Keeping Your Business Safe in a Cloud World: Chrome Enterprise's Innovative...
Welcome. To cloud on air live webinars, from Google cloud we, are hosting webinars daily, my, name is Jeffrey de Gotha and today we were going to be, talking about Chrome Enterprise and keeping, your business safe in the cloud thank, you for joining me throughout, our presentation you, can ask questions anytime on our platform, and we have Googler standing by to answer them now let's get started into the presentation. So. The title, of this presentation is, keeping your business safe and in the cloud and I. Think you're here today because a lot of businesses face challenges, as they move to the cloud and keeping, their information and their businesses, secure and, given the fact that you're joining us today you probably have some of these same concerns for your business. Since, the advent of the cloud we've helped, to address many of these. Concerns. But there's a lot of traditional security, concerns that you may have as you face moving towards the cloud so. We're. Going to be covering the Chrome Enterprise has. A very unique approach to endpoint security and, simplifies. Device management and keeps, your data, safe, and your users protected. There. We go. So. I think we're all aware in in today's environment that, the threat of sophisticated. Attacks is constantly. On the increase, overall. Merrow malware, variants, have increased, 88 percent since 2017. And. The attack vector surfaces. Have increased. Ransomware. Like, wanna cry has infected over 400,000 machines and 98%. Of victims were Windows 7 computers, and as, Windows 7 is still out in the environment they are still, vulnerable to, to, ransomware and finally. Phishing. Attempts, are one of the most common ways that infections. Find themselves, into organizations. Through. Email users. Are. Deceived. To click on to attacks and put, software and, their. Computers, and unwillingly, give. Out information including their data and user name and passwords which can be a major security concern, for companies. So. Let's also talk about the material impact it has businesses, as they try to address these vulnerabilities, so. Year-over-year. Security. Companies have, new software offerings out in the environment and security, and and companies, are increasingly, buying, software to. Help protect against these threats so, the security market is forecasted, to increase about 9%, in, the following year here in 2019. What. The the the major concern, though is that the number of threats is increasing, by 27 percent so, while there's an increase, in technology. To help mitigate it the, it, far exceeds, the, threats far exceed the ability to mitigate. Them and so. This. Is a growing problem because, the amount that you spend to. Protect your information and protect your endpoints. May. Not correlate. To your ability to actually mitigate those risks and defend from them. So. As, we, see. More traditional, security, approaches broken there's. A lot of familiar threats that are cataloged by security, companies and security software and then, they're implemented, by your your security teams and organizations IT, administrators. To, hopefully combat, that security. Threat that you have in your environment, the. Fact is though that increasing. The global security budget shows that a genuine, willingness for, to, address these threats from companies but, it doesn't mean that it actually decreases, the number of incidents that organizations, have and so, the, organization's. Incrementally, funnel more and more time into patchwork security, systems, endpoint.
Protection And. Putting, out spot. Fires but they don't have a holistic. Approach to fixing, these issues. And. Simply throwing money at it doesn't actually solve the problem either and it's. Time to rethink your endpoint strategy, and this, is something that Google, Chrome Enterprise, is. Available. For you to rethink, that right so let's. Talk about Chrome OS it's, built with, security by design it. Was built like that when the platform originally started and isn't. Like your traditional endpoint, where usually you're layering on third-party, software to, protect it it's. A completely different mindset a completely, different mind your thinking on how to protect your endpoint. Trusted. Applications, is an way to increase. Your. Security. In your environment and decrease vulnerabilities, by only, publishing. Secured. Applications, and applications, that are approved by the organization, you reduce, the threat to your business by. Having unknown, applications, in your environment and finally. Protection, against current threats and this, goes back to like, most organizations, they have to update their computer systems and their software and their M points constantly, to stay protected against, these threats. To. Combat these you know we we often deploy, different, OS. Azure other embedded OS is to help with these security, factors, where. Malware and some of these other things aren't. Available. By design but, then you're still left as an administrator, still. Combating. These threats with other third party tools. So. Now, let's look how Chrome Enterprise has a completely, different approach to how you can keep your business safe Chrome. Enterprise, devices. And browser Chrome, browser are secured by design they, deter users, from falling hostage. To harmful attacks, in. The event that one does happen, Chrome Enterprise has various security tools built in to mitigate those attacks and lessen, the ability that they would have on your ear systems we, have a series of management, tools and a, multi-faceted, ecosystem, of various products, to, ensure that you stay safe within your organization, we also offer 24, by 7 support to protect you and your assets including your people your data and your customers. So. Now let's talk and go a little more in depth about the security by design about, Chrome OS and, chrome devices. So. Chrome devices are built with security from the ground up and you, can see in the representation of the of the chart here every, Chromebook, is built, with, this same principles, in mind the firmware the OS the applications, and the, data and the and the applications, being Chrome OS and other applications, you deploy in your environment so no. Matter what hardware manufacturer. You pick whether, it's an HP a Samsung an Acer or Google made Hardware like this pixel book all, these pieces are within every single Chrome device that you may purchase as a customer.
