Keeping cloud entry points secure with Google Chrome Enterprise

When we introduced Chrome Enterprise last August, our aim was to provide a single solution that connected employees while giving admins the flexibility and control they needed to keep their businesses protected. Since then, security has only become more of a priority for enterprises. In fact, last year alone, 98% of businesses were affected by malware, and employee endpoints—like laptops, tablets, and smartphones—were increasingly the target of attacks.

Enterprise IT admins know this all too well. With hardware, firmware, browsers, apps and networks to protect, admins now face more risks than ever, while managing more devices than ever. We built our Chrome Enterprise ecosystem with this complex landscape in mind, and today we’re adding new enhancements and partnerships as we continue to make Chrome Enterprise the most secure endpoint solution for businesses in the cloud.

Here’s a look at how these updates can help protect businesses, and their data, at every cloud access point.

Offering more ways for businesses to manage their devices from a single unified management solution

For many businesses, managing a broad range of devices within one unified endpoint management solution is a necessity. Last year, we announced our first enterprise mobility management (EMM) partnership with VMware AirWatch, the first third-party solution with the capability to manage Chrome OS. Today, we’re expanding this with four new partnerships with EMM providers, which gives IT admins the ability to manage and implement security policies across their full fleet of devices from a single place.

• Cisco Meraki offers a comprehensive set of solutions that includes wireless, switching, security, endpoint management, and security cameras, all managed through Meraki’s web-based dashboard interface.

• Citrix XenMobile provides device and application management for comprehensive mobile security, and pairs well with other recent Citrix integrations.

• IBM MaaS360 with Watson delivers a cognitive approach to unified endpoint management, enabling the management of endpoints, end users and everything in between.

• ManageEngine Mobile Device Manager Plus (a division of Zoho Corp) is a unified endpoint management console for configuring, managing and securing mobile devices, desktops and apps.

With these partnerships in place, enterprises can pick the solution that fits their business best.

Helping enterprises manage Chrome OS alongside legacy infrastructure with more Active Directory enhancements

Building on our initial integration with Active Directory last August, we’ve added a number of enhancements to help admins manage Chrome OS alongside legacy infrastructure. Administrators can now configure managed extensions directly through Group Policy Objects. Users can authenticate to Kerberos and NTLMv2 endpoints on their local network directly from Chrome OS. We’re also expanding our support for common enterprise Active Directory setups like multiple domain scenarios. And we’ve improved our existing certificate enrollment flows with Active Directory Certificate Services (ADCS).

Continuing to deepen and expand management capabilities in Chrome Browser and Chrome OS

The less time IT has to spend on mundane, manual tasks means more time to focus on business critical projects. That’s why Chrome Enterprise was designed to give IT admins the ability to grant, manage and adjust user permissions at scale, with fewer repetitive tasks. Chrome Enterprise already lets admins fine tune more than 200 security policies and grant secure, authorized employee access to online resources, and we’re continuing to add additional controls to help. In recent months, we’ve added the following controls to help admins:

• Per-permission extension blacklisting lets admins restrict access to extensions based on the permissions required, for example, extensions that require the use of a webcam. This allows admins to now authorize an employee’s access to more extensions in the Google Chrome Web Store but maintain fine-grained admin controls across web properties.

• Sign-ins can be disabled from an outdated OS to help administrators comply with security policies that dictate how many versions behind their users are allowed to run on.

• Admins can ensure that only managed devices can connect to their single sign-on servers by gating that access with device-wide certificates. These certificates effectively attest to the Chrome endpoint’s managed state.

• Newly added support for automatic forced re-enrollment will now allow a Chrome device that has been wiped or recovered to re-enroll into the corporate domain without requiring administrator credentials. This will help ensure corporate devices remain enrolled without requiring any admin intervention.

With Chrome Enterprise, our focus is not only on Chrome OS, but how businesses use Chrome Browser across all their platforms. Last December we announced a number of security enhancements for Chrome Browser with the aim to help enterprises stay safe. We’ve now added  a policy that allows IT to require users to sign-in to Chrome Browser, ensuring security policies are applied to browsing sessions across platforms. And in the coming months, we’ll be adding enterprise reporting capabilities in Chrome Browser that give IT admins access to data about installed extensions, status of configured policies, telemetry data and much more. With this information, IT can better understand security status of each endpoint under their control.

Continually managing vulnerabilities to help businesses stay protected

All of today’s announcements help admins stay on top of their organization’s security, and these features are in addition to the benefits admins already get with Chrome Enterprise.

For example, keeping hardware up to date is one of the easiest ways IT admins can keep endpoints secure, yet it can also be one of the most time-intensive tasks in an admin’s day. That’s why we built Chrome OS so that it automatically deploys security updates to ensure all devices run the latest version of Chrome OS. Chrome Browser prevents exposure to phishing and malware, and if threats are detected on third-party apps, admins can uninstall apps remotely with managed Google Play.

The proactive protection, control, and endpoint management advantages offered by Chrome Enterprise are why companies such as Sanmina Corporation are deploying Chrome across their businesses.

“As a multinational manufacturing and supply chain company that makes everything from the electronics in your car to mission critical systems for aerospace and medical products, security is of the utmost importance to us,” said Manesh Patel, CIO of Sanmina. “Deploying Chrome OS and G Suite in our facilities all over the world has allowed us to transform our workforce and collaborate securely in the cloud. It gives us peace of mind to know that our data is secure, and allows us to focus on building world-class products."

More to come

In the coming weeks there’ll be additional blog posts that offer deeper looks into what these enhancements can mean for businesses. In the meantime, you can learn more about security in Chrome Enterprise on our website.