Google adds data loss prevention, security features to Chrome

Google today rolled out several new features for enterprise users of its Chrome browser, including data (DLP), protections against malware and phishing, and the ability to enable zero-trust access to the search engine.

In all, Google highlighted six new features for Chrome – three of them specific to the browser’s existing DLP capabilities.

A new “context-aware” feature allows enterprise administrators to customize DLP rules based on the security posture of the device being used. For example, admins can allow users to download sensitive documents if they’re accessing them from a corporate device that’s up to date on security fixes or is confirmed to have endpoint protection software installed.

The context-aware feature will, however, stop users from downloading sensitive documents on personally-owned devices or with a corporate device that doesn’t meet the security criteria.

Another DLP feature includes URL filtering; it can block or warn employees about visiting websites, or categories of websites, that breach an organization’s acceptable use policies.

“You can also restrict access, like blocking users from visiting popular file sharing websites, while still permitting file sharing via your corporate file-sharing site,” Google said in a blog post.

Google also announced two new risk assessment extensions for Chrome. Browser extensions can pose risks to users or request permissions that are not aligned with company policies; more than 250,000 extensions in the Chrome web store offer everything from ad-blockers to productivity tools.

By implementing advanced DLP and gaining more visibility into extension security and critical security events, organizations can identify potential threats and vulnerabilities before they are exploited, reduce the risk of data loss, and take a more proactive approach to cybersecurity.

Google also added two new security event notifications extensions available for install on Chrome.

  • Extension installs: Alerts IT and security teams when an extension is installed, so they can track new extension use in their environment.
  • Crash events: Alerts IT and security teams when a browser crashes on a device, which can help them kick off investigations.

Michael Suby, research vice president for IDC’s security and trust service, said Google’s targeting of cyberattacks is appropriate, as browsers are as vulnerable as any application sitting above the OS. But the additional features will likely create a conundrum for many organizations.

There are already third-party browsers available specifically for enterprises with similar security features to the ones announced by Chrome. For example, Island.io and Talon Cyber Security are two of the more popular enterprise browsers.

“How do I merge what they give me with what I already have?” Suby said.

Additionally, many enterprise applications already have security features built in.

“It’s adding another policy tool that needs to be managed. It’s great to have these new features in Chrome, and on their own they may be intuitive to use, but they just get added to what you already have,” Suby said. “That’s not to say they’re not good to have, but now I have something more I have to manage.”

The question becomes, who’s going to manage and control the new features and decide which ones should an enterprise use? “Or am I managing the security policies on applications? In which environment do I apply policies to?” Suby said.

You might also like

Comments are closed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. AcceptRead More