Using end-to-end encrypted services is quickly becoming a critical component of how enterprises meet regulations and ensure data sovereignty.

While using end-to-end encryption has a lot of upsides, so far it also came with significant tradeoffs – the most significant being that the smart and security features users are accustomed to (e.g smart search, malware scanning) are unavailable due to the fact that they rely on massively complex server-side systems to operate.

In this talk, we start by explaining how Client Side Encryption works in general, what are the benefits using it, and which tradeoffs must be made.

Then we discuss how we concretely implemented Google Workspace Client-side Encryption (CSE) for Google Drive. We highlight the key decisions we made and explain the rationale behind those choices.

Next we delve into the key potential solutions that can be used to enable safety and smart features in end-to-end encryption settings . We highlight their strengths and limitations to make clear when each might be useful.

Finally we showcase how we are currently experimenting with some of those approaches to add malicious link protection to encrypted Google Workspace documents. We will delve into the practical tradeoffs we made, the technical difficulties we faced and techniques we used to reach good detection performance.

Armed with the knowledge, you will get a solid understanding of what value E2EE services can bring to your business, how it works in practice, what are the tradeoffs of using it and, what are the practical strategies currently investigated to try to bridge features gap between E2EE and non-E2EE products.