Reduce IT Security exposure by using the most secure OS
It’s no secret that the IT industry as it stands today is rather Windows-centric. It’s one of the first few things you’ll notice once you’ve tried the Chrome OS as a long time Windows user. In IT systems, especially in business, it’s important to invest in proper IT security monitoring and solutions.
If you work in IT in Australia, you’re most likely to be familiar with the so-called Essential 8. Essential 8, formerly known as the ASD Top 4, is the recommended series of strategies to mitigate cybersecurity threats and incidents. Applying these strategies makes it so that your IT system is much harder to infiltrate and compromise.
How does Chrome OS stack up with the Essential 8? Is it more complicated to secure your company’s managed IT systems when using Chrome OS? Or does Chrome OS actually simplify your security compliance requirements? Let’s take a look and get into detail.
This table is a comparison between the 3 most popular operating systems to show which require attention to be compliant with the Essential 8 recommendations.
Basically, White Glove Service means, providing or giving meticulous care or attention. But have you heard of White Glove IT Service? Do you know that as a business owner, your organisation can highly benefit from this? In this video, let me talk you through the meaning of White Glove IT and how can it boost the productivity of your business.
Essential 8 IT Security Monitoring
First off, we have Application Control. Obviously, devices running on Chrome OS runs differently from Windows systems. How? For one, Chrome OS doesn’t run executables or scripts the same way Windows does. This means that many of the traditional and new Windows attack vectors are nonexistent in the eyes of Chrome OS.
With Chrome OS, you have so much more control over the apps that you’re using. Sure, you have the Windows task manager to force exit applications. With Chrome OS, you can do that and more with the ability to control what your applications can access or use on your device and data with just a few clicks.
It’s very common for Windows and Mac users to find “free software” on the internet to help them achieve a task, e.g edit PDF. What they don’t realise is that these “free softwares” often install other software which can be malicious or even the “free software” comes with its own price. The security is compromised for that computer.
Right out of the box, when you enrol Chrome devices into your company, you already get a protected application deployment platform. Should you want to increase security, you can access your Google admin console and add an app allow list and enforcement model.
When it comes to apps, no one handles application patches and updates as well as Chrome OS. The seamless updates in the background automatically deployed from the Google Play Store for apps and Chrome web store for extensions are great. Let’s just hope that the deployed apps for Chrome devices stay at a minimum.
It’s best practice for organisations to set up their own company Play Store, where IT can control which apps and extensions the users can install. However, if you or one of your team members have to use an app not published at all under Google Play Store, you should be mindful of doing extra security measures.
Operating System Updates
Similar to how they handle their apps, Chrome OS is regularly updated. It’s guaranteed that devices that have the “Chrome” logo get regular updates in their firmware. No other operating system does it as well as Chrome OS does. Once you grab a Chrome device, you know that the OS, apps, and firmware are all up-to-date.
The icing on the cake is that this is all default for Chrome OS. You don’t have to set this up because it comes default within the Google Admin console. Chrome devices with Chrome OS have an 8-year life cycle. As long as you decommission devices that are past that age, all your company Chrome devices will be compliant.
Windows and Microsoft Office Macro Settings
This one generally just applies to Windows systems because this is for locally installed productivity macros. Chrome OS simply doesn’t support that so there’s nothing to worry about.
Chrome OS, however, does support online productivity macros. It’s possible to upload and use macros with Google Workspace applications but those are stored in the cloud. It is safe to say that they are secure in their own ways. It’s not vulnerable, unlike locally stored productivity macros. For one, Google Safe Browsing will warn you if malicious code is found in your uploaded macros – something that may just easily get by with Windows systems.
Controlled Administrative Privileges
Chrome OS doesn’t follow the traditional “Local Administrator” or “Administrator Role”. The files of Chrome OS are well protected. Any attempt to make changes to the system files of Chrome OS will make the system roll back to its previous stable version. This rollback effectively obliterates any of the changes that you’ve done to the OS.
Chrome devices, such as Chromebooks, are shipped with the so-called Titan C security module. This module effectively secures the user of the device and the device itself.
On the subject of data loss, which I think is the intent of this particular security concern, Chrome OS is not perfect. There are certain exploitable risks with web extensions and play store apps, there’s no denying that. But with the regular updates, that’s always being addressed and the threats are definitely not as many and easy to exploit compared to Windows.
Multi-Factor Authentication (MFA) and IT Security Monitoring
Multi-factor authentication doesn’t come enabled with Chrome OS right out of the box. It’s something that you’d have to set up with your Google account or your Google Workspace. Despite that, Google supports a healthy range of multi-factor authentication security solutions. From authenticator apps, security keys, google prompts, mobile one-time passwords, to backup codes – you name it, Google’s got it.
If you’re not that interested in having a lot of authentication layers, don’t worry, you can set up which ones you’d like to use. Just use the Google admin console to configure your multi-factor authentication settings.
Chrome devices using Chrome OS are all designed for the cloud. It utilises the wide range of Google integrations that it has at its disposal. Chrome OS utilises Google Drive for online storage and other Cloud storage systems and solutions.
By default, storing data locally on a device running Chrome OS is allowed. However, it is recommended that you keep your data in the cloud as it is much more secure there. It’s also a lot easier to backup your data and recover it in case something goes wrong. With Google Drive, any revisions to your documents are saved. You can choose to load that old save any time. Backups of your cloud storage are important especially if you’re running a business.
User Application Hardening
Even with all of the built-in security features of Chrome OS, it’s still very important to harden a Chrome browser. By default, browsers try and balance tough security with ease of use for the users, the Chrome browser is no exception. Businesses and organisations should make sure that they harden their internet browsers to significantly improve overall IT security and IT security monitoring. The appropriate policies to harden your Chrome browser are configurable in the Google Admin console.
As you can see from the table above, the 8 items that you need to be concerned with for keeping your IT secure is reduced down to 4. This is why Chrome OS is the most secure OS and would result in far less chance of your organisation having a security incident. You also get to enjoy the added benefit of significantly reducing the cost to maintain IT security in your organisation.
There has been a 60% increase in ransomware attacks against Australian entities in the past year. Yet, Chrome OS remains to have had 0 reported ransomware infections – EVER!
Chrome OS really sets itself apart from the traditional operating systems that we’ve come to know. It’s moving away from the old practices and is always trying to improve – and I hope it stays that way. The investment made in security solutions has really paid off. Google took a list of all the vulnerabilities and weaknesses of the old operating systems and shoved layers of countermeasures against them.
Here at Onsite Helper, we think that with Chrome OS, reaching a high Maturity Level, Level 5, maybe even 7 out of the Essential 8 is going to be very easy. To be fair, the Essential 8 was based on Windows systems. It’s odd because what comes as high-level security for Windows is just a default setting for Chrome OS. Without a doubt, if you want a secure IT security monitoring and managed IT system, Chrome OS is the way to go.
You’ll get so much more than just the security features that you’ll be enjoying with Chrome OS. Other than security, you’ll also be getting Google Workspace support, Cloud storage, Cloud-based services, and more.