Securing remote workers with Chrome Enterprise
Cyrus Mistry
Group Product Manager, Chrome Enterprise
With the broad impact of COVID-19, it's more important than ever to implement a secure remote working strategy that helps employees get work done from home while protecting your organization's sensitive data. Chrome Enterprise, with its user protections, secure endpoints, and cloud-based management, provides a range of tools necessary to help protect a remote workforce. We'd like to highlight several features and policies available in the latest version of Chrome (Chrome 83) along with content that will help you protect users and your organization’s data.
Advanced user protections help prevent phishing attacks
Chrome OS and Chrome Browser are built with services powered by Google that help deter end users from visiting phishing websites, and notify end users when their password needs to be changed. One of these services is Google Safe Browsing, which warns users when they attempt to click through to malicious or deceptive websites or content. With Chrome 83, Enhanced Safe Browsing offers new and more advanced protections for businesses or individual users that opt in.
When admins switch Safe Browsing to Enhanced Protection mode, Chrome will share additional security data directly with Google Safe Browsing to enable more accurate threat assessments. Chrome will check uncommon URLs in real-time to detect whether the site a user is about to visit might be a phishing site. Chrome will also send a small sample of pages and suspicious downloads to help discover new threats against Chrome users. Admins can enable or disable Enhanced Safe Browsing centrally with enterprise policies in the Google Admin console.
Easily recognize and replace compromised passwords
Compromised passwords pose another significant risk to users and organizations. Chrome 83 goes beyond simply warning users if their credentials have been compromised by enabling them to check all their remembered passwords at once through new safety checks in the browser. If compromised passwords are detected, the new tool will give users personalized recommendations for how to fix them. This feature is available to Chrome OS and Chrome Browser end users. Enterprises can also take advantage of Password Alert for added protections for corporate credentials.
Improve user safety and privacy while browsing the web
This release of Chrome 83 also begins the rollout of Secure DNS, a feature built on top of a protocol called DNS-over-HTTPS. It’s designed to improve users’ safety and privacy while they’re browsing the web by encrypting DNS communication, helping prevent attackers from observing which sites you visit or sending you to phishing websites. This feature will be disabled by default for managed environments, but we encourage IT administrators to consider deploying DNS-over-HTTPS for their users. To enable Secure DNS for your managed environment, we have made policies available through Group Policy or in the Google Admin console for enterprises managing Chrome devices or Chrome Browser.
Cloud-based management for granular endpoint control
When supporting a deployment of remote workers, it’s important to have the right administrative tools to help keep employees and corporate data more secure. The Google Admin console offers user, browser, and device policies that IT admins can leverage to optimize the end user experience while securing corporate data. For those customers using Chrome Enterprise Upgrade, IT administrators can disable devices that have been lost or stolen, set them to wipe data after each use with Ephemeral mode, and more. To learn more best practices to maximize security with the Google Admin console, watch these videos:
One new way for admins to ensure their fleet of Chromebooks is up to date with the most recent version of Chrome OS is with the new enforce device reboot policy. On Chromebooks, OS updates occur in the background, so users can continue to work without interruption, and complete the update with a simple, quick reboot. With the new policy, IT admins can set a notification to remind end users to reboot their device, and give them a deadline by which to do so. This feature is available to customers with Chrome Enterprise Upgrade.
Secure endpoints with built-in protections against malware
On Chromebooks, all layers of the system (hardware, firmware, apps, browser, and data) work together to provide innovative security benefits. Features like Verified Boot and OS updates that happen in the background without user interruption are key to protecting users against malware and zero-day vulnerabilities.
Many of these benefits are made possible by Titan C, the security chip in modern Chromebooks*, designed by Google to keep your data secure and protect users’ identities. Google regularly updates the chip’s firmware so your Chromebooks stay protected, even from the most recent threats. It also enables Verified Access, so customers who use services like BeyondCorp Remote Access can ensure devices that attempt to access an internal service are verified to be safe. To learn more about how Titan C protects against malicious code, verifies user identity, and more, check out the Titan C demo.
To learn more about keeping your remote workforce secure, please join our webcast, “Securing remote workers with Google and Chrome Enterprise,” on May 20 at 10:00 am PT (a recording of the presentation will be available on demand afterwards). You can register for this digital session here.
And, as always, if you’re interested in keeping up with the most recent product updates, please visit the Chrome Enterprise release notes, and subscribe for regular email updates.
*All Chromebooks launched since January 2019 come with the Titan C security chip except for the Lenovo 100e Chromebook 2nd Gen MTK and the Lenovo 300e Chromebook 2nd Gen MTK, which come with a different security chip.
