Tanusha - Fotolia

Google Chrome Enterprise adds management options

The Google Chrome Enterprise offering officially allows organizations to manage Google Play Store apps, extensions, Microsoft Active Directory and integrate VMware on Chromebooks.

Chromebooks have found success in the education market, and now, Google is aiming to bring the Chrome OS to the enterprise with a suite of new features and security options.

Google Chrome Enterprise offers many of the same benefits as consumer Chrome OS, like automatic updates. But it added options such as 24/7 support from Google, management tools for the Google Play Store and Chrome extensions, and a new partnership with VMware allowing the use of VMware Workspace One as "the first third-party solution provider to manage Chrome devices," according to the Google.

Sharon Vardi, chief marketing officer at Prevoty, an application security company based in Los Angeles, said Google Chrome Enterprise opening up to enterprise mobility management (EMM) partners was a big step.

"Up until now, only Google and a few other cloud services were able to design, implement and apply configuration and security policies for these devices, and none were really enterprise-ready," Vardi told SearchSecurity. "Now, with both the Active Directory integration and VMware integration, policing these devices becomes a much easier task, whether they are owned by the enterprise or if they are personal devices that employees bring to the office and add to the network."

Craig Young, computer security researcher at Tripwire Inc., based in Portland, Ore., said Google Chrome Enterprise could be a good option for "certain organizations looking for a locked-down, yet enterprise-friendly, computing platform." 

"Chrome OS itself is based around Gentoo Linux and benefits heavily from Google's heavy investments in security. Google has generally been on the cutting edge of vulnerability research, particularly related to identifying memory safety issues, and I think they have done a lot of work to harden all components of Chrome OS," Young told SearchSecurity. "Chrome OS is also backed by a standing bounty of $100K for anyone who can demonstrate an exploit chain yielding a persistent device compromise. Google also enables researchers with grants to perform security research, as well as provides Google scale computing resources."

In addition to the security of Google Chrome Enterprise, Vardi said the Active Directory integration should sway some IT staff.

"The one big problem this does solve that also ties into security is IT fragmentation in the enterprise with devices on the network that the enterprise has no control over and cannot be controlled via traditional CMDBs [configuration management databases] or EDR [enterprise data replication] solutions," Vardi said. "With the announcement of their Active Directory integration for identity and access management of Chrome OS devices, [this] is a big step forward to allowing these types of devices to be accepted on enterprise networks."

Google Chrome Enterprise with Android apps

Although Google said not all Chromebooks will support the Play Store, even with a Chrome Enterprise license, the addition of Android apps to Chrome OS has been somewhat controversial. Some have said the addition of Android apps extends the functionality of Chrome OS, while others claim it could hurt Chrome's appeal as a thin client.

Young said Chrome OS had also suffered from risks of "abuse from third-party content," especially given security issues surrounding Chrome extensions, which Young said "can be extremely dangerous, given their ability to read from and inject content into arbitrary web sessions." 

"It looks like Chrome Enterprise could make strides to alleviate this concern for network administrators by providing managed Play Store and extensions," Young said. "I'm not sure exactly what this will look like in practice, but my hope would be that an organization could configure their Chrome Enterprise stores to automatically install certain apps and deploy specific settings, as well as also give users the ability to select and install preapproved third-party content."

Ultimately, Young said, Google Chrome Enterprise "could be a really ideal environment for an organization like a hospital, where staff members currently use laptops, ultrabooks, or tablets to input data into clinical web or desktop applications. In addition to security benefits, Chromebooks can provide benefits in terms of operating expense and mobility."

Next Steps

Learn how to set up a Chromebook remote desktop.

Find out if bug bounty programs are secure enough for enterprise use.

Get info on how the Samsung Chromebook Pro stands out from the pack.

Dig Deeper on Application and platform security

Enterprise Desktop
Cloud Computing