Shields Up: Powerful new security features in ChromeOS
Tony Ureche
Director, Product Management ChromeOS
Outdated security perimeters are no longer sufficient. Sophisticated attacks bypass traditional defenses daily, leading to costly breaches and compromised data. Zero Trust security - a framework that verifies every user and device – offers a solution, but implementation can be complex and constant monitoring depletes IT resources. ChromeOS, with its built-in security and automatic updates, is designed for Zero Trust security.
In fact, today we are delighted to announce that industry-leading security analysis and pen testing firm, Atredis Partners, rigorously tested ChromeOS built-in defenses versus other operating systems. Their findings?1
ChromeOS is the most secure OS, out of the box.
Atredis Partners, ChromeOS Competitive Analysis
Atredis explains, “ChromeOS users do not need to understand the low-level security configuration or hardening options available to their device’s operating system in order to have the most secure experience available.”2
And we don’t rest on that laurel, we are constantly improving our built-in security features and expanding our ecosystem of partnerships with leading security providers. Today, we’re excited to announce several new features that bolster authentication, enhance endpoint protection, provide deep threat insights, and offer unprecedented data security – all within a framework designed to make implementing Zero Trust easier for your organization.
1When contrasted with Windows 11 and macOS, ChromeOS offers the most secure experience out of the box. Source:https://www.atredis.com/s/Atredis-Partners-Google-ChromeOS-Competitive-Analysis.pdf
2Atredis Partners: https://www.atredis.com/s/Atredis-Partners-Google-ChromeOS-Competitive-Analysis.pdf
User and Device Authentication
Strong authentication is the foundation of Zero Trust security. ChromeOS offers authentication capabilities that ensure that devices trying to access corporate resources are uncompromised through verified boot. Today, we’re announcing a set of enhancements to these offerings, including:
- Secure Local Data Recovery: We are excited to announce secure data recovery on ChromeOS. When users misplace or forget their passwords, ChromeOS requires that the user have access to their account and to their physical device in order to restore local data. To give users complete control over their data, every recovery attempt gets logged into a tamper-evident, persistent ledger in a privacy-preserving manner, ensuring all unauthorized access attempts are immediately detected.
- Device Trust Connector with Okta: We are happy to announce deep integrations with leading identity provider Okta. The integration with ChromeOS device trust connector empowers admins to set device-assurance policies in Okta that leverage device ChromeOS signals. By incorporating device context signals from ChromeOS into Okta, organizations can now easily allow access to applications with a seamless user-friendly experience for authorized users.
Endpoint Resilience
Endpoint security is built-in at every layer of the operating system with features like verified boot, read-only operating system, and automatic updates to ensure proactive protection. Sandboxing isolates programs and browser tabs to stop malicious websites from harming the rest of the operating system by restricting all security risks to a single program or browser tab.
Data Protection
Data Protection is an integral part of a Zero Trust architecture because it ensures that sensitive data is protected from unauthorized access, even if other security measures are bypassed. ChromeOS provides robust data protection capabilities, including built-in Data Loss Prevention (DLP) and granular access controls. Today we’re excited to expand these capabilities with:
- DLP for Files: Last year we announced platform-level data protection and data loss prevention policies based on user, data source, and destination. Today we’re extending the same powerful policies to files.
- BeyondCorp Enterprise for Files: Furthermore, we are now enabling organizations to extend BeyondCorp Enterprise’s powerful scanning and rule-based protections to local files on ChromeOS.
Insights
Proactive and constant monitoring is crucial to effective Zero Trust security. It enables continuous visibility into device usage, application behaviors, and emerging threats. Organizations can proactively adjust policies and remediate vulnerabilities by gathering and analyzing this data.
Last year we announced the ChromeOS XDR connector integration with CrowdStrike Falcon Insight XDR. CrowdStrike’s industry-leading security operations platform offers continuous fleet monitoring for ChromeOS devices to identify potential threats throughout your organization.
Today we’re announcing enhancements to monitoring and reporting capabilities, including:
- ChromeOS App for Splunk: We’re excited to announce the ChromeOS App for Splunk to provide deep insights into device usage and potential threats. This empowers security teams with a single pane of glass view for threat detection, analysis and proactive risk management.
- Controls for consumers: We are excited to expand the privacy controls we announced last year with geolocation controls and granular application-level permissions on camera, microphone, and geolocation services. This enhances user productivity and transparency with a single hub for all privacy controls.
As we expand our ecosystem of security partnerships, we are happy to welcome Cisco Umbrella into Chrome Enterprise Recommended, Security & Trust track. Cisco Umbrella simplifies cybersecurity and compliance by providing a converged set of capabilities in a single, cloud-delivered solution delivered through a Chrome Extension and managed through Google Admin Console.
In the modern threat landscape as traditional security measures fall short, ChromeOS emerges as the cornerstone of a robust Zero Trust strategy. ChromeOS is the most secure OS, out of the box, making Zero Trust security accessible. Its built-in capabilities, powerful integrations and continuous enhancements empower security and IT teams to implement Zero Trust principles seamlessly.