Author Archives: David Karam

Keeping cloud entry points secure with Google Chrome Enterprise

When we introduced Chrome Enterprise last August, our aim was to provide a single solution that connected employees while giving admins the flexibility and control they needed to keep their businesses protected. Since then, security has only become more of a priority for enterprises. In fact, last year alone, 98% of businesses were affected by malware, and employee endpoints—like laptops, tablets, and smartphones—were increasingly the target of attacks.

Enterprise IT admins know this all too well. With hardware, firmware, browsers, apps and networks to protect, admins now face more risks than ever, while managing more devices than ever. We built our Chrome Enterprise ecosystem with this complex landscape in mind, and today we’re adding new enhancements and partnerships as we continue to make Chrome Enterprise the most secure endpoint solution for businesses in the cloud.

Here’s a look at how these updates can help protect businesses, and their data, at every cloud access point.

Offering more ways for businesses to manage their devices from a single unified management solution

For many businesses, managing a broad range of devices within one unified endpoint management solution is a necessity. Last year, we announced our first enterprise mobility management (EMM) partnership with VMware AirWatch, the first third-party solution with the capability to manage Chrome OS. Today, we’re expanding this with four new partnerships with EMM providers, which gives IT admins the ability to manage and implement security policies across their full fleet of devices from a single place.


  • Cisco Meraki offers a comprehensive set of solutions that includes wireless, switching, security, endpoint management, and security cameras, all managed through Meraki’s web-based dashboard interface.

  • Citrix XenMobile provides device and application management for comprehensive mobile security, and pairs well with other recent Citrix integrations.

  • IBM MaaS360 with Watson delivers a cognitive approach to unified endpoint management, enabling the management of endpoints, end users and everything in between.

  • ManageEngine Mobile Device Manager Plus (a division of Zoho Corp) is a unified endpoint management console for configuring, managing and securing mobile devices, desktops and apps.

With these partnerships in place, enterprises can pick the solution that fits their business best.

Helping enterprises manage Chrome OS alongside legacy infrastructure with more Active Directory enhancements

Building on our initial integration with Active Directory last August, we’ve added a number of enhancements to help admins manage Chrome OS alongside legacy infrastructure. Administrators can now configure managed extensions directly through Group Policy Objects. Users can authenticate to Kerberos and NTLMv2 endpoints on their local network directly from Chrome OS. We’re also expanding our support for common enterprise Active Directory setups like multiple domain scenarios. And we’ve improved our existing certificate enrollment flows with Active Directory Certificate Services (ADCS).

Continuing to deepen and expand management capabilities in Chrome Browser and Chrome OS

The less time IT has to spend on mundane, manual tasks means more time to focus on business critical projects. That’s why Chrome Enterprise was designed to give IT admins the ability to grant, manage and adjust user permissions at scale, with fewer repetitive tasks. Chrome Enterprise already lets admins fine tune more than 200 security policies and grant secure, authorized employee access to online resources, and we’re continuing to add additional controls to help. In recent months, we’ve added the following controls to help admins:


  • Per-permission extension blacklisting lets admins restrict access to extensions based on the permissions required, for example, extensions that require the use of a webcam. This allows admins to now authorize an employee’s access to more extensions in the Google Chrome Web Store but maintain fine-grained admin controls across web properties.

  • Sign-ins can be disabled from an outdated OS to help administrators comply with security policies that dictate how many versions behind their users are allowed to run on.

  • Admins can ensure that only managed devices can connect to their single sign-on servers by gating that access with device-wide certificates. These certificates effectively attest to the Chrome endpoint’s managed state.

  • Newly added support for automatic forced re-enrollment will now allow a Chrome device that has been wiped or recovered to re-enroll into the corporate domain without requiring administrator credentials. This will help ensure corporate devices remain enrolled without requiring any admin intervention.

With Chrome Enterprise, our focus is not only on Chrome OS, but how businesses use Chrome Browser across all their platforms. Last December we announced a number of security enhancements for Chrome Browser with the aim to help enterprises stay safe. We’ve now added  a policy that allows IT to require users to sign-in to Chrome Browser, ensuring security policies are applied to browsing sessions across platforms. And in the coming months, we’ll be adding enterprise reporting capabilities in Chrome Browser that give IT admins access to data about installed extensions, status of configured policies, telemetry data and much more. With this information, IT can better understand security status of each endpoint under their control.

