Google Enhances Security Management Features in Chrome Enterprise

Google announces new partnerships that give enterprises more enterprise mobility management options.

Chrome Cleanup Tool

Organizations using Chrome Enterprise, Google's business friendly version of its cloud operating system for desktops, laptops and mobile computers, now have more options for managing and implementing security policies across their devices. 

The company on March 15 announced partnerships with four enterprise mobility management (EMM) vendors,—Cisco Meraki, Citrix, IBM and ManageEngine a division of Zoho Corp. The goal is to give organizations more product options for managing endpoint devices from a unified interface, Google announced in a March 15 blog. Google already has a partnership with VMWare for managing Chrome OS devices. 

In addition to the partnerships, Google has also tightened the integration between Chrome Enterprise and Microsoft's Active Directory to make it easier for organizations to manage Chrome OS policies and devices using Active Directory. 

Google introduced Chrome Enterprise last August. The operating system version is designed for enterprise use and supports several features not available to consumers in the regular Chrome OS version. 

Examples include support for secure access to Google Play and enterprise application stores and integration with multiple management tools, Microsoft Active Directory and VMWare's Workspace ONE platform, according to the company. 

Chrome Enterprise also support capabilities like single sign-on, managed operating system updates and round-the-clock support—none of which are available with the standard version available with Chrome devices. 

This week's partnerships with Cisco Meraki and others are designed to build on those capabilities. The Citrix partnership for instance gives organizations a way to manage their Chrome Enterprise devices via XenMobile, device and application management tool. 

Similarly, ManageEngine's Mobile Device Manager Plus provides a unified console for configuring, securing and managing devices running Chrome, said David Karam, Google product manager in the blog announcing the updates. 

"For many businesses, managing a broad range of devices within one unified endpoint management solution is a necessity," Karam said. The four new EMM partnerships this week, will "give IT admins the ability to manage and implement security policies across their full fleet of devices from a single place," he said. 

The update to the Active Directory integration meanwhile will let administrators use Group Policy Objects to configure managed extensions. Enterprise users will also be able to authenticate directly from Chrome OS to Kerberos and endpoints based on Microsoft's NTLMv2 (NT Lan Manager version 2) protocol on their network. 

Google has also been working in recent months to "deepen and expand" management capabilities in Chrome OS and Chrome Browser, Karam said. 

For example a per-permission extension-blacklisting feature now lets administrators restrict access to browser extensions based on the permissions required. For example, administrators can use the capability to block users from installing extensions that require access to the device webcam. 

Another feature that Google has introduced relatively recently allows administrators to block sign-in on devices running outdated versions of Chrome. Similarly, they can also use device, or client, certificates to ensure that only users with managed devices can connect to single-sign on servers. 

Chrome devices that have been wiped or recovered to a safe state can also now be re-enrolled into a corporate domain without requiring administrator credentials, Karam said. 

Jaikumar Vijayan

Jaikumar Vijayan

Vijayan is an award-winning independent journalist and tech content creation specialist covering data security and privacy, business intelligence, big data and data analytics.