Turning Threat Protection into Security Control with Chrome OS

Matt Stevens
September 17, 2021

1. Be cloud first

2. Sandbox everything

3. Default to encryption

4. Always up to date

5. Teach users in real time

6. Tamper-proof the OS

In this blog, Matt Stevens, Chrome Enterprise Lead at Google explains how Chrome OS and Chrome Browser are secure by design—embedding security into every workflow to provide proactive protection for users, devices, applications, and data, wherever work happens. This is cloud-first security control in the hands of the modern businesses that will thrive moving forward.


With the dramatic increase in distributed workforces and the growing adoption of cloud applications, companies face unprecedented levels of IP, data, and identity sprawl beyond the enterprise firewall. Every endpoint is an entry into your business, cybercriminals have more ways to break in than ever before, and human error on the inside is a constant risk.

Historically, endpoint security has been a zero-sum game—with the odds inevitably stacked against IT. But rather than protect devices, what if you could just control the security of them? 

The world of work has shifted and as our homes have become the workplace for many people, there will, at some point, be a shift back to the office but not at the degree we have seen historically. The new distributed & remote workplace means people will be looking to access tools and services from almost anywhere. The requirement is now, how do we protect that. We need to look at how the technology has evolved from a security standpoint which has brought about great change in 2020.

Many public sector organisations, from a security and threat detection perspective, have evolved incredibly quickly, what they were looking to implement in 4-5 years time, they have managed in just 10 months.

89% of companies anticipate that many to most of their workers will work from home even as the world reopens (U.S Remote Work Survey, PWC, 2020)

78% of IT decision makers aim to provide all employees with cloud-based access to business applications within the next two years (Forrester, 2019)

80% of endpoint attacks in 2019 were new or unknown zero-day attacks (Forrester, 2020)

41% of data breaches from 2005-2015 were from lost devices (Cost of Data Breach Report, IBM & Ponemon, 2020)

87% of computer users simply ignore security warnings (Insider Data Breach Survey, Egress & Opinion Matters, 2020)

To change the rules of the game, be proactive, and turn a defensive strategy into an offensive strategy, here are 6 clear steps:

1. Be cloud first

By removing the endpoint from the equation, you can get to the position where any devices which are lost or stolen, the end user can continue working. Having information assets stored in the cloud also greatly reduces or entirely removes the susceptibility of compromising both personal or corporate data on a device and ransomware.

Cyber 2020 - Google Seminar.

 

2. Sandbox everything

Sandboxing can contain threats to an individual tab within a browser session. Ensuring all applications & all OS process are kept separate from each other, meaning that no application can view, edit, save, or distribute any data from another application within that user’s session. This isolation of processes limits the scope of an attack, resulting in powerful protections.

Cyber 2020 - Google - Sandbox Everything

 

3. Default to encryption

Encryption methods are bolstered by sandboxing. The sandboxing principles apply between users on the device while every user has their data and settings within an encrypted partition, making it safer to share loaner devices with temporary workers.

Cyber - Google - Default to Encryption

 

4. Always up to date

Chrome OS updates are available every 6 weeks, complemented by security patches every 2 weeks. In case of high-level threats, updates can be provided between 24 – 48 hours. Google Chrome Enterprise works on a test forward rather than roll-back model.

Cyber - Google - Always up to Date

 

5. Teach users in real time

There are numerous elements within the platform that ensure an organisations security while protecting the end-user. Safety precautions are baked in using artificial intelligence and machine learning and will warn users when attempting to navigate to dangerous sites or download malicious files.

Cyber - Google - Teach users in real time

 

6. Tamper-proof the OS

The operating system, Chrome OS, has various protections throughout the stack and built very differently to other systems on the market. Even before the device has started up you can validate that your corporate data is secure.

Cyber - Google - Tamper-proof the OS

 

It’s time for a change, time for news rules. Let look how we can take back security control and implement a new way of working with Chrome Enterprise to improve security with huge commercial and operational resource benefits.