Continually managing vulnerabilities to help businesses stay protected

All of today’s announcements help admins stay on top of their organization’s security, and these features are in addition to the benefits admins already get with Chrome Enterprise.

For example, keeping hardware up to date is one of the easiest ways IT admins can keep endpoints secure, yet it can also be one of the most time-intensive tasks in an admin’s day. That’s why we built Chrome OS so that it automatically deploys security updates to ensure all devices run the latest version of Chrome OS. Chrome Browser prevents exposure to phishing and malware, and if threats are detected on third-party apps, admins can uninstall apps remotely with managed Google Play.

The proactive protection, control, and endpoint management advantages offered by Chrome Enterprise are why companies such as Sanmina Corporation are deploying Chrome across their businesses.

“As a multinational manufacturing and supply chain company that makes everything from the electronics in your car to mission critical systems for aerospace and medical products, security is of the utmost importance to us,” said Manesh Patel, CIO of Sanmina. “Deploying Chrome OS and G Suite in our facilities all over the world has allowed us to transform our workforce and collaborate securely in the cloud. It gives us peace of mind to know that our data is secure, and allows us to focus on building world-class products."

More to come

In the coming weeks there’ll be additional blog posts that offer deeper looks into what these enhancements can mean for businesses. In the meantime, you can learn more about security in Chrome Enterprise on our website.

Introducing Chrome Enterprise

Since we launched Chrome OS in 2009, our goal has been to build the simplest, fastest, and most secure operating system possible. And we’ve been inspired by all the ways we’ve seen businesses embrace Chrome, from Chromebooks in the office, to shared Chrome devices in the field, to signage and kiosks for customer engagement in retail. But with so many different business needs—not to mention so many different devices—companies have also told us they want a single, cost-effective solution that gives them the flexibility and control to keep their employees connected. That’s why today we’re announcing Chrome Enterprise.

Chrome Enterprise offers a host of features, including access to enterprise app storefronts,  deep security controls, 24/7 support, as well as integration with cloud and on-premise management tools, VMware Workspace ONE and MicrosoftⓇ Active DirectoryⓇ. We invite you to join our Chrome Enterprise webinar on August 23 to learn more and take part in our live Q&A.

Here’s a little more on what the new Chrome Enterprise license will offer.

Enterprise_License.png

On-premise infrastructure integration

Businesses not yet ready for a cloud-only solution have wanted to manage Chrome OS with the on-premise identity and management systems they’re already using. To help, Chrome Enterprise is now fully compatible with on-premise infrastructure through MicrosoftⓇ Active DirectoryⓇ. This integration allows employees to use their native credentials to authenticate across devices and Google Cloud Services like Google Play while centralizing management of user and device policies for IT admins.

We’ve also simplified our on-premise integration trials so admins can sign up and get going quickly in under two minutes with our new simple setup flows.

Unified endpoint management

We know IT admins face the challenge of managing a broad range of devices in today’s business landscape. And it’s critical to have the power to manage all devices using a single unified endpoint management solution. Which is why Chrome Enterprise now gives customers the ability to manage all their Chrome devices from a single management solution.

VMware Workspace ONE powered by VMware AirWatch will be the first third party solution provider to manage Chrome devices. Workspace ONE will provide a centralized approach to managing corporate-owned or bring-your-own device. This collaboration combines the speed, simplicity and security of Chrome with the cloud-based unified endpoint management of VMware AirWatch.

The compatibility of Chrome Enterprise with VMware Workspace ONE will enable organizations to deliver device policies using customizable assignment of groups based on geography, device platform, department, role, and more – simplifying policy enforcement across the company. Building on previously released integrations of Workspace ONE with Chrome OS, IT admins can also provide employees with access to all enterprise applications – cloud, web, native Android, virtual Windows – from a single app catalog to deliver a consistent experience to employees anywhere, anytime, on any device. Chrome device users can even access full Windows desktops and applications, helping to accelerate the adoption of Chrome devices in the enterprise.

