Securing remote workers with Google and Chrome Enterprise
Hi everyone. My name is chester, louis. And i'm the head of customer engineering. For america's. On the chrome enterprise, team here at google. For today's session, we're going to start off by talking, about the current landscape. And how remote working. Has created, new security, challenges, for it departments. We'll also discuss, what it, needs for a full stack. Of securing, solutions. For remote workers. We're also going to walk through many of google's product offerings that can help it administrators. Deliver a secure. Remote, working experience. Please feel free, to ask any questions, in our live q a. And please remember to fill out the session survey, after the presentation. We would love to get your feedback. So with that. Let's go ahead, and actually get started. So on march 17th. Earlier this year, gartner, ran a study, with 800. Hr, executives. To ask about how coved. Has actually impacted, their actual business. They found out that 88. Of organizations. Have asked their employees, to work remotely. 97. Of the organizations. Have cancelled, work related travel. However. Only, 10 percent, of the organizations. Plan to reduce, working hours. For us. This shows that despite. The prevalence of coronavirus. Across, the world. Business, demands, require that work, must, go on. Embracing. Remote work, is a requirement. To meet these actual demands. So let's take a look so despite the need for remote, working solutions. Driving, an actual remote working strategy, has created a massive, security, challenge for it departments. This includes taking aim at protecting. Corporate data, without, physical access, to the actual device. User, or network. This changing dynamic. Is emboldening. Criminals. Cyber criminals specifically. To deploy, new types, of attack variants. Recently. Gartner. Reported, a new attack variant. Targeting, business users, with fake, coronavirus. Themed emails. These phishing attacks are designed to trick employees, into opening attachments, that contain, health. Precautions, for combating, the spread of the actual virus. When the user downloads, these attachments. Malicious, software infects, the end user devices. And they have the potential, to compromise, the entire, network. This is only an example, of the types of attacks, hackers are leveraging, at this time. But it also shows the need to provide, remote workers with tools to help protect from these. Growing, and prevalent. Attacks. And, despite, these new security, challenges. Businesses, are looking to reduce, costs. Much of the cost reduction, companies are looking for. Come from a more efficient, use, of technology. The gartner hr survey, we mentioned earlier found that 70, percent. Of organizations. Plan to cut costs through a more, use of. Technology. So what have we actually learned thus far. We've learned that remote working. Is a necessity. To keep businesses, up and running. This has created security, challenges, especially for it departments. This is all, at a time when there is actually increased, pressure on organizations. To reduce, technology, costs. While securing your, actual remote workers, with reduced, budgets. During a crisis. Might seem. Nearly impossible. There is actual light at the end of the tunnel. A full stack approach to securing your business can ensure employees have access, they need, while limiting, the risk of an actual attack. So what should an organization, that's embracing. Secure. Remote, work consider. While deploying. To keep their business safe. We've come up with four areas, to focus on the first is. How to actually secure, endpoints. The second. Is actually securing. Users. And, what protective, things we've identified. To help mitigate. Phishing, risks. The third. Cloud-based, management. This includes. Full control. Of your devices. As well as your browser, for the entire fleet. And the fourth and last. Is zero, trust, access. Essentially, accessing, internal, services, without the need for a vpn. So with that. Google offers, both, chrome enterprise. And. A full stack approach, to keeping your businesses, secure. Which can become a reality, with chromebooks. Chrome enterprise, upgrade. Chrome browser, cloud management. And beyond, corp remote access. For the rest of this session. We're going to review these actual solutions. And how they provide. The secure endpoints. User, protections. Cloud-based, management. And zero trusts, access. Needed. For securing, remote workers. We'll also share some of the recommended, settings that it admins can use, to manage, their, remote. Workforce. First let's talk about securing, endpoints. And this is where. You know we actually, can offer the ability. For hardened devices, that can reduce, the risk of malware. So how do we do that. If you take a look here, on this slide.
Each Layer, of the chromebook. Works together, to provide, innovative, security, benefits. First off, chromebooks. Are fundamentally. Different. Chrome devices, are designed, from inception, to be fundamentally, different and they're not created, by simply dropping. An os, on a generic, commoditized. Motherboard. Devices, are designed, in close partnership, with oem, partners. Regardless, of which oem, manufactures. The actual device such as, hp. Dell. Samsung. Asus. Etc. They all, build, to design. Based on architects. Architecture, by google, with specific, hardware, components, that are engineered, to work in synchrony. With the operating system, and vice versa. Each layer of the machine that you're using. Works in conjunction, with one another. In a way that provides, an innovatively. Secure environment. With uniquely. Differentiated. Benefits. Over, legacy, systems. To start. Here's a big differentiator. Chromebooks. Regardless, of manufacturer. Or model. Come with titan, c. Titan c is a security, chip built into the hardware. That works with chrome os to ensure the integrity, of the operating system. Firmware. And it also protects, users from brute force attacks. It is the security, chip, that is at the core of many of the chromebooks, security, features. Chromebooks, come with this built-in, titan, c security, chip, and it's designed by google. To keep your data secure, and to also protect, your identity. By the way it requires. No setup. Titan c, works right out of the box, requires, no configuration. Or any software, installation. Google, regularly, updates the chip firmware. So that your chromebook. Always, stays, protected. Even from the most, recent threats. So unlike other systems. Third-party, antivirus, software, is not needed, to protect chromebooks. And notify it admins, of threats within their infrastructure. You might ask, why is this. Chromebooks. First off are designed, to be, read, only. This means that installed, applications, such as android apps progressive, web apps chrome extensions. All cannot.
Modify. The operating, system. This also applies, to traditional, forms of. Malware, as chromebooks, cannot, run, executable, files of any kind. Sandboxing. Offers the ability to isolate and attack, to a limited, surface. Chrome browser. Has long. Used, sandboxes. To contain, threats to a single, tab, and can contain, a single process. With site isolation. Together, sandboxing. And site isolation, help limit the scope. Of a potential, exploit. Lastly, verified, boot. Verified, boot prevents, the boot up of an os that's been tampered with. At device, boot up. Every chromebook, offers verified, boot which runs its process, to ensure that the os. Firmware. And other components, of the device, are running code that's authentic. And distributed. From google. Chrome devices, have a second version of the operating system on the device. And will attempt to run that version. This is all done, without any user, intervention. Because the threat landscape, is very dynamic. Continually. Evolving, and changing. It's imperative, that the security, positioning, of your os keep space. Which is why it's critical to keep machines in your fleet as current as possible. So we recommend, obviously. Os updates, on chromebooks. First off they're designed, to avoid user intervention. Downtime. And ensures that the device has all recent updates without, minimal effort if any. Necessary. From the end user. And as discussed earlier, chromebooks, have two versions of the os on every device. While the end user continues, to work on their machine, the dormant. Chrome os copy, updates. Ensures. That the update directly, from google is downloaded. Onto the device, without, any user interruption. And all you have to do in order to apply, updates. Is reboot. Which essentially. Takes, a matter of seconds, to complete. So first let's start off with user protections, here, these are services, that help users identify, phishing. Risks. Even with a secure endpoint, that reduces, the risk of malware. Increases, the likelihood, of updates, and more users, still run the risk of falling hostage. To phishing attacks. Like the fake coronavirus. Themed emails mentioned earlier. They can also be victims of a third party data breach. Or actually, even social engineering, attacks.
