Tag Archives: Connected Workspaces

What Google Cloud, G Suite and Chrome customers need to know about the industry-wide CPU vulnerability

Last year, Google’s Project Zero security team discovered a vulnerability affecting modern microprocessors. Since then, Google engineering teams have been working to protect our customers from the vulnerability across the entire suite of Google products, including Google Cloud Platform (GCP), G Suite applications, and the Google Chrome and Chrome OS products. We also collaborated with hardware and software manufacturers across the industry to help protect their users and the broader web.

All G Suite applications have already been updated to prevent all known attack vectors. G Suite customers and users do not need to take any action to be protected from the vulnerability.

GCP has already been updated to prevent all known vulnerabilities. Google Cloud is architected in a manner that enables us to update the environment while providing operational continuity for our customers. We used our VM Live Migration technology to perform the updates with no user impact, no forced maintenance windows and no required restarts.

Customers who use their own operating systems with GCP services may need to apply additional updates to their images; please refer to the GCP section of the Google Security blog post concerning this vulnerability for additional details. As more updates become available, they will be tracked on the the Compute Engine Security Bulletins page.

Finally, customers using Chrome browser—including for G Suite or GCP—can take advantage of Site Isolation as an additional hardening feature across desktop platforms, including Chrome OS. Customers can turn on Site Isolation for a specific set of websites, or all websites.

The Google Security blog includes more detailed information about this vulnerability and mitigations across all Google products.  

Why it’s time for enterprises to adopt Android’s modern device management APIs

Enterprise devices regularly access mission-critical data and are a key conduit for company communications. To ensure that organizations can power their mobility efforts with great features and security, Android offers managed device and work profile modes for mobile management.

Many organizations, however, are still using the Device Administration API, which was made available for developers in Android 2.2. When it was first released in 2010, device admin API provided enterprises with a reliable support system for enterprise applications. Since then, the needs of businesses have grown to require more vigorous management and security requirements.

Managing personal and company-owned devices

In Android 5.0, we created managed device (device owner) and work profile (profile owner) modes, which match the security needs of organizations that manage mobile devices. These are feature-rich and secure ways to manage devices. Most organizations are now using these modes to manage mobile devices, and we’re encouraging all organizations to make the switch.

We understand that for some organizations this switch may take time so we will have developed an extended timeline for the transition. Device admin API will be supported through Android Oreo and existing functionality will continue to be available in the next major Android release, though device admin APIs for password enforcement will no longer be supported. In the following Android release, expected in 2019, the APIs for password enforcement will no longer be available. We strongly recommend that businesses plan to move to work profile and managed device APIs. By sharing this update early, we aim to provide companies with sufficient time to migrate existing devices or start fresh as new ones are added to their fleet.

Non-enterprise device management

Some of the device admin APIs are used for non-enterprise device management, like Find My Device, which enables locking and wiping a lost phone. APIs commonly used by these applications will not be affected. Please see the developer migration guide for details on the specific changes.

Making the transition to work profiles or managed devices

For those currently using device admin, there are two strategies available to move to Android’s management APIs. Both options require companies to have an EMM provider that supports either Android’s work profile or managed device mode.

For personal devices used by employees for work, we recommend using the work profile. Migration from a legacy device admin to the work profile can be done with minimal disruption. This can be handled either by enabling personal devices to install a work profile, or by having new devices enroll with a work profile as existing devices phase out of the fleet.

We recommend that company-owned devices be set up as managed devices. Migrating a device from device admin to managed device requires a factory reset, so we recommend a phased adoption, where new devices are enrolled as managed devices while existing devices are left on device admin. New users and new devices should be configured with the new management modes as they are enrolled. Then, older device admin devices can be aged out of the fleet through natural attrition. We recommend that you begin to enroll all new company-owned devices running the major Android release after Oreo as managed devices, in preparation for the removal in the release after that.

Major mobility transitions are typically a large and important undertaking but we know that the needs of companies will be better served with the modern capabilities of Android’s managed device and work profile modes. For specific implementation details, see our developer migration guide.

How Scheels uses Chrome to help its sales associates better serve customers

Editor’s Note: Today’s post is from Becky Torkelson, Computer Support Specialist Leader for Scheels, an employee-owned 27-store chain of sporting goods stores in the Midwest and West. Scheels uses Chrome browser and G Suite to help its 6,000 employees better serve customers and work together efficiently.

