Aug 16, 2023The Hacker NewsBrowser Security/ Online Security
More and more organizations are choosing Google Workspace as their default employee toolset of choice. But despite the productivity advantages, this organizational action also incurs a new security debt. Security teams now have to find a way to adjust their security architecture to this new cloud workload.
Some teams may rely on their existing network security solutions. According to a new guide, this is a hit and a miss. Network solutions, the guide claims, just don't cover all SaaS and browsing requirements. Meanwhile, Google offers a wide range of native security functionalities built-in to Chrome. These functionalities enable the organization to leverage the browser for consolidating security, simplifying operations and reducing costs.
If you're wary about trusting Chrome with your security, then the guide is recommended to read. In great detail, it explains which security features Chrome offers users.
- Forcing users to sign into Chrome, to ensure the organization's user-level policies and settings are applied.
- Enforcing Chrome auto-updates, for ensuring the browser is updated and security patches are applied as they are released.
- Controlling password and settings sync, to prevent credential theft.
- Extension management, to govern the installation of potentially malicious browser extensions.
- Reports and monitoring, to help security teams hunt for potential threats and maintain the security hygiene of their environments.
- Warning about potentially risky sites and downloads.
- Event logs, for auditing purposes.
To complement these security features, this guide proposes to add a new tool to the security stack – a browser security extension. Such a solution adds the ability to detect and prevent browser-based attacks in real-time. It monitors and analyzes live web session activity, providing granular visibility and enforcement capabilities to browse events and mitigating risks. As such, it supports the discovery of shadow SaaS, SaaS DLP, zero trust verification, phishing protection, access management for unmanaged devices, and more.
The guide recommends implementing a browser extension that is compatible with all commercial browsers (Unