently support enforcement of confidential mode, so it can’t ensure automatic protection of sensitive content. You’re forced to rely on end users to proactively apply confidential mode, risking data leaks.

Virtru provides fine-grained audit capabilities for enhanced threat response.

Virtru also supports more robust audit workflows with granular visibility of Virtru-protected data. Both administrators and senders can monitor data sharing workflows, and adapt and revoke access as needed. As data is shared, Virtru logs event activity for you to view in the Virtru Dashboard, or integrate with their SIEM. This lets you correlate other security events to identify anomalous activity like repeated access attempts from a hostile IP address, then immediately remediate the threat by revoking access.

Virtru supports more seamless, secure cross-platform collaboration.

Recipients of a confidential mode email can’t send direct, secure responses within the same email thread. This makes collaboration workflows more difficult and less secure. For example, if a healthcare organization’s IT staff used confidential mode to request a report from a new patient, the patient can’t reply securely to the original email. They’re likely to send their PHI in a separate, unprotected email, introducing a HIPAA compliance violation risk. Virtru allows recipients to easily access protected messages and send an encrypted response with the Secure Reader.  

Don’t worry—There is a way to maintain data privacy while using confidential mode:

The answer is using Google and Virtru together. While Gmail confidential mode’s rights management controls may meet basic needs, Virtru’s persistent encryption, granular access controls and ease of collaboration ensure Gmail messages stay protected wherever they’re created or shared.

Organizations that use Virtru in addition to their Google platform can ensure messages stay private with customer-hosted keys that offer complete control over who accesses their data. Advanced rights management features give senders and administrators more control to prevent data leaks, and external recipients can reply securely for seamless, secure collaboration.

The Google-Virtru partnership gives users all the functionality and control they need to achieve the security and privacy of email content and attachments.

Virtru is Google’s recommended partner for encryption. Learn more about Virtru for Gmail here.


New call-to-action

Subscribe to Our Newsletter

Connect With Us


Dive Deeper