Chrome’s ongoing efforts to keep enterprises safe
Robert Shield
Engineering Director, Chrome
Learn more about Chrome Enterprise Core
Powerful and flexible management capabilities both in the cloud and on premises, at no additional cost.
Learn moreSecurity and the way we’ve been able to advance user protections over the years is hands down one of my favorite topics when it comes to Chrome. I’ve been on the Chrome team for over 14 years and have seen the browser evolve to become a critical tool that helps people get work done at home or in the office. At the same time, Chrome is often the best line of defense to protect users against malicious software on the internet.
Now more than ever, security has to be top of mind for IT and security teams. Cybercrime is up 600% due to the COVID-19 pandemic, and remote work has increased the average cost of a data breach by $137,000. Those numbers are staggering. And IT teams need to make sure every piece of their tech stack helps support their security needs.
Chrome has worked for years to quickly mitigate risks, block malicious sites and content, and proactively improve web security to keep your users and corporate data safe, pioneering new layered defenses like sandboxing and site isolation. When we think of security and Chrome, we believe it takes multiple elements of security coming together to give organizations the best protection possible.
Security you don’t have to think about: Chrome has many built in protections in place by default that benefit all users. This includes our team’s work to minimize zero days and roll out fixes quickly. With auto updates enabled, Chrome offers enterprises fast and automatic fixes for zero day vulnerabilities. The Chrome security team recently published a post explaining the state of in-wild-bugs that’s worth a read. More examples of the defense-in-depth Chrome offers include capabilities like site isolation and sandboxing that keep malicious code from affecting other visited sites or impacting user machines. Our scanning infrastructure helps us detect and remove harmful extensions from the Chrome Web Store (in fact, last year we saw an almost 90% drop in malware) to prevent your end users from getting infected with malicious extensions. These are protections built directly into Chrome that automatically keep your users and organization safe.
Protections for Chrome users: We provide additional layers of protection that keep your end users safe while they’re on the web and give them helpful information whenever there are potential security risks. For example, Safe Browsing, offered natively in Chrome, helps protect devices by showing warnings to users when they attempt to navigate to dangerous sites or download malicious files. We also give users insights into the safety of their passwords, letting them know if their passwords have been compromised, or even prompting them to change their corporate password if they try to re-use it against company policies. You users are working hard to get things done, and Chrome’s layered security supports their workflows while helping them stay safe on the web.
Enterprise Controls: Every organization has unique security needs. That's why Chrome provides enterprises with advanced safeguards and granular policy management to help meet those security goals. With hundreds of policy options, admins can use a variety of management tools, including Chrome Browser Cloud Management, to customize the browser. Chrome Browser Cloud Management goes even further, providing powerful enterprise extension management, a security priority for many organizations. Our extension request workflow allows end users to request extensions and admins to allow or deny extension requests. We also recently released extension pinning that allows admins to pin to specific versions of extensions to support any internal security review processes.
Visibility and reporting is another focus area to support IT teams. Through Chrome Browser Cloud Management, administrators can get more insight into their browser environment. This data can help IT teams make security decisions, better understand the devices running Chrome and investigate if issues arise.
Zero trust security: Finally, Chrome can help modernize an enterprise's security strategy by migrating to Zero Trust access models. BeyondCorp Enterprise helps secure endpoints by directly integrating Threat and Data Protection in Chrome. This protects against intentional or accidental data loss and prevents malware and phishing in real-time. Additionally, Chrome and BeyondCorp Enterprise provide device trust and endpoint security signals directly from the browser, significantly easing deployment of zero-trust in your environment. In 2022, we plan to partner with leading players in the cybersecurity and zero trust space to add additional integrations.
For security recommendations, check out the new Chrome 2.1 CIS Benchmark that covers independent recommendations on which Chrome policies to configure to help support organizations’ security and compliance needs.