Jump to Content
Chrome Enterprise

Increasing endpoint security with the Center for Internet Security’s updated Chrome Browser Benchmark

June 18, 2019
Kiran Nair

Product Manager, Chrome Enterprise

Many of our enterprise customers rely on the Center for Internet Security (CIS) Chrome Browser Benchmark for recommendations on which policies to configure to make Chrome Browser more secure and compliant for their environment. Over the past few months, the Google Chrome Browser security team has worked closely with CIS to launch the fully revamped CIS Benchmark 2.0 for Google Chrome Browser.

While Chrome Browser is built to be secure by default from the moment it’s downloaded and deployed, we know businesses have unique security and compliance needs that are different from other users, which is why Chrome Browser for enterprise offers more than 300 policies that enterprise IT can manage via Group Policy Objects or Chrome Browser Cloud Management in the cloud.

We worked with CIS to clearly to distinguish between settings that enforce the standard Chrome Browser security defaults and those which add protection but can impact user experience. We recommend that enterprises think about the specific business needs involved from a security and user experience standpoint, and decide which settings make the most sense for their organization.

The updated benchmark contains five sections:

  • Enforced Defaults—Provides recommendations on Chrome Browser default security configurations that can be enforced by policy to avoid your enterprise users changing them, and ensures that previous admins have not mistakenly set them to non-default and less safe configurations.
  • Attack Surface Reduction—Details how you can disable web features that may not be necessary in your enterprise environment.
  • Privacy—Contains settings that are related to user privacy. If organizations are concerned about user privacy, they can control certain user data from being sent using these settings.
  • Management/Visibility/Performance—Contains recommendations for managing and controlling remote access to your browser.
  • Data Loss Prevention—Contains settings that can help prevent data loss. These settings control how data is synced and where data is sent.

The CIS Benchmark is consensus-based and developed through the volunteer efforts of subject matter experts, technology vendors, public and private community members and the CIS Benchmark Development team. The final benchmark is ultimately a mixture of our recommendations and those from CIS and their community. Security configuration management should be a continuous process that takes into account your organization's security and privacy requirements and weighs them against your productivity and usability needs. The CIS Benchmark is a great starting point in hardening your enterprise security and privacy, but each organization is unique and the recommendations provided here should only be applied after careful analysis and consideration.

Click here to download the CIS Benchmark.

Posted in