“At Google, we use ChromeOS data controls to understand how data moves through the organization and protect important data while keeping our teams productive and collaborative.”
Hi Tony, please tell us a little bit about your role at ChromeOS and how you arrived at the company.
I run the ChromeOS Trust and Safety organization at Google. I joined Google about three and a half years ago, focusing on Data Protection and Identity, and later the Chrome Operating System’s overall security and privacy space. Before joining Google, I worked at Microsoft in Windows security, where I gained a lot of experience in this space.
For our readers who are new to the industry, could you please tell us about the history behind ChromeOS’ launch and evolution?
Today Chromebooks help millions of people stay connected while they work, study, and stay entertained; this has never been more true than over the past few years. Since the start, we’ve been focused on building a modern OS designed to embrace the power of the web that is fast, secure, and easy to use. That remains the goal today, and as we look ahead, we’re continuing to find ways to make the Chromebook experience even more helpful for everyone while using the latest advancements in technology. Examples include things like utilizing our artificial intelligence technology to help people proactively, integrating sensor technologies for more personalized experiences, expanding our portfolio of devices with cellular connectivity, and working endlessly to make your devices work better together.
How is ChromeOS 2023 different from any of its previous versions?
In general, the ChromeOS of 2023 has expanded on our foundations– with updates every four weeks, there are all types of new features from productivity features, increased app support, cross-device features that work with your Android phone, and many more.
On the security and privacy front, we’ve launched a significant number of new features this year. With the recent launches we announced, ChromeOS provides additional ways to:
- Put users in control by providing enhanced camera and microphone privacy settings
- Keep enterprise data safe (e.g., the Data Control features to prevent leakage)
- Provide continuous signals and monitoring, integrating with leading third-party solutions such as CrowdStrike Falcon Insight XDR
- Provide seamless and secure SSO (single sign-on) to O365 properties (e.g., with support for Conditional Access)
With the expanding fear of Shadow IT and SaaS sprawl, how is ChromeOS mitigating security challenges for CIOs and CISOs?
ChromeOS was built with modern computing and security in mind, providing the cornerstone for simple yet powerful enterprise-grade security. ChromeOS devices are secure out of the box, with zero ransom attacks ever reported on ChromeOS. In fact, IDC reported that using ChromeOS improved security posture, including 24% fewer security attacks, 29% lower overall security risk, and 29% more efficient device security teams. Since ChromeOS is secure by design, we can establish a higher level of trust with a simpler, lightweight solution.
PCs evolution has opened up numerous malware entry points and thus requires the highest enterprise package to provide some protection. ChromeOS closes off traditional entry points for viruses, removing the need for a client-side anti-virus. ChromeOS has end-to-end security from firmware to Cloud. Combined with seamless automatic updates, this provides one of the best defenses against 0-day attacks.
Most companies realize the importance of Zero Trust security, but few have the resources to implement and maintain it correctly. We’re leveraging our hardened OS as a basis to democratize security so that anyone can implement Zero Trust security, regardless of industry, company size, or expertise. As part of our journey to provide “Zero Trust for All,” we will continue to build in features often reserved for Microsoft E5 enterprise customers, such as endpoint protection (anti-virus) and Data Loss Protection, into our standard ChromeOS Enterprise License. We know IT admins won’t be able to flip completely to ChromeOS overall, so we are ensuring we work with existing security systems such as Carbon Black and offering a set of Chrome Enterprise connectors to simplify integration with leading security providers like Okta and Crowdstrike. Open ecosystem support with best of breed since every industry has unique/niche needs. For example, we treat providers such as Okta and Azure Active Directory as First Class Citizens.
ChromeOS is helping CIOs, CISOs, IT, and security teams mitigate security risks by ensuring that security is a core product design principle, provides protection by default, keeps data backed up and secured in the cloud, and trusted access.
Could you please tell us about ChromeOS Data Controls and how it secured IT resources by design and default?