They. All work in. Together, the the, firmware the OS and the applications, and the data are all, updated through one update, through your Chrome OS update, and they work in harmony together and. Additionally. Google works very closely with the manufacturers, so there is no. So. Only the hardware works, with Chrome OS that's developed by the manufacturer, so. Finally. Let's talk about data encryption it's a very popular topic that comes up and in many traditional environments, enterprises, are left having to find third party tools to encrypt their data not only of their operating systems but of their user data as well Chrome. OS out of the box protects, any user data with, encryption on the device there. Is a trusted, platform module, which, is a tamper, proof design. That, helps protect the, user data on the devices by encrypting it as the, users are working within their session this, tamper, proof system. Was designed by Google and is, implemented, by the OEMs, and is available on every single Chrome device and. In. Fact, encryption. Is the, default on every Chrome device there is no way to have a Chrome device that is not encrypted. So. Let's talk a little bit about preventing. OS tampering, and this is another very. Unique thing that Google is able to do with chrome OS that, enhances. Its security, beyond traditional, alessa's, verified. Boot is a manner in which the, Google Hardware along with the firmware and the OS is able to check against. The known image that is made and provided by Google that is in that known stable, state as it was originally deployed. So. In this in this example here if the, OS was to be tampered with it, would not pass verify, boot when, it doesn't pass verify, boot the device is not booting and the data is not available to users and. At. That point the device you there needs to be reimage, or wiped. So. It could be restored to factory defaults. So. Let's also talk about Chrome OS and how it actually reduces. Your data footprint, Chrome. OS devices are unique in, which data is not traditionally, stored on an OS while, it does have a file system it is not traditional. Like, a traditional, file system that can be accessed by applications, and users the, file, system is a lockdown and is not accessible and is. Not accessible by the application, so it really reduces the, attack vector that, malicious. Applications, would have on the device. Additionally. By reducing, the actual data the user data in your company data on the device if the device is lost you, can be assured that company, data isn't on the device because the data is used in the cloud and is not stored locally on the device but. We can also know. That, that. That. If, device if data, is stored on the device it is an encrypted, partition in the user partition, and finally, a feature that's very popular in Chrome OS is what's called a ephemeral mode which means every time the user enters, and exits ur session any local data and encash data is wiped, every single time so they have a clean user session, and no data is left behind there's no data footprint. So. Regularly, patching, an update is a very common administrative tasks. Of computer systems and Chrome has a unique. Update. Method for, its Chrome devices so. Every six weeks Google, produces, a new version of Chrome OS and it is available for Chrome OS devices, to be updated too it, is in best practice, to keep your Chrome OS up-to-date, using automatic updates, and. Additionally. Security, patches are delivered every two to three weeks as well.
We. Offer what's known as dev beta, and stable channel to our customers, so they can actually be testing, the Chrome OS software ahead. Of its actual release to stable branch this, gives security organizations. IT administrators. An application, owners the ability to test their applications, before. It's launched. To stable so if there are security issues that need to be mitigated with an application, an IT team is able to discover those early on before. Chrome. Is updated, and. Finally. The the most unique thing about chrome law updates is how quickly they happen in the background, patching. Is really a seamless, process where, patches, happen in the background it's one patch for, your chrome OS update, and that includes your firmware your, your hardware the OS and the application, and that one, update happens in the background and there's, nothing more than a six second reboot or close of the lid and reopening, of Chrome. So. Google, also offers a lot of other services outside, of the Chromebook that also help deterred. Employee. Negligence. So. I think we all know in a corporate office there is extracurricular, internet browsing and that can introduce. Vulnerabilities. Into your environment users, clicking on phishing emails or visiting websites outside, their corporate. Allow. Lists and what. Google offers, is Google Safe Browsing Safe, Browsing prompts. Users about malicious, sites before they navigate, to them and this is the power of Google keeping, a huge, database of known websites, that are malicious or ransom in nature, and prevent users from going, to them and will prompt users if they go to them and from, the administrative, side from an enterprise management, side you have the ability to block users going to them and this is a Google product Google, service that you can layer on top of your your Chrome OS device to, make sure any of that extra browsing, doesn't affect your. Infrastructure. So. Now let's talk about some of the various application, stores that Google manages to keep malicious, apps off your devices, and can. Present users, with different aspects, and features of Chrome. So. There's many different types of applications, that you can deploy on Chrome OS on Chrome. OS you can use our Google Play Store this is the Android Market that you're very similar to using on your Android device and, you can deploy Android, applications, to your Chrome OS device you. Can also access the, Chrome browser which. Is a popular, way to access, web applications. Finally. The Chrome Web Store, these are extensions, that you can install onto your Chrome browser, and. Your Chrome OS