Will Google Chrome OS Security Be Tough Enough?

by Brian Prince

Given that the focus is on supporting cloud applications, this should come naturally. By turning Google Chrome OS into a “toaster” and running primarily—if not only—Web apps like Google Docs and Picasa, Google can substantially reduce the attack surface, noted Scott Crawford, an analyst with Enterprise Management Associates.

Google could take an Apple iPhone App Store approach to plug-ins or add-ons, Gartner analyst John Pescatore said, and have a certification/vulnerability assessment vetting process rather than just letting any piece of software plug in.

Google could build in native support for encryption of any data stored through the browser, whether locally or in the cloud, said Pescatore.

Google could implement a feature like SELinux, which adds mandatory access control to Linux. This would allow the OS to sandbox malicious processes to prevent them from infecting the rest of the system, said Forrester analyst Andrew Jaquith.

If most of the way the user interacts with the system or applications is through the browser, Google needs to put a focus on ensuring that its Chrome browser is secure, said Jaquith.