“The consumerization of the enterprise has left IT managing multiple operating systems on a variety of devices—some provided by the business and others brought in by employees. As Chrome OS continues to gain momentum, our customers are eager to manage these devices consistently along with all other endpoints including mobile devices,” explains Sumit Dhawan, senior vice president and general manager, End-User Computing, VMware.“Using Workspace ONE, our customers will be able to securely manage the lifecycle of Chromebooks along with all their other end points giving them better security and a consistent user experience across all devices.”

More apps on more devices

Last year, we announced our plans to bring the Play Store to Chromebooks. And we’ve been working to expand its availability to more devices, including enterprise grade options from Lenovo, Asus, HP, and Samsung. Whether it’s laptops like the Acer 14, HP 13 or Lenovo 13, or mobile devices such as the Samsung Chromebook Pro or Asus Flip, enterprise apps are available to business users on a variety of Chrome devices. See the full list of 25+ devices available here along with those in the beta channel coming soon.

What we've heard from our customers

With the added capabilities Chrome Enterprise provides on top of Chrome OS, many businesses are eager to deploy Chrome further across their organizations to connect more users securely to the cloud. “At Whirlpool Corporation, we want technology to empower employees to do great things. Chrome OS has helped our organization do just that by enabling employees to be their most productive, whenever and wherever,” says Andrew Lewis, Senior Manager, Global Information Systems for Whirlpool. “Utilizing cloud-ready devices, specifically Chromebooks and G Suite, has fostered a safer, more secure, and faster user experience for both customers and employees.”

According to Ed Higgs, Interim Director of Global Service Delivery for Group IT at Rentokil: “With over 500 Chromebooks in use in our organization, Chrome now forms part of our standard offering within Rentokil Initial. Google's current Chrome OS initiatives will make the operating system of increasing value for us, and we are already finding an increasing number of use cases for Chrome devices. We've benefited from direct support from Google's product and engineering teams, that have worked closely with us to help us execute our goals."

To learn more, join our webinar on August 23. We’ll be sharing more on what Chrome Enterprise can do and answering all your questions live. To register, click here for the U.S. and Europe and here for Asia Pacific.

Introducing Chrome Enterprise

Since we launched Chrome OS in 2009, our goal has been to build the simplest, fastest, and most secure operating system possible. And we’ve been inspired by all the ways we’ve seen businesses embrace Chrome, from Chromebooks in the office, to shared Chrome devices in the field, to signage and kiosks for customer engagement in retail. But with so many different business needs—not to mention so many different devices—companies have also told us they want a single, cost-effective solution that gives them the flexibility and control to keep their employees connected. That’s why today we’re announcing Chrome Enterprise.

Chrome Enterprise offers a host of features, including access to enterprise app storefronts,  deep security controls, 24/7 support, as well as integration with cloud and on-premise management tools, VMware Workspace ONE and Microsoft Active Directory. We invite you to join our Chrome Enterprise webinar on August 23 to learn more and take part in our live Q&A.

Here’s a little more on what the new Chrome Enterprise license will offer.

Enterprise_License.png

On-premise infrastructure integration

Businesses not yet ready for a cloud-only solution have wanted to manage Chrome OS with the on-premise identity and management systems they’re already using. To help, Chrome Enterprise is now fully compatible with on-premise infrastructure through Microsoft Active Directory. This integration allows employees to use their native credentials to authenticate across devices and Google Cloud Services like Google Play while centralizing management of user and device policies for IT admins.

We’ve also simplified our on-premise integration trials so admins can sign up and get going quickly in under two minutes with our new simple setup flows.

Unified endpoint management

We know IT admins face the challenge of managing a broad range of devices in today’s business landscape. And it’s critical to have the power to manage all devices using a single unified endpoint management solution. Which is why Chrome Enterprise now gives customers the ability to manage all their Chrome devices from a single management solution.

VMware Workspace ONE powered by VMware AirWatch will be the first third party solution provider to manage Chrome devices. Workspace ONE will provide a centralized approach to managing corporate-owned or bring-your-own device. This collaboration combines the speed, simplicity and security of Chrome with the cloud-based unified endpoint management of VMware AirWatch.

The compatibility of Chrome Enterprise with VMware Workspace ONE will enable organizations to deliver device policies using customizable assignment of groups based on geography, device platform, department, role, and more – simplifying policy enforcement across the company. Building on previously released integrations of Workspace ONE with Chrome OS, IT admins can also provide employees with access to all enterprise applications – cloud, web, native Android, virtual Windows – from a single app catalog to deliver a consistent experience to employees anywhere, anytime, on any device. Chrome device users can even access full Windows desktops and applications, helping to accelerate the adoption of Chrome devices in the enterprise.

“The consumerization of the enterprise has left IT managing multiple operating systems on a variety of devices—some provided by the business and others brought in by employees. As Chrome OS continues to gain momentum, our customers are eager to manage these devices consistently along with all other endpoints including mobile devices,” explains Sumit Dhawan, senior vice president and general manager, End-User Computing, VMware.“Using Workspace ONE, our customers will be able to securely manage the lifecycle of Chromebooks along with all their other end points giving them better security and a consistent user experience across all devices.”

More apps on more devices

Last year, we announced our plans to bring the Play Store to Chromebooks. And we’ve been working to expand its availability to more devices, including enterprise grade options from Lenovo, Acer, Asus, HP, and Samsung. Whether it’s laptops like the Acer 14, HP 13 or Lenovo 13, or mobile devices such as the Samsung Chromebook Pro or Asus Flip, enterprise apps are available to business users on a variety of Chrome devices. See the full list of 25+ devices available here along with those in the beta channel coming soon.

What we've heard from our customers

With the added capabilities Chrome Enterprise provides on top of Chrome OS, many businesses are eager to deploy Chrome further across their organizations to connect more users securely to the cloud. “At Whirlpool Corporation, we want technology to empower employees to do great things. Chrome OS has helped our organization do just that by enabling employees to be their most productive, whenever and wherever,” says Andrew Lewis, Senior Manager, Global Information Systems for Whirlpool. “Utilizing cloud-ready devices, specifically Chromebooks and G Suite, has fostered a safer, more secure, and faster user experience for both customers and employees.”

According to Ed Higgs, Interim Director of Global Service Delivery for Group IT at Rentokil: “With over 500 Chromebooks in use in our organization, Chrome now forms part of our standard offering within Rentokil Initial. Google's current Chrome OS initiatives will make the operating system of increasing value for us, and we are already finding an increasing number of use cases for Chrome devices. We've benefited from direct support from Google's product and engineering teams, that have worked closely with us to help us execute our goals."

To learn more, join our webinar on August 23. We’ll be sharing more on what Chrome Enterprise can do and answering all your questions live. To register, click here for the U.S. and Europe and here for Asia Pacific.

Source: Google Cloud


How automatic Chrome OS updates bolster security with ease and simplicity

IT admins have a challenging role, charged with securing corporate assets while providing employees with tools that are fast, intuitive and accessible from anywhere. Chrome OS is designed and built with security at its core, from Trusted Platform Module (TPM) chips on all hardware, sandboxing of software, and Chrome browser security, endpoints across your organization are secure from boot to shutdown.

The multiple security layers of Chrome OS work together as part of a cohesive security approach, including automatic updates to provide protection on a recurring basis without disrupting your work. Today we’re sharing a closer look at how automatic Chrome OS software updates maintain ongoing security of the platform and devices.

Unlike most other computing platforms, Chrome OS devices always have two images of the system software on separate partitions. This approach serves two purposes. First, there’s no disruption to your work because you can keep working while the backup version is updated. Second, the next time the Chrome OS device boots, which typically takes just 6 to 10 seconds, it runs from the recently updated partition. Essentially, Chrome OS swaps between the two images. That means there’s no waiting for the updates to be applied: You can be up and running in just seconds with new software.

This not only keeps you working, but it can also reduce IT admin support costs. Instead of admins and tech support resources trying to schedule or manually push out software updates to a large number of machines, quick automatic updates happen without disruption.

Major version updates for Chrome OS are available every six weeks on average, though minor improvements are are sometimes available sooner. And important security patches can be pushed in 24 to 48 hours if required. These updates happen automatically in the background and are applied seamlessly to the backup partition. Additionally, all software updates are provided and pushed directly from Google, so there’s no third-party intermediary involved, further helping to speed the delivery of Chrome OS updates.

Chrome OS automatic updates are one of several security layers that protect your devices and data. The updates work hand in hand with the Chrome OS Verified Boot feature to ensure that the system software hasn’t been compromised; if Verified Boot detects software tampering, it forces a reboot into the backup partition of the system software.