Happy to! We recently announced an expanded set of built-in features to help businesses of all sizes protect their data and users. Building on extension controls for Chrome browser, we are expanding data protection to the operating system. ChromeOS Data Controls, now in general availability, enables IT and Security teams to protect important business and customer data. Admins can set up rules to prevent copy and paste, screen capture (screenshots and video capture), screen sharing, and printing. IT administrators can create an information protection strategy with rules based on the data source, destination, and user. At Google, we use ChromeOS data controls to understand how data moves through the organization and protect important data while keeping our teams productive and collaborative.
In addition to building security into the operating system, we announced an expanded set of capabilities within the Chrome Enterprise connectors framework and partnered with industry leaders CrowdStrike, Palo Alto Networks, and Netskope through the Security Insights and Reporting connector and the Identity and Access connector.
Through integration with the XDR Connector, CrowdStrike customers can now monitor threats for their ChromeOS devices within the CrowdStrike Falcon platform, making it easier for security and IT teams to evaluate the risk quickly. Additionally, admins can now monitor an expanded set of events within Chronicle, Palo Alto Networks Cortex XDR and CrowdStrike Falcon LogScale, bringing greater visibility across devices and user behaviors to proactively identify and mitigate risks. Lastly, ChromeOS can now support Azure AD conditional access through integrations with Netskope Intelligent SSE and Microsoft Defender, allowing administrators to limit access to services or untrustworthy environments. With these new capabilities, ChromeOS continues to innovate and make the modern workplace safe and trusted.
What are the crucial giveaways when a camera and microphones are hacked by unauthorized agents? How does ChromeOS enable users to prevent such an event in their workplace?
We have expanded the place in Settings where users can control their universal camera and microphone controls. For example, a user may decide to turn off the mic for all apps, which means no app can get access to the microphone.
Could you tell us a bit about your partnership ecosystem and how these partners have strengthened the Chrome Enterprise Connector framework?
We want to create a healthy ecosystem of partners that cater to the various needs of our customers. With that in mind, we built this Connector framework that allows third-party solution providers to integrate with ChromeOS. One recent example is the XDR Connector, which allows providers like Crowdstrike to gather relevant OS data and ingest it into their monitoring systems.
How does ChromOS mitigate risks that emerge from AI-assisted malware?
ChromeOS has been designed with security in mind from the get-go: ChromeOS devices are secure out of the box. Our approach leverages hardware-based security, multiple-layers of defense-in-depth, frequent seamless updates, and a small attack surface:
- Built-in Defenses: With Verified Boot, ChromeOS devices automatically check for issues every time they start up. If the OS is compromised, it reverts to a previous version, fixing itself with no IT intervention
- Prevent and protect: The simplest way to remediate a cyberattack is to prevent it from happening. ChromeOS blocks all untrusted executables, by default. Malicious code hiding in executables cannot run on ChromeOS
So whether AI-assisted or not, malware is blocked for executing.
What is your take on the future of Identity and Access Management embedded in ChromeOS – will this platform become more user-friendly and secure?
Yes, absolutely! We want to meet customers where they are: supporting some of the leading identity providers will reduce friction for many of our customers by allowing them to use the IdP of their choosing. For example, ChromeOS supports native sign-in with Okta, including MFA, out of the box. Furthermore, we’ve been working on making access management increasingly more user-friendly by adding support for SSO with Okta, Azure Active Directory (AAD), and just recently, support for Microsoft Conditional Access. This will allow users to seamlessly access their data stored in Office365 from their Chromebook.
Thank you, Tony! That was fun and we hope to see you back on cioinfluence.com soon.
[To participate in our interview series, please write to us at firstname.lastname@example.org]
Tony is the Director of ChromeOS Trust and Safety at Google. In this role, Tony and his team are responsible for defining and driving the ChromeOS security and privacy strategy and roadmap, ensuring Chrombooks are among the safest modern computing devices in the world. Prior to Google, Tony led multiple areas in Windows OS Security at Microsoft.
Google for Education is a solution built for learning and designed for the classroom that includes easy-to-manage affordable devices like Chromebooks, managing teaching and learning through Google Classroom, a powerful suite of collaboration tools with Google Workspace for Education. Together these tools help teachers save time, increase collaboration, and inspire curiosity while students discover and learn together on any device, from anywhere. There are 170 million students and educators using Google Workspace for Education, 150 million using Google Classroom, and 50 million using Chromebooks globally.