Where Personal information. And passwords, are made available to hackers. Sometimes, at no fault, of their own. Chrome browser. Is built with services, powered by google. That deter. End users from clicking on those emails. And identify, the end user, when a, user's passwords, needs. To have to be actually, changed. When you look at google's safe browsing service. We currently examine, billions. Of urls. This includes software and content, on pages, in its actual search, to check for unsafe, websites. Every day. Safe browsing, discovers. Thousands, of new unsafe, websites. Many of these are legitimate, websites, that have been compromised. By hackers. Google safe browsing, is openly available. On the web to third-party, developers, and protects. Half of all internet, traffic. When our systems. Have identified, a site as potentially, harmful. Safe browsing, triggers a warning to users, these warnings, are designed to prevent users from visiting harmful sites. And help them stay, safe, online. Safe browsing alerts. Webmasters. When their sites have been hacked and provides, information to help clean up the problem. Every time we add an unsafe, site to list we notify, the webmaster, through the search. Console. We actually detail the steps to recover, from an infection, and give webmasters. Examples, of the specific, code that has been injected, into their actual. Website. So how do we identify, compromised, passwords, across the web. We have a new feature called password, checkup. Check. An actual user, save passwords, if they've been leaked and compromised, in breaches. Google has embedded, this. Checkup, directly, into, your actual google account. It'll tell you whether your passwords, have been compromised, on other sites or services. Warn against. Phrases, that have been reused, and. Prompted, for weaker passwords, to be strengthened. Services, like lastpass. Already offer similar, tools. But google, is making them easily, accessible. At. Passwords.google.com. Next we'll talk about cloud-based. Management. This enables you to manage, your entire, fleet. Whether it's devices. Or browser. When supporting, a deployment, of remote workers. It's important, to have the right administrative. Tools. In place that help keep employees, more secure. The google admin console, has tons of features for managing chrome devices. In chrome browser. That provide it with net with the actual needed tools and information. Some of this includes. User, browser. And device policies, in fact we have hundreds of policies, for it admins to curate. And to customize, the experience, for their fleet. You can search and filter for just about anything, the google admin console, is quick. And you can search for policies, whether it's related to a device or user whatever you're looking for. You can easily deploy extensions. Pwas. Which are known as progressive, web apps and even android apps. The google admin console, has a unified, application, deployment, experience. Where it admins can set white lists blacklists, and even force. Custom, installs. Learn more about your fleet, with device reporting. So you can actually search for devices, in the actual google admin console. Which shares, a lot of information, about the device, in the fleet. This information, can even be exported, into a csv, file for data analysis. The google admin console is a key tool for it admins, to enhance. The security, of their chrome device, and chrome browser, fleets. In the following slides, we'll walk through some examples. Of policies, that are recommended, for it administrators, deploying, to remote, workers. The google admin console provides it admins, with lost and stolen, preventions. Capability. In the case that a user loses their device. Or it gets stolen. It, admins, can disable the device so that it cannot be used by someone who might randomly, pick it up. The google admin console also allows, it admins to. Publish, return instructions. On the screen of the actual device. All of this is set through it, policies, which are available in the admin console. You can customize, the message that you like to type. In the event that the device is lost or stolen. These settings, here ensure that the device cannot be broken into.
And Also prevents, the person. Who picks up the device from being able to access, any, corporate data. On the actual device once it's disabled. Part of the challenge with managing remote, workers, is that their workspace, surroundings, can be unknown. Part of the job of an i.t admin, is to prevent, unauthorized. Access to corporate devices, to reduce the risk of data theft. In this slide, we'll show you how, an it admin can, restrict, signing, into a device, to a specific, list of users. On the left side, the i t admin can type, in a list of accounts that are allowed to have access. If the user is not authorized, to login, to the account. They'll get a prompt as shown on the right side. And. Which actually depicts, that they are not authorized, to actually use this device. To ensure, the most secure experience. It's important, that the end users update their os on their devices. On chromebooks. Os updates download in the background, without. Interrupting, end users. To get the os. Into, use, the end user needs to reboot the actual device. While this takes the you know a matter of only seconds, sometimes, end users need a gentle reminder. To actually reboot their actual device. I'm happy to announce in the most recent version of chrome os milestone, 83. We've launched the ability for an it admin to set a new, notification. For an end user that, reminds, end users to reboot. The device within a defined, period of time. Once the update has been downloaded. On the left side, the it admin can set the policy. To show