Whether customers come to Scheels stores to buy running shoes, fishing rods or camping stoves, they talk to associates who know the products inside and out. We hire people who are experts in what they’re selling and who have a passion for sports and outdoor life. They use Chrome browser and G Suite to check email and search for products from Chromebooks right on the sales floor, so they can spend more time serving customers.

That’s a big improvement over the days when we had a few PCs, equipped with IBM Notes and Microsoft Office, in the back rooms of each store. Associates and service technicians used the PCs to check email, enter their work hours or look up product specs or inventory for customers—but that meant they had to be away from customers and off the sales floor.

Starting in 2015, we bought 100 Chromebooks and 50 Chromeboxes, some of which were used to replace PCs in store departments like service shops. Using Chromebooks, employees in these departments could avoid manual processes that slowed down customer service in the past. With G Suite, Chrome devices and Chrome browser working together, our employees have access to Gmail and inventory records when they work in our back rooms. They can quickly log on and access the applications they need. This means they have more time on the sales floor for face-to-face interaction with customers.

Our corporate buyers, who analyze inventory and keep all of our stores stocked with the products we need, use Google Drive to share and update documents for orders instead of trading emails back and forth. We’re also using Google Sites to store employee forms and policy guides for easy downloading—another way people save time.  

We use Chrome to customize home pages for employee groups, such as service technicians. As soon as they log in to Chrome, the technicians see the bookmarks they need—they don’t have to jump through hoops to find technical manuals or service requests. Our corporate buyers also see their own bookmarks at login. Since buyers travel from store to store, finding their bookmarks on any computer with Chrome is a big time-saver.

Our IT help desk team tells me that they hardly get trouble tickets related to Chrome. There was a very short learning curve when we changed to Chrome, an amazing thing when you consider we had to choose tools for a workforce of 6,000 people. The IT team likes Chrome’s built-in security—they know that malware and antivirus programs are running and updating in the background, so Chrome is doing security monitoring for us.

Since Scheels is employee-owned, associates have a stake in our company’s success. They’re excited to talk to customers who want to learn about the best gear for their favorite sports. Chrome and G Suite help those conversations stay focused on customer needs and delivering smart and fast service.

How Scheels uses Chrome to help its sales associates better serve customers

Editor’s Note: Today’s post is from Becky Torkelson, Computer Support Specialist Leader for Scheels, an employee-owned 27-store chain of sporting goods stores in the Midwest and West. Scheels uses Chrome browser and G Suite to help its 6,000 employees better serve customers and work together efficiently.

Whether customers come to Scheels stores to buy running shoes, fishing rods or camping stoves, they talk to associates who know the products inside and out. We hire people who are experts in what they’re selling and who have a passion for sports and outdoor life. They use Chrome browser and G Suite to check email and search for products from Chromebooks right on the sales floor, so they can spend more time serving customers.

That’s a big improvement over the days when we had a few PCs, equipped with IBM Notes and Microsoft Office, in the back rooms of each store. Associates and service technicians used the PCs to check email, enter their work hours or look up product specs or inventory for customers—but that meant they had to be away from customers and off the sales floor.

Starting in 2015, we bought 100 Chromebooks and 50 Chromeboxes, some of which were used to replace PCs in store departments like service shops. Using Chromebooks, employees in these departments could avoid manual processes that slowed down customer service in the past. With G Suite, Chrome devices and Chrome browser working together, our employees have access to Gmail and inventory records when they work in our back rooms. They can quickly log on and access the applications they need. This means they have more time on the sales floor for face-to-face interaction with customers.

Our corporate buyers, who analyze inventory and keep all of our stores stocked with the products we need, use Google Drive to share and update documents for orders instead of trading emails back and forth. We’re also using Google Sites to store employee forms and policy guides for easy downloading—another way people save time.  

We use Chrome to customize home pages for employee groups, such as service technicians. As soon as they log in to Chrome, the technicians see the bookmarks they need—they don’t have to jump through hoops to find technical manuals or service requests. Our corporate buyers also see their own bookmarks at login. Since buyers travel from store to store, finding their bookmarks on any computer with Chrome is a big time-saver.

Our IT help desk team tells me that they hardly get trouble tickets related to Chrome. There was a very short learning curve when we changed to Chrome, an amazing thing when you consider we had to choose tools for a workforce of 6,000 people. The IT team likes Chrome’s built-in security—they know that malware and antivirus programs are running and updating in the background, so Chrome is doing security monitoring for us.