To learn more about the benefits of automatic updates and Chrome OS security features, register and join us on June 7 for a Chrome OS Security webinar.

How automatic Chrome OS updates bolster security with ease and simplicity

IT admins have a challenging role, charged with securing corporate assets while providing employees with tools that are fast, intuitive and accessible from anywhere. Chrome OS is designed and built with security at its core, from Trusted Platform Module (TPM) chips on all hardware, sandboxing of software, and Chrome browser security, endpoints across your organization are secure from boot to shutdown.

The multiple security layers of Chrome OS work together as part of a cohesive security approach, including automatic updates to provide protection on a recurring basis without disrupting your work. Today we’re sharing a closer look at how automatic Chrome OS software updates maintain ongoing security of the platform and devices.

Unlike most other computing platforms, Chrome OS devices always have two images of the system software on separate partitions. This approach serves two purposes. First, there’s no disruption to your work because you can keep working while the backup version is updated. Second, the next time the Chrome OS device boots, which typically takes just 6 to 10 seconds, it runs from the recently updated partition. Essentially, Chrome OS swaps between the two images. That means there’s no waiting for the updates to be applied: You can be up and running in just seconds with new software.

This not only keeps you working, but it can also reduce IT admin support costs. Instead of admins and tech support resources trying to schedule or manually push out software updates to a large number of machines, quick automatic updates happen without disruption.

Major version updates for Chrome OS are available every six weeks on average, though minor improvements are are sometimes available sooner. And important security patches can be pushed in 24 to 48 hours if required. These updates happen automatically in the background and are applied seamlessly to the backup partition. Additionally, all software updates are provided and pushed directly from Google, so there’s no third-party intermediary involved, further helping to speed the delivery of Chrome OS updates.

Chrome OS automatic updates are one of several security layers that protect your devices and data. The updates work hand in hand with the Chrome OS Verified Boot feature to ensure that the system software hasn’t been compromised; if Verified Boot detects software tampering, it forces a reboot into the backup partition of the system software.

To learn more about the benefits of automatic updates and Chrome OS security features, register and join us on June 7 for a Chrome OS Security webinar.

Expanding Chromebooks for all learners

Editor’s Note: On December 3rd at our global online conference, Education on Air, we announced exciting new features that expand the use of our tools. In case you missed it, check out the recording of the Education On Air Product Keynote.

Over the past few years, we’ve seen students from all grades, backgrounds and continents achieve and create with G Suite for Education and Chromebooks. We now have Chromebooks with versatility for all learners including devices with flip and touch capabilities, super light 10” screens, and ruggedized protection for those accidental drops and spills.

As more students use Chromebooks, we’ve heard feedback from teachers that a challenge remained: even the mere act of logging in can waste too much precious learning time. So today we’re excited to announce that we’ve expanded Chromebook integrations to allow alternatives for logging in that are simple and fast.

The first integration we're announcing is with Clever Badges, which lets students log in to their Chromebooks – and all their learning software – by simply holding up a badge to a Chromebook camera. In the past two months, over 100 districts have already started using Clever Badges to log into their Chromebooks. Mrs. Kiefer, a Technology Integration Specialist with Ross Local Schools, reports, “I can't tell you enough how awesome it is to watch my learners logging in to Chromebooks with their little piece of ‘magic’...and the teacher’s face of absolute relief as to how easy it is.”

Badges are giving countless instructional minutes back to teachers, but they’re doing something more: they’re empowering students to take ownership of their own learning.

A second integration is by Netherlands-based Cloudwise with the COOL Picture Login. Students choose a series of pictures to make up their own personal password -- watch how it works. “The login enables all students to easily and safely log in to their Chromebooks. Teachers can focus on teaching,” says Rijk van Ommeren, Director of the Margrietschool in Woerden.

image02.png

COOL Picture login is just one way in which Cloudwise is making teachers’ lives easier, and it was developed in close collaboration with teachers and IT administrators. Once logged in to their Chromebook via COOL Picture Login, students see their own personalized portal page.This page includes links to the G Suite tools that their administrator has enabled for them and also to other educational platforms that are integrated via single sign on.


With new form factors, lightweight touch devices, and now easy logins, Chromebooks have expanded digital learning to all students so they can harness technology to tap into the world of information and develop critical skills to become our future scientists, novelists, leaders and explorers.