device and most, recently is running native Linux applications. Linux. Can run within a container on your Chrome OS device and, you can deploy Linux applications, to them. So. Let's talk about Sam boxing, Sam, boxing, is something that is very unique to Google Chrome and to, Chrome OS that. Is it heart of its security model. Sam. Boxing is the concept, that all browser tabs, applications. And and web. Apps that you deploy to your devices. Are contained. Within themselves, and they do not have access to the OS and to other applications, this. Is a model, that makes sure that your applications, cannot access your OS cannot actually share data and applications, cannot cross, talk to one another and site. Isolate, on, top of this keeps all the processes, within each browser tab separate, part. Of this methodology is, what, keeps your Chrome OS device so secure that even if you do hit a malicious, site, that it only stays within that one sandbox, and is not able to affect other areas of, your chrome device. The. Chrome Web Store is a very popular. Chrome. Marketplace. Where you can download extensions. And get. Various. Applications. To deploy to your users from, an enterprise management, side you can push those applications, out to your users and users, also have the ability to manually install them. Chrome. Web Store applications. Also have permissions, that they that, they will affect, on your Chrome device and as an administrator you have the ability to block permissions. So certain applications, cannot access certain areas. Of your Chrome device such as maybe block in a USB port and, finally. Other chrome, security, measures have been in place to, disable the inline, extent, the install of extension, so extensions.
Can Only be installed from Google's Chrome Web Store where. Machine. Learning and artificial, intelligence is, used to, ensure those applications, deploy do not contain any malware. So. Management of Chrome devices, is a very, popular, method to managing. The. Various policies on your device there's, over 200 policies available in the console, and. At. This time some of the blacklisting, and white listing of extensions, and applications are widely used by enterprises, to pick and choose applications. That they deploy in their environment, whether it be to users or to devices you. Also have the ability to blacklist. URLs. And prevent. Users from accessing, sites, that you, have forbidden, as an organization, and, finally. The password alert policy, is something, that you can employ to, ensure, that your users don't use their corporate, password in non corporate. Authorized. Websites, so, this can ensure that, your. Their corporate owned passwords, do, not become fished or utilized in other areas, outside. Of the corporate environment. So. Android apps on Chromebooks is, an. Ever-growing. To, deploy applications in, your on your chrome devices play. Protect, is a, is a a. A. Proprietary. Way that Google inspects. The, applications, within the Android Market and it scans and removes, applications. Every, single day from the marketplace. Ensuring. That you're only deploying, known. Good. Applications, to your environment. Additionally. As an enterprise feature, as an administrator, you can build a curated, list of applications, that your users can then choose to install and as an administrator you can on also. Choose to deny applications. As well that, shouldn't be installed and, finally, each, individual, application may. Also have individual. Specific app policies, that you can apply to that application as well whether it be configuration. Or security, settings of the app itself. Now. Let's go over some. Protection. Against current threats and how. We can keep our users and our data safe and secure. So. Phishing. Is a very common, attack vector currently. And phishing. Is the concept, that an email is sent to a user that looks legitimate and is, ultimately, getting them to click. To. Proceed. To another website or application or, to download software. But. It is not what the user is actually expecting, it. Is malicious software and. Is ultimately trying, to either export rate their data or gain. Access to their systems so, Google. Safe Browsing is, one method you can use to protect yourself against, these threats and at. Google we use what's called a security keys but essentially a second form factor for your identity can be another popular method to. Protect your users from phishing so even if they do willingly. Give out their password, the, the attacker won't have the second form factor available, and, finally. If the attack prevails implementing. The password alert policy, so, both, users and administrators can, be aware that a, corporate password has been used on a site that isn't owned. Or corporately managed. So. Ransomware. Is a little bit different it's designed, to block access to a computer, system. Until. Some of money is paid or. Negotiations. Have been required to gain access back to your system, to, recover your data, the. Chrome Bach the Chromebook data model is completely different, and. Is is really. Low on device data footprint, meaning there's, no data on a Chromebook really, to, hold ransom, because the data isn't on the device, the. Chrome OS is a read-only, operating. System meaning that you can't install software to, affect the OS to. Infect it or install software that may do this and. Finally. If ransomware, did exist for for Chromebooks the, verified. Boot method, would ensure that it. Was not able to be infected, and would would not, pass verified, boot methods, and. Finally. Is. Chromebooks. Don't run traditional Windows operating systems, and executables, making them there. For a inhospitable. Place, to operate within. The ransomware environment. So. Other common, attack vectors are malicious, applications. And these. Are to be applications, that, ultimately. Look to exfiltrate. Data from, your environment or from your users and. Permission. Based block blocking. Is a popular, method to ensure that these applications, don't have access to your data so, whether it's blocking or you are access to URLs or blocking access to portions.