Since Scheels is employee-owned, associates have a stake in our company’s success. They’re excited to talk to customers who want to learn about the best gear for their favorite sports. Chrome and G Suite help those conversations stay focused on customer needs and delivering smart and fast service.

Source: Google Cloud


Security enhancements and more for enterprise Chrome browser customers

When it comes to Chrome, security is one of our most important considerations—and that’s especially true when it comes to our enterprise users. We’re always looking for ways to further protect enterprises from potential dangers like ransomware, malware, and other vulnerabilities. 

Chrome browser has been validated by third parties as a frontrunner in enterprise browser security, and we’re committed to constantly introducing more safeguards. That’s why the latest release of Chrome browser introduces a variety of new security enhancements for enterprises. From new ways to better isolate processes, to broader support for more advanced security standards, to the introduction of new policies, IT admins now have more options to protect their users and businesses from potential threats. Here’s a quick overview of the security updates this latest release of Chrome will offer, plus an update on a few upcoming changes in 2018.


Site Isolation: For enterprises with the highest security needs

Starting with today’s release, Site Isolation is now available. With Site Isolation enabled, Chrome renders content for each open website in a separate process, isolated from other websites. This can mean even stronger security boundaries between websites than Chrome’s existing sandboxing technology. Admins can read more to determine if this capability makes sense for their organization—and start implementing it immediately.


Making it easier to restrict extensions based on required permissions

Although admins have been able to whitelist and blacklist specific extensions in Chrome, we’ve heard feedback that it can be difficult to scale. Beginning today, IT admins can configure a new policy that restricts access to extensions based on the permissions required. For example, through policy, IT can now block all extensions that require the use of a webcam or microphone, or those that require access to reading or changing data on the websites visited. This policy is available now, and will help IT teams enforce necessary controls, without overly restricting users.  

Chrome updates for enterprises

Version 1.3 of Transport Layer Security (TLS) and policy

Secure communication on the Internet is made possible through a protocol called Transport Layer Security (TLS). To support the latest security standards, we're enabling TLS 1.3 for Gmail in today’s release of Chrome browser. The previous version, TLS 1.2, was standardized in 2008 and, although it can be secure when configured correctly, it’s in need of an overhaul. The improvements in TLS 1.3 make it faster and more secure, and we’ll be expanding TLS 1.3 support to the broader web in 2018.


Chrome browser users should not be impacted by this change. IT admins that are aware of any systems that are not interoperable with TLS 1.3 should post feedback in the admin forum. As admins prepare for the wider use of TLS 1.3, they can configure this policy for network software or hardware that will not transit TLS 1.3 connections. More details are available on this page.


Broader platform support for the NTLMv2 authentication protocol

Last week we shared on our admin forum that Chrome 64, coming in early 2018, will include support for the NTLMv2 authentication protocol, including Extended Protection for Authentication (EPA) on Mac, Android, Linux and Chrome OS. This allows all platforms to perform NTLM authentication with the same level of security that was previously available only in Chrome on Windows.


IT admins can enable this feature today by visiting chrome://flags/#enable-ntlm-v2. In Chrome 65, NTLMv2 will become the default NTLM protocol as it already is on Windows. More details are available on this page. With this update, Chrome will become the only browser to support NTLMv2 with EPA on non-Windows platforms.


Reducing Chrome crashes caused by third-party software

Last week we announced we’ll be implementing changes in Chrome to improve stability and reduce the number of browser crashes. Starting with the release of Chrome 68 in July 2018, we’ll begin blocking third-party software from injecting code into Chrome on Windows.


Code injection has historically been used by products such as anti-virus software. But it’s an outdated process, and we encourage vendors of such software to take advantage of the newer, more effective options available.


In the meantime, we understand sometimes businesses need to rely on such software, and we want to make sure they’re covered. We’ll be introducing a new policy in the coming months that will offer admins extended support for critical apps that require code injection to function.

Chrome updates for enterprises 02

Admins can visit chrome://conflicts to check if software currently installed on a computer is injecting into Chrome.


We’re excited to bring new capabilities to IT admins that enhance Chrome’s security and stability. For more information about Chrome browser for enterprise, visit Chrome.com/enterprise, or to share feedback, visit our Chrome browser Enterprise Admin Forum.

Please Welcome Diane Bryant to Google Cloud

I am happy and excited to announce that Diane Bryant, former Group President at Intel, will be joining Google Cloud as our Chief Operating Officer. I can’t think of a person with more relevant experience and talents. She is an engineer with tremendous business focus and an outstanding thirty-year career in technology.

