At Netpremacy, security is number 1 on our list, especially with so many companies now working remotely. We wanted to share a high-level summary of some of the security features Google Chrome offers to ensure your employees and data are kept safe.
A Chromebook is an ultra-secure computer, with little setup required, making it a great choice for remote workforces. It runs on Chrome OS with embedded security, which uses Google-powered security features to make it well-protected against malware and external threats. There is no need for antivirus software or scans as it comes with built-in malware and virus protection. This multiple protection approach means that if one layer is bypassed, others are still in effect.
Chromebooks automatically manage updates so they are always running the latest and most secure version of the OS. Feature updates are available every 6 weeks, while security patches every 2-3 weeks. This eliminates the need for direct action from administrators and they take place in the background, without downtime or interruption, so the end-user can continue to work. There are also two versions of Chrome OS on every device, so one can be used while the other gets updated.
Chromebooks are protected every time it starts up. It does a self-check called “Verified Boot”. This confirms if the operating system is authentic and unmodified. In other words, it can detect if the system has been compromised or tampered with dangerous malware. It will repair itself without any effort, and with two versions of OS, it can proceed with boot-up even if one OS has been corrupted. The Chromebook will be restored back to an operating system that’s as good as new.
The primary use case of a Chromebook is for browser-based applications and for important data to be stored in the cloud. However, there will be files and data that need to be present on the machine, like downloads, cookies, and browser cache. These data are protected because they are encrypted using tamper-resistant hardware, called the Google Security Module. This user data encryption is enabled on every Chrome device by default, which cannot be switched off, making it very difficult for anyone to access these files.
Chrome Browser uses sandboxes to contain possible threats and uses site isolation to keep all Android, Linux, and OS processes separate from each other. If a user is directed to an infected web page or application, the sandbox security feature contains the possible threat, so it can’t affect any other tabs or apps on the computer.
Protection against threats
Safe Browsing Protection
The Safe Browsing service protects users from phishing attacks, dangerous malware, and unwanted software, which can be buried in and amongst websites. Google’s servers will scan billions of URLs and the content on each web page. If it detects harmful material it will add that URL to a list of unsafe websites, and that list will be stored locally on the users’ device. This means if the user goes on an unsafe website, Google will alert them with a warning.
Every 40 seconds, a company is hit with a ransomware attack*
With limited data held on a Chromebook, there is often little which can be held at ransom. Nevertheless, there are a number of Chrome security features which minimises the risk of a ransomware attack. Similar to phishing attacks, Machine Learning works on Gmail to identify emails that contain malware, and Chrome Browser warns the user before accessing hostile sites. The built-in protection on Chrome OS also helps to stop malware from spreading across your network. If an attack should get through, Verified Boot would restore the operating system.
The above security features are designed to work together, safeguarding end-users against harmful attacks and mitigating the impact if one does slip through. The recovery mode is the final step to quickly restore the operating system if something does go wrong. You can use this option to restore the Chromebook back to its original factory state. This will wipe everything from the machine, including downloads, local files and it will remove all user accounts.
Sign up for our webinar on 27/05 as we delve into how Google Chrome is keeping businesses running securely, and to learn more about Chrome security features.
Keep up to date with product announcements, updates, and events and subscribe to our newsletter.
Preventing data loss with G-Suite & GCP
Alix Munroe, speaks about best practices to prevent data loss
For those that have ever attended any information security events, like that of InfoSec Europe or Cloud-Expo, they will understand the broadness and confusion surrounding the concept of Data Loss Prevention (DLP). It seemed at one point, every information security outlet or vendor would pitch that their solution was a silver bullet for preventing data loss. Now, in some terms, this can be correct, any solution which is helping prevent a breach provides some sort of DLP service. In this blog, I want to specifically visit the tools available with Google Cloud Platform and G Suite, and relay these to real-life scenarios or current projects you may have on your radar. I want to touch on some of the inbuilt tools within Google’s portfolio inclusive of DLP directly and access control. We’re all aware of the effectiveness of multi-layered protection, this doesn’t change when it comes to DLP, let’s secure the route into the data and secure the route back out.