Of The, USB. Ports and things of that nature you're, able to to, block lists or black permissions. To, applications. As well and manage. Google Play also. Then lets you just curate, that list of applications, for your users so your users aren't using applications, that haven't been, approved. For by IT, and. Finally if, attacks. Do happen remember, we have the sandbox environment. So any attack only happens, within that contained, sandbox, or application, environment, and doesn't, affect the OS and other applications, running on your Chrome OS device. So. This is a very common question we get from enterprises, is their new into into, Chrome OS is why, Chromebooks, don't require antivirus. Or malware software, so. One is really again as is Chrome OS was designed from the ground but as a secure, operating system it is a read-only operating, system and applications. Cannot be installed and they cannot modify the OS. Therefore. Limiting the ability of what antivirus, software would be able to check for. Sandboxing. Isolates. Applications. So they can only attack, within their own controlled. Environment, it. Goes a little bit further that antivirus, software typically wants to be able to scan entire systems, and Chrome OS is not a scannable system, nor would have access to scan its other applications. Verified. Boot is typically. Another. Method to prevent or tampering. Of devices, and if a device is tampered with it won't be bootable and. The. User would have to wipe the device in. Order to regain access to it I'm. Wiping any data along with it and finally. Is, there, is the. Ability as an administrator, to. Curate. And manage your controlled, list of extensions and apps to your chrome devices, further, limiting the attack vector and, the applications, that will run in your environment so. Why. Are Chromebook. Updates. So effective, I'd. Like to say it's because one update does so many things the. Chrome update is very unique in the ability that it updates your firmware your operating, system and your application, with one update there's. Not separate. Updates for patching applications, or, patching OS and patching firmware. The. Update, happens in the background it, is seamless to the user and it is a six second reboot in fact. In many cases users, don't realize they've been updated, and. Finally. There. Are ways of managing the updates through, the, administrative. Console, so you can selectively, choose when, updates, are delivered to your users and what. Devices receive the updates. So. Chromebooks. Are really a trusted. Business. Laptop. In environments. Right to keeping, enterprises. Data secure, as. They move to the cloud and. I'm going to be going over a couple of customers. That are using Chrome in their, environment, today, so. Let's, talk about duo, security duo. Security is a. Digital company. Focused. On digital security and trust compliance. And. They were looking for a solution for. Managing. Their. Data and ensuring that it's secure. No. Matter where, the device is being used or, where the device is deployed, so. The. The real solution, that they were they, were after is that it's secure by design that they did not have to layer on third-party software in. Order to manage their devices and they, also were able to get a premium device experience. Using Google pixel hardware. So. It offers them in, their words it offered a more effective endpoint, control and security the. Extensions. And the the webstore offered, a wide array of applications, and services that they could deploy and manage and, they. Also mentioned, that their premium devices such as the Google pixel, is rival.
Over Other competitors, devices. And. Again suitable, for both public facing and internal, use cases. So. Charles Schwab is another Adam. Prize that uses Chromebooks, in, addition. To Chrome OS customer, they are a highly regulated environment. And a very security, minded. Industry. And one, of the reasons that they've chose the platform, is, the. Settings, that it afforded to their administrators, in order to manage the devices Chrome. OS devices, and chrome management is a much more simplistic way of managing, endpoint. Devices than. Traditional, os's it gives your administrators, more time and freedom to do work that has higher value than managing endpoints. And. Of, course you can always learn more by going to cloud.google.com. Comm. Slash, Chrome enterprise, security and, learn, more about Chrome enterprise and. I. Want to thank everyone for their time and if you'll just please stay tuned we're, gonna be going over the live Q&A, questions, in just a moment. You. Hi. Everyone this is Jeff Checotah, and I'm, back with cloud on air and we're gonna be going over some customer, questions that we've gotten from our live audience. So. Let. Me read the first question back and then all and then I'll go into answering it so we have a question that says how, can customers, manage their updates, for, their fleet of chrome devices. Chromebooks. Can be managed through the Chrome Enterprise administrative. Console and Google. Updates can be managed through that console, you're able to organize your devices into a series of oh use where, you from there you're able to set policies, that control the updates including. When. If you want choose to have Auto updates or choose to not have auto updates at Google we call that pinning. It. Is best practice to remain on auto updates obviously, for best security reasons and application, performance but as an administrator you do have the ability to pause those updates as well there's, also a number of other settings that allow you to stagger the updates and also, control, as we mentioned the dev beta and stable Channel as well out to your fleet so there's lots of options to controlling, those updates out to your environment.
