Protect business data with ChromeOS Data Controls and new security integrations
Tony Ureche
Head of Security, Identity, and Privacy, ChromeOS
Protect business data with ChromeOS Data Controls and new security integrations
Contact Chrome Enterprise
Learn more about how Chrome Enterprise can help your organization.
Get in touchEarlier this month, a group of US and international government agencies, including the CISA, NSA, and FBI released a new set of guidelines for cybersecurity titled "Secure by Design, Secure by Default.” They emphasize that security should be a core product design principle, that software developers and vendors need to ensure security for their products, instead of leaving it to users. At ChromeOS, this is the cornerstone of our security strategy: ChromeOS devices are secure out of the box. The key security principles based on which ChromeOS is designed include:
Built-in Defenses: With Verified Boot, ChromeOS devices automatically check for issues every time they start up. If the OS is compromised, it reverts to a previous version, fixing itself with no IT intervention.
Prevent and protect: The simplest way to remediate a cyberattack is to prevent it from happening. ChromeOS blocks all untrusted executables, by default. Malicious code hiding in executables cannot run on ChromeOS.
Secure Data in the Cloud: Very little data is stored on the device by default. Instead, data is backed up and secured in the cloud. To further protect information, simple data controls prevent leakage through copy and paste, screen capture, printing, or downloading onto USBs.
Trusted Access: Apps and tools are accessed through Chrome browser, the world’s most trusted browser. IT and security teams can already view complete lists of installed extensions, set policies around extensions that can run in their browser environment, and create approval workflows that allow them to review requested extensions before allowing users to install them. Last week Chrome Browser announced additional insights to help them assess extensions for their organization. CRXcavator and Spin.AI Risk Assessment are tools used to assess the risks of browser extensions and minimize the risks associated with them. By making extension scores via these two platforms available directly in Chrome Browser Cloud Management, security teams can have an at-a-glance view of risk scores of the extensions being used in their browser environment.
Today we are delighted to announce an expanded set of built-in features to help businesses of all sizes protect their data and users. Building on the new extension controls announced by Chrome browser last week, we are expanding data protection to the operating system. We are also expanding our partnerships with the leading industry solutions to provide rich insights and reporting.
Data Protection
Protect business data with ChromeOS Data Controls: ChromeOS Data Controls, now in general availability, enables IT and Security teams to protect important business and customer data. Admins can set up rules to prevent copy and paste, screen capture (screenshots and video capture), screen sharing, and printing. IT administrators can create an information protection strategy with rules based on:
Data source: Protect data stored in business-critical locations like HR or accounting apps
Destination: Prevent data from being leaked to social media, pasted into emails, or screenshotted
User: Protect data based on who needs to access it. For instance, finance team members might need to share or print spreadsheets and documents they are working on. But members of other teams do not need this access, and to prevent user errors, admins can set up rules blocking specific users or groups from leaking this data
At Google we use ChromeOS data controls to get insight into how data moves through the organization and protect important data while keeping our teams productive and collaborative.
ChromeOS data controls allow us to better understand how sensitive data moves through our company. This allows us to better focus resources, improving security while also helping teams become more productive and effective.
Nick Peterson, Security Engineer, Google Security
Provide all Chromebook users with enhanced camera and microphone privacy controls: Later this year, users will be able to manage their camera and microphone settings across the operating system from one place in Settings. This way it only takes one click for users to completely turn off their camera or microphone all from one place when they need extra confidence in staying on mute.
Security Insights and Monitoring
In addition to building security into the operating system, we are announcing an expanded set of capabilities within the Chrome Enterprise connectors framework. We are pleased to partner with industry leaders CrowdStrike, Palo Alto Networks, and Netskope through the Security Insights and Reporting connector and the Identity and Access connector.
Monitor ChromeOS devices with CrowdStrike Falcon Insight XDR: Through integration with the XDR Connector, CrowdStrike customers can now monitor threats for their ChromeOS devices within the CrowdStrike Falcon platform. This makes it easy and quick for security and IT teams to evaluate the risk profile of their device fleet in a single, unified command console. To try it today, please sign up here.
Monitor login and logout, Chrome Remote Desktop and local USB activity within your preferred SIEM tool with the Security Insights and Reporting connector: Admins can now monitor an expanded set of events within Chronicle, Palo Alto Networks Cortex XDR and CrowdStrike Falcon LogScale giving them visibility across their devices and user behaviors to proactively identify and mitigate risks.
Identity and Access Management
Enable Azure Active Directory Conditional Access for ChromeOS devices through Netskope Intelligent SSE or Microsoft Defender for Cloud Apps with the Identity and Access connector: ChromeOS devices can now be supported for Azure AD conditional access through integrations with Netskope Intelligent SSE and Microsoft Defender. This enables admins to limit access to services or even to the OS from untrustworthy environments.
As cybercrime grows in volume and sophistication, it is becoming increasingly industrialized and accessible to bad actors. With the growth of Ransomware-as-a-service, the cost of cybercrime will top $10.5 trillion by 2025.1 ChromeOS devices, built to be secure by default, have had zero reported ransomware attacks. With these capabilities announced today, ChromeOS continues to innovate and make the modern workplace safe and trusted.
To get started with ChromeOS today, get in touch.