At HackerOne, automatic updates in Chrome OS reduce worries about security on Pixelbooks
Co-founder and Chief Technology Officer, HackerOne
Editor’s note: Today’s post is by Alex Rice, co-founder and chief technology officer of HackerOne, the world’s largest vulnerability disclosure and bug bounty platform that helps companies find and eliminate security vulnerabilities. HackerOne uses Pixelbooks and Hangouts Meet Hardware to improve security, reduce IT admin, and run meetings with employees around the world.
HackerOne’s reason for being is security: We connect our customers with the world’s largest hacker community to help surface vulnerabilities before they are exploited by criminals. It’s no surprise that we’re very cautious about security ourselves. We don’t want to put our customers’ data at risk, and that starts with how we protect our employees. We choose security tools that are secure by default, easy to manage, and don’t demand heavy lifting from IT. That’s why we’re now switching many of our teams from Macs to Pixelbooks. As a bonus, we now onboard our employees with Pixelbooks faster than ever, and keep our IT and security folks focused on high-impact work.
One of the leading causes of breaches is device operating systems and applications that aren’t kept up to date with the latest patches. Like all security-conscious organizations, HackerOne forces employees to apply security patches soon after they become available. Unfortunately, that process can take up to an hour roughly every month. Multiply that by about 200 employees and you can begin to see the burden good security hygiene can have on our productivity. The first time I witnessed one of our customer success representatives miss an important customer presentation because their Mac was 40 minutes (and counting) into applying a security update, I knew there had to be a better way.
From the first day that we give a Google Pixelbook to an employee, we can rest easy knowing that they’ll stay updated without any effort on our end. Chrome OS updates automatically in just a few second when users restart their devices. With 31 Pixelbooks currently deployed—and about 100 more we’ll roll out next year—that’s as many as 150 hours each quarter that we won’t have to spend on updates, buying time back for activities that create value for our customers and community.
Best of all, when it comes to security, Google doesn't expect me to simply take their word for it. Through their innovative Vulnerability Rewards Program, they enlist top hackers across the globe to ensure Chrome offers unparalleled security. This collaborative and transparent approach gives my team peace of mind found in few other enterprise products.
Chrome Enterprise also helps us minimize the possibility that employees will be taken advantage of by hackers. We just used the Google Admin Console to roll out the Phish Alert Button from KnowBe4 to all Chrome users. They use the button to report possible phishing emails to us so we can investigate. We also use the Password Alert extension from Chrome Browser to automatically warn employees not to reuse their Google Account password for other sites.
Since we use G Suite throughout the company, it made sense to explore adding other Chrome devices that work well with G Suite applications. We added Hangouts Meet hardware kits in our conference rooms, which run on Chrome OS, to do Hangouts Meet calls—much easier and less expensive than running a complex conferencing system. As HackerOne adds employees in the United States, the United Kingdom, Singapore, and the Netherlands, it helps to have everyone using the same online applications for meetings, document sharing, and storage.
Chrome's core principles—speed, security, simplicity, and stability—align well with how we work at HackerOne, so we've standardized on Chrome Browser as our preferred working environment. This extends to employees using Mac laptops—that way, we make sure everyone has access to browser tools like the security extensions. Installing and managing on-premise software just isn’t the way we want to work in 2019. When employees forget their laptops at home or are ready for an upgrade, they don’t need to beg the helpdesk for assistance. They can pick up any Pixelbook, log in, and get started—it’s fast, simple, and secure. It’s how computing should be.