the notification. Along with a period of time and the end user has to reboot the actual device. On the right side you can see what that notification. Looks like for an end user. Chrome browser cloud management, lets, admins, manage their enterprise, browser deployments, across windows. Mac, linux and chrome os, all from a single console. This includes setting browser policies, with only a few clicks. Like password. Alert policy. And by the way studies have shown that over 52, percent, of enterprise, users reuse their corporate passwords, on personal sites. The password, alert feature, in chrome, keeps your organization, secure by stopping. Employees, from reusing, their core passwords, on non-corp, websites. When an employee reuses, their core password, on a non-white. Listed website. Password, alert will tell, the actual user that this is against the corporate policy. And ask them to change their password. What is xero trust. I mentioned this earlier this is essentially how to access, internal services, without the need, for an actual vpn. Traditionally. To get access to internal, sites. Users. Are required, to be, either in the office, or to actually use a vpn, service that routes traffic within the business perimeter. However. Being at the office, isn't an option for remote workers. And with more businesses. Being done through sas applications. Much of the data that you're working with, is stored, out of the actual. Perimeter. Which could force some security, challenges. To solve these issues. Companies, are adopting. Zero trust, access models. That take aim to never trust devices. But in instead. Verify, that they meet the requirements. To access. Certain applications. The core tenants for xero trust include. Connecting, from a particular, network that does not determine, which service, a user can access. Access, to services, is granted based on, what the infrastructure. Knows about a user, and their device. Access, to services. Must be authenticated. Authorized. Encrypted. For every request. Beyondcorp, remote access. Is a new sas solution, that enables responsive. And easy to use access to internal web apps, for employees. And the extended, workforce. From virtually, any device, anywhere, using a web browser without, a traditional, vpn. This includes a fast, deployment. You can rapidly, accelerate, and scale, the actual delivery, remote access to internal web apps.
With A highly, available, and reliable, cloud service. You can deploy, the sas application. In days versus, months. Which takes. You know a long time to do this with traditional. Remote, access solutions, like vpns. You also gain simpler, access to apps. You enable users to access your applications, hosted in the cloud and on-premise, from virtually, any device, anywhere. Through an actual web browser. You make your apps more responsive, and accessible, around the planet. With google's, private global, network. This offers lower cost right simply. Lower tco. By offloading, infrastructure. Tasks, to the cloud. And simplifying. Licensing, with pay as you go pricing. You're offered more control. And peace of mind. Which in essence increases, the security, posture, of your organization, by implementing, a modern. Zero, trust, security, model, that helps to ensure, only authorized, users from authorized. And trusted devices, can access, a specific, set of apps. If you'd like to learn more about how to deploy beyond corporate remote access to your business. Check out the deployment, guide at the link, below. So what is a full stack solution, for securing, remote, workers. It's actually beyond, corp remote, access, plus, chrome enterprise. This includes chromebooks. Which we highlighted, which are designed to reduce the impact of malware, and phishing attacks. And ensure that they are always up to date with the most security. Most recent. Security, patches. You couple that with chrome enterprise, upgrade, which is, essentially. Ensuring that policies, are set to make sure your device fleet. Is on the most recent version of chrome os, and it can be disabled, if the device is lost. And can also be. Accessible, to only folks. That have the necessary, access that are nested that are needed within your fleet. With beyondcorp. Remote access, in chrome, enterprise. Google offers a full stack solution that keeps remote workers secure. Beyondcorp, remote access. Allows it admins, to set rules that limit access to internal, intranet, sites for instance to just, chromebooks. Lastly, with beyondcorp, remote access customers, can ask google.
To Attest. That for example, a chromebook, is attempting, to log into a service, and has one. In unmodified. Os. And two. Is managed, or enrolled, with chrome enterprise, upgrade. Currently this feature is only available for chrome devices. And cannot be done with windows, or mac. And as we close out this first session, we want to make sure that you know how to get started and get more information, about. Chrome enterprise, platform, and solutions, that can help. First, you can start a free trial of chrome enterprise, if you already have chromebooks. This allows you to access, the google management, console. And enroll up to 10 devices, configure, settings. And apply, policies, to users and devices. Second. We have compiled, a list of resources. In a remote, work toolkit. These resources. Have how-to, guides and videos that can help you quickly deploy chromebooks, to your remote workforce. Lastly, you can contact, our sales team to get more information. Or get connected, with the reseller. To purchase, devices. On behalf, of the chrome, enterprise, team here, at google. We wish you all safety, and good health over the coming weeks and beyond. Thank you again for joining us. Today.
2020-09-22 13:37