Most recently, Diane was head of Intel’s Data Center Group, which generated $17 billion in revenue in 2016. Over her five years as Group President, Diane expanded the business to additionally focus on pervasive cloud computing, network virtualization and the adoption of artificial intelligence solutions. Previously, Bryant was Intel’s Corporate Vice President and Chief Information Officer, where she was responsible for corporate-wide information technology solutions and services.  

Diane serves on the board of United Technologies. Throughout her career, Diane has worked to mentor and sponsor women in technology.

Google Cloud is the most technologically advanced, most highly available, and most open cloud in the world. We are growing at an extraordinary rate as we enable businesses to become smarter with data, increase their agility, collaborate and secure their information. Diane’s strategic acumen, technical knowledge and client focus will prove invaluable as we accelerate the scale and reach of Google Cloud.

I am personally looking forward to working closely with Diane Bryant as we enter what promises to be a great 2018 for Google Cloud.

Please Welcome Diane Bryant to Google Cloud

I am happy and excited to announce that Diane Bryant, former Group President at Intel, will be joining Google Cloud as our Chief Operating Officer. I can’t think of a person with more relevant experience and talents. She is an engineer with tremendous business focus and an outstanding thirty-year career in technology.

Most recently, Diane was head of Intel’s Data Center Group, which generated $17 billion in revenue in 2016. Over her five years as Group President, Diane expanded the business to additionally focus on pervasive cloud computing, network virtualization and the adoption of artificial intelligence solutions. Previously, Bryant was Intel’s Corporate Vice President and Chief Information Officer, where she was responsible for corporate-wide information technology solutions and services.  

Diane serves on the board of United Technologies. Throughout her career, Diane has worked to mentor and sponsor women in technology.

Google Cloud is the most technologically advanced, most highly available, and most open cloud in the world. We are growing at an extraordinary rate as we enable businesses to become smarter with data, increase their agility, collaborate and secure their information. Diane’s strategic acumen, technical knowledge and client focus will prove invaluable as we accelerate the scale and reach of Google Cloud.

I am personally looking forward to working closely with Diane Bryant as we enter what promises to be a great 2018 for Google Cloud.

Source: Google Cloud


MedXM keeps patients healthy, with help from G Suite and Chrome

Editor’s note: Today’s post comes from Sy Zahedi, CEO of MedXM, which works with health plan providers to offer preventive care and health education to patients. MedXM is using G Suite and Chrome to operate more efficiently and help outreach agents and clinicians improve care for patients.

Every day, 5,000 MedXM healthcare workers visit patients in their homes or in nearby clinics. Our clinicians and health aides make sure patients are taking medications, following doctor instructions and making progress in managing chronic conditions like diabetes and high blood pressure. We believe that focusing on things like prevention, education and early detection will keep our patients healthy, and detect or deter illnesses before they become critical or require hospital stays.

Meeting with patients face to face is our strategy for keeping people healthy.  That’s why we rely on technology to remain connected with our patients.  Our outreach center agents need to be able to field calls from patients with questions or emergencies. Other employees communicate with health insurers about our wellness programs or to obtain documentation on patient progress. To meet our mission of delivering great person-to-person care, we chose G Suite, Chromebooks, and Chrome browser.

Switching to faster, more secure applications.


Before Google, we relied on laptops equipped with Microsoft Office. Healthcare workers and remote employees had to use VPNs to log in to our network. The process was slow and not user friendly. Plus, we plan to hire more remote workers in the future, so we needed easy and secure tools that allowed workers to share and update documents no matter where they were.

Once we determined that G Suite could allow employees to securely communicate with each other and with healthcare providers, we rolled out Gmail first, then moved on to Google Drive, Google Docs and Google Hangouts. We also deployed Chrome browser across all worker computers. Switching employees and outreach center agents to G Suite took very little time—many of our employees already used tools like Gmail and Google Docs at home. And once our IT team showed employees how multiple people could work on a Google Sheets spreadsheet at the same time, they never wanted to use anything but Google Sheets from then on.



Decreased costs. Increased productivity.


Since we began using G Suite and Chrome, productivity increased significantly, while software costs decreased by 40 percent. Since staff can share information with clinicians using Google Drive, employees no longer waste time with complicated VPNs when they need to upload work orders to healthcare providers. Plus, they can complete routine tasks faster, such as filling out vacation requests in Google Forms instead of passing around sheets of paper.