Firstly, I think we’ve all been there, having attached the wrong document, or mistakenly sent the wrong email. Now imagine this being a confidential document, sensitive/ personal information or even card data! There have been cases of extraordinary accidents, for example, the HIV firm who accidentally cc’d a group of HIV positive patients instead of blind cc’ing HIV clinic fined £250 for a data breach, Believe it not, this isn’t the first time this mistake has been made, take a look at the NHS HIV mistake only one year after NHS trust fined for 56 Dean Street HIV status leak 9 May 2016. Luckily, this is where G Suite Enterprise and GCP can offer their data classification services, to ensure that the correct classification of data is sent, securing sensitive information and making sure that this information is not sent to external sources, maliciously or by a complete accident. Users are notified and/or restricted from sending data which isn’t meant to be sent – senior management can sleep a little bit better.
FYI – one often overlooked and very simple aspect of what G Suite offers to help prevent accidental data loss without the use of the DLP tools, is to retract/undo emails! Now, simple affective little tools like this can save jobs … I assure you.
Google Cloud Platform provides customers with confidence with its methods of detection for privacy-sensitive fragments in text, images, and Google Cloud Platform storage repositories. Google Cloud DLP can, therefore, define what is sensitive and ensure you are aware of where this data is and when it is moved and sent. Cloud DLP classifies this data using more than 120 predefined detectors to identify patterns, formats, and checksums, and even understands contextual clues. This service is available for GCP and Google Drive for Enterprise customers. However, Google gives you the option to purchase the API separately and an option for you to try this tool for yourself, click here.
Similarly, G Suite Enterprise essentially provides DLP for Drive and G Mail, preventing data from being exfiltrated or shared incorrectly to external parties. Google provides pre-defined content filters (global credit card numbers, passport numbers, UK drivers licence numbers etc), which are kept up to date with the latest formats, so you don’t have to worry about that. With this in mind, however, you can create your own custom filters using wordlists or regex for more business-specific sensitive data. Along with that, you can put thresholds in such as a minimum number of matches or number of unique matches to ensure you’re not flagging every single file going, this can be applied or excluded to users, using Groups or OU (organisational units), because I am sure there are different use cases for different areas of your business. You can also decide how stringent or firm you want to be on these rules, reporting only on the triggers so no impact to users, warning your users prior to sending or sharing or actually preventing them from sending (how much do you trust your users?).
Furthermore, we’ve covered some of the ways which Google (Google Cloud) DLP elements which can be extremely beneficial to organisations for those users that have already authenticated and have access to sensitive data. I thought a quick touch on how Google can control access to data in a world of BYOD, Remote Working and Cloud Services would be useful before I sign off the blog.
Usually, customers have concerns about moving to the cloud, specifically SaaS, a key worry being able to control and have visibility of who can access what, where and from what device. Some companies define DLP as any area for potential data exfiltration including; Identity & Access, device management and remote network access. Google has put this concern to bed with their Context-aware Access, anything using a google identity and will authenticate can be controlled under this solution. Based on the zero-trust security model and Google’s BeyondCorp implementation, context-aware access enables you to provide simpler access, enforce granular controls, and use a single platform for both your cloud and on-premises applications and infrastructure resources. If you are looking at a mobile device management solution for your remote workforce and have or are planning on moving to G Suite then this Google endpoint management tool could be massively useful in cost-saving, boasting the essential features: unified admin console, appl control and remote wipe.
Netpremacy are a leading Google Cloud Partner, with deep knowledge and trusted relationships across the Google Cloud portfolio, we are proud to have achieved Premier status for over a decade.
Supporting over 3,000 customers in over 30 countries Netpremacy pride ourselves on product knowledge combined with service offerings For anyone looking to delve deeper into how Google help secure your data, we are holding webinars focussing on Collaboration, Connectivity and Security. As we’re all in a similar boat right now, working remotely, trying to stay productive and sane!
Sign up to our upcoming webinar – How to keep your data secure when working remotely, to hear from some of our experts on how to best protect your data when using G Suite.
Happy to take any queries individually to see how we here at Netpremacy can support you: email@example.com or connect with me on Linkedin.
To keep up to date with product announcements, updates, and events subscribe to our newsletter.
Keeping your business secure with Google Workspace
Keeping your business data secure should be a top priority; however, in some organisations this is unfortunately not the case. Although security may seem daunting, and it can sometimes be difficult to know where to start, it should still be a major factor for any technical configuration. In this whitepaper, we cover a number of security features that every business should consider when it comes to protecting employee and company data.
- Google Workspace security
- Email Protection & authentication
- Protecting your data
- Enterprise security tools
- What can Netpremacy do to help?
To keep up to date with product announcements, updates, and events subscribe to our newsletter.