Organisations are spending big to improve their security with products that claim to fend off hacks and eliminate vulnerability, spending up to 13% of their overall IT budget according to a study by Gartner, and that was five years ago. Since then, the number of breaches has continued to rise with over two-thirds of business leaders experiencing an increase in cyber attacks in 2019.
Phishing scams, DDoS attacks, and malware are costing organisations billions due to data breaches and ransomware. Even the NHS isn’t immune, with the WannaCry attack costing our health service some £92 million in 2017. However, it’s not all down to opportunists getting past expensive third-party antivirus software – 95% of breaches are caused by basic human error.
With working from home continuing to be a target for cyber-criminals, it’s now more vital than ever for businesses to invest in the technology that will keep their users, their data, and their revenues protected from online threats.
What are we used to?
A bloated and flawed operating system running software that requires extemporary and disruptive manual updates
Gigabytes of locally stored intellectual property, personally identifiable information, and user credentials
Third-party antivirus definitions with separate billing and renewal cycles
Devices built using a mish-mash of components prone to conflicts and issues that need direct user intervention to keep patched over time
Poorly enforced boundaries between system processes that can allow hackers total access to a device through a single compromised module
What does this mean?
Working from home creates new problems as tools and processes designed for corporate networks become less and less effective
Ops teams that struggle with enforcing consistent device images and patching firmware and apps across distributed endpoints
IT admins are forced to focus on monitoring devices to identify vulnerabilities and detect compromises
Businesses have an opportunity to make game-changing improvements in endpoint security and administration by capitalising on the inherent advantages of cloud-based architectures.
Admins are able to manage their entire IT estate remotely from a central cloud-based console, and processes can be streamlined or wholly automated, allowing them to focus on proactive improvements rather than reactive maintenance.
Chromebooks and other Chrome OS devices have been designed from the ground up to solve many of these issues for organisations of all sizes. Below are just some of the ways Google makes it easy for administrators to keep their endpoints secure and their users safe when working online from anywhere.
1. Automatic updates
Keeping your firmware and software up-to-date can be an arduous task, which is exacerbated further when dealing with a distributed workforce. Even when vulnerabilities are announced or new attack techniques are discovered, your users often dismiss your best efforts to keep them safe and their data secure.
Chrome devices benefit from automatic updates, which can be controlled remotely from the Google Admin console. These occur every six weeks – far more often than other major operating systems. Updates happen in the background and automatically take effect the next time the device is booted, minimising disruption and allowing your staff to keep working as normal.
2. Verified boot
When a Chromebook boots up, the read-only OS checks itself against a known safe version using a signature and a signed hash to verify that the version being loaded exactly matches the image approved by Google. The now-verified firmware then uses the same process to check all the blocks of code in the operating system and Chrome browser to ensure there are no discrepancies.
If any evidence of tampering or malware is found, the process stops and the device reboots using a backup version of Chrome OS. As it’s impossible to boot corrupted firmware on a Chromebook, Ops staff can avoid the tedious work required to remedy compromised software and files on the machine.
Several classes of cyber attack use compromised websites and applications to take control of software components on the device, so Chromebooks utilises process sandboxing to enforce boundaries between applications in use.
As apps on a Chrome device cannot communicate with each other (except under strict conditions), should your user unwittingly visit an infected website or side-load some unauthorised software, there’s no chance of it tainting anything else on the device. Simply close the app or page and the threat is swiftly neutralised and removed from the device.
4. Google Admin console
When coupled with a Chrome Enterprise or Education Upgrade, businesses can unlock the Google Admin console and over 300 policies and settings they can tailor to the needs of their users and their organisation. Once the domain has been verified, IT admins are able to manage their Chrome estate from anywhere by visiting admin.google.com.
Policies such as Forced re-enrolment and Restricted sign-in means that if the worst happens and one of your Chromebooks gets lost or stolen, the device cannot be taken out of managed status and your user and customer data remains secure. Considering such data breaches cost significant time, money, and damage to reputation, Google’s automated “set-and-forget” processes can prove invaluable.
5. Cloud infrastructure
From the six layers of on-site security including thermal cameras and iris scanning to the data centre floors where less than 1% of Googlers ever get to visit, the infrastructure behind Google Cloud adheres to over 40 global data security standards and regulations. How does that compare to your traditional on-premises server room?
Google custom designs and builds almost every part of the stack with a relentless focus on continual improvement and constant innovation. Cooling is one of the biggest overheads for any data centre, which is a hot topic for any organisation focused on sustainability. Google’s data centre in Finland for example, is 100% cooled by seawater.
Want to know more?
Getech is one of the largest suppliers of Chrome devices and management licences in the UK. We support channel partners by providing their customers with cloud-ready technology that helps them scale quickly, work efficiently, and save them money.