Posted by Saswat Panigrahi, Senior Product Manager, Chrome for Work
With security breaches that pose threats to businesses and their customers on the rise, CIOs are demanding more from their vendors when it comes to the security of their systems and devices. Advanced security is a mainstay of every Chrome device, regardless of price or type, and today we’re taking the next major step in bringing greater security to the enterprise with Verified Access for Chrome OS devices.
Verified Access is the means by which a network service, such as a VPN gateway, a sensitive server, an Enterprise certificate authority (CA) or an Enterprise Wi-Fi access point can get a hardware-backed cryptographic guarantee of the identity of the device and user that’s trying to access it. Verified Access ensures that their state is unmodified and policy compliant. This matters because most businesses, particularly large enterprises, have policies and requirements in place that allow network and data access only to enterprise-managed and verified devices, but many of the current solutions rely primarily on heuristic client side checks. But, a bad actor that can compromise your Operating System can probably also fake the signals being checked for.
Verified Access addresses this core challenge by leveraging the Trusted Platform Module (
TPM) present in every Chrome OS device to enable enterprise network services to cryptographically confirm the identity and status of verified boot and enterprise policy using a Google server-side API.
When integrating with an enterprise CA, for instance, hardware-protected device certificates can be distributed only to managed, verified devices. For years, Google has been using Verified Access to enhance security by ensuring the veracity and policy compliance of Chrome devices before allowing access to resources, and now we're making it available externally. Duo Security and Ruckus Wireless have already integrated with our
Verified Access API.
Duo Security, a trusted access provider,
now uses Verified Access internally to reliably assess the security of Chromebooks. Michael Hanley, Director of Security at Duo Security says “Given that many other security properties that are essentially native to the security model and architecture of Chrome OS, Verified Access gives us a reliable way of measuring foundational, hardware-backed security properties of Chromebooks before they access our services. It’s a high-assurance way for us to clear Chromebooks for access internally and be certain that only our users and our devices are passed through to sensitive services and data. It’s a great step toward even stronger endpoint security posture for our company and our customers.”
Ruckus Wireless has integrated its security management platform, Cloudpath ES, with the
Verified Access API
to securely differentiate between IT-owned and user-owned Chromebooks. The capability is available today in Cloudpath ES version 4.3. Kevin Koster, Chief Architect at Ruckus Wireless says, “The Verified Access API allows us to be cryptographically certain that a Chromebook is IT-owned before issuing it a certificate or allowing it to join the wireless network as an IT-owned device. Combined with Chromebook’s existing security features, Cloudpath creates a secure environment that is transparent to the end-user and the administrator. Over the last several months, we have been successful in deploying the solution in both education and high-security environments, including a global retail chain.”
Identity, network and security providers, we also invite you to integrate with the
Verified Access API. Administrators, here’s how you can
deploy it.
In other security news, we’ve brought
Smartcard Authentication support to Chrome Device, the required way of authenticating for employees in many security sensitive organizations. With the newly launched
Citrix Receiver for Chrome 2.1, users can now authenticate to virtualized Citrix apps using smartcards, and with SSO, login just once to their Chromebooks and be authenticated across Citrix and virtualized Windows apps.
Later this month we’re planning on reviewing the key security features of Chrome OS and a deep dive on how to integrate with and benefit from Verified Access in your organization.
Sign up here for more details.