Let. Me go to question number two. Are. The, security, benefits mentioned, in this deck available on all chrome devices with. All manufacturers. It's a great question so, Chrome. OS is, is, an. Operating system made, by Google that, is placed on manufacturer. Hardware the, manufacturer. Hardware is negotiated. With Google, and contains. All, the proprietary, components like we mentioned the TPM module met tamper proof resistant, firmware, inside, of every single Chrome device so whether you pick a Chromebook. Or a chrome box or other chrome form factors, and, and. Hardware. Independent, whether it is Google made Hardware by another major OAM they, all contain, those same underlying security. Benefits, that. You receive and the operating system is authored. By Google for all those same devices. So. We have another question here this. Question is asking about G suite so G suite is a popular, series of applications including, email. Docs sheets and, calendar. So. It says do I need to be a G suite customer, to all the benefits of Chrome Enterprise I would. Know, you do not need to be a G suite customer to get the benefits of Chrome enterprises, we have lots of enterprises, that are on traditional. Productivity. Applications and are not G suite customers, and are very successful using Chrome OS variable. To deploy their applications. Through. The cloud console, and manage, them in, just. A similar, manner but simpler than their traditional Windows devices and their. Applications. Can. Also be deployed virtually. Right if there are dependencies. On Windows applications, and. That. Goes into our next question asking. How will we run PC, applications, on a Chromebook so. PC applications, or executable, applications, exe s do not run natively on a Chromebook. What. Organizations. Typically do is virtualize. Applications, and deliver them to their Chromebook so, many there's many popular, virtualization, platforms, Google, has partnerships, with Citrix, and VMware to. Deliver those virtual, applications. Onto your Chromebook, but. We work with many other. Virtualization. Platforms. That are deployed on the Chromebook as well. So. Let me go on to our next question, so what are common applications, customers, deploy to their end users. This. Is a very good question also very broad but, there's a series, of applications that, I'd say are very common, to deploy within on a Chromebook some. Of the most popular applications I think are ones that organizations. Use daily such as video. Conferencing, and teleconferencing. Systems, such, as web bags and zoom and Google Hangouts but. Other applications, such as Android. Applications, are also very popular to deploy including. Products. By Cisco and, Palo Alto and other networking applications, that they may use and other productivity, software, such as Microsoft Office, as well as Google, Google, G suite and. Again. All those applications, can be deployed through the management console and are deployed through the cloud console, and they're pushed to the devices. So. Let me so, we have another question here, this is a little more security oriented, about, can, we explain a little bit more about what a ephemeral mode is so, we mentioned in the deck about a unique, feature security feature called a femoral mode a thermal, mode is unique to Chrome OS and it, gives it the ability that every time we user enters, and exits our session that, all the local data within their profile, is wiped so, whether it's downloaded, content that they've put in their downloads folder.
Cache. Data, passwords. Anything that may have been saved during their user session, is white. On the. On the exit of their session and every new session created is a blank. Profile, and no data is stored, or captured, and is wiped. Clean every time this is as we referred to back in the deck keeping, a low data footprint, so it's a very popular method for organizations, to employ a ephemeral mode because, if they can be ensured that there is no data left behind on the device, and. Our. Last question here is a little bit on networking and security tools, what. Networking, and security tools are available for Chromebooks. Most. Of the major manufacturers. Of networking applications. Provide. Applications. At both in the webstore the Chrome Web Store and on the Android Market for networking. Applications, so whether it's VPN, applications, or, proxy. Applications. Most. Of the major manufacturers, are available, within the Google, Web, Store and on the Android Play Store I'd say the more popular, ones are obviously Cisco and Palo Alto but. Many others exist from the other network providers, as well. So. I, think that wraps up our questions that we've gotten from our audience I just. Want to thank everyone for tuning in and to please visit cloud on-air to discover more content, from Google cloud experts thank. You very much. You. You.