Switching to Google also reduced the workload for the MedXM IT team, which used to spend about 25 percent of its time supporting legacy desktop applications. Today, they need to provide very little support for G Suite so they can spend more time on creative projects, like using Google Apps Script to create custom dashboards for staff.

After adding up all of the benefits of using G Suite and Chrome, we’re taking the next step: replacing our outreach center and clinician computers with Chromebooks.

Because Google makes us more efficient, employees have more time to spend caring for patients. With more time tending to patients’ needs, we can fulfill our company mission: preventative healthcare, education and early detection. Now that’s good medicine.

MedXM keeps patients healthy, with help from G Suite and Chrome

Editor’s note: Today’s post comes from Sy Zahedi, CEO of MedXM, which works with health plan providers to offer preventive care and health education to patients. MedXM is using G Suite and Chrome to operate more efficiently and help outreach agents and clinicians improve care for patients.

Every day, 5,000 MedXM healthcare workers visit patients in their homes or in nearby clinics. Our clinicians and health aides make sure patients are taking medications, following doctor instructions and making progress in managing chronic conditions like diabetes and high blood pressure. We believe that focusing on things like prevention, education and early detection will keep our patients healthy, and detect or deter illnesses before they become critical or require hospital stays.

Meeting with patients face to face is our strategy for keeping people healthy.  That’s why we rely on technology to remain connected with our patients.  Our outreach center agents need to be able to field calls from patients with questions or emergencies. Other employees communicate with health insurers about our wellness programs or to obtain documentation on patient progress. To meet our mission of delivering great person-to-person care, we chose G Suite, Chromebooks, and Chrome browser.

Switching to faster, more secure applications.


Before Google, we relied on laptops equipped with Microsoft Office. Healthcare workers and remote employees had to use VPNs to log in to our network. The process was slow and not user friendly. Plus, we plan to hire more remote workers in the future, so we needed easy and secure tools that allowed workers to share and update documents no matter where they were.

Once we determined that G Suite could allow employees to securely communicate with each other and with healthcare providers, we rolled out Gmail first, then moved on to Google Drive, Google Docs and Google Hangouts. We also deployed Chrome browser across all worker computers. Switching employees and outreach center agents to G Suite took very little time—many of our employees already used tools like Gmail and Google Docs at home. And once our IT team showed employees how multiple people could work on a Google Sheets spreadsheet at the same time, they never wanted to use anything but Google Sheets from then on.



Decreased costs. Increased productivity.


Since we began using G Suite and Chrome, productivity increased significantly, while software costs decreased by 40 percent. Since staff can share information with clinicians using Google Drive, employees no longer waste time with complicated VPNs when they need to upload work orders to healthcare providers. Plus, they can complete routine tasks faster, such as filling out vacation requests in Google Forms instead of passing around sheets of paper.

Switching to Google also reduced the workload for the MedXM IT team, which used to spend about 25 percent of its time supporting legacy desktop applications. Today, they need to provide very little support for G Suite so they can spend more time on creative projects, like using Google Apps Script to create custom dashboards for staff.

After adding up all of the benefits of using G Suite and Chrome, we’re taking the next step: replacing our outreach center and clinician computers with Chromebooks.

Because Google makes us more efficient, employees have more time to spend caring for patients. With more time tending to patients’ needs, we can fulfill our company mission: preventative healthcare, education and early detection. Now that’s good medicine.

Source: Google Cloud


Chrome Enterprise now offers native print management

In August we announced the launch of Chrome Enterprise, a single, cost-effective solution giving you the security and control you need to keep your employees connected. On our road to releasing Chrome Enterprise, we listened to a lot of feedback from businesses. And one of the most common requests we received was greater printing capabilities.

Whether it’s firing off a last minute presentation, or grabbing those boarding passes on the way to the airport, fast and simple printing is business critical. That's why we're excited to expand Chrome Enterprise's native printing capabilities.

Chrome Enterprise’s native print functionality is enabled through the Common UNIX Printing System (CUPS). CUPS uses an Internet Printing Protocol (IPP) that allows printing directly to a printer over the local network. You can add, remove, enable and disable printers by organizational unit in the Google admin console. Enabled printers will automatically appear in a user’s list of Chrome printers.

For employees, setup will be a cinch. With native print functionality, they can add a local printer and begin printing—no connectors needed. They can also print directly to a printer via USB.

For more information on managing native printing in Chrome Enterprise, check out our Help Center article. Or warm up your friendly local printer and fire away from your Chrome browser. Just don’t forget to BYOP (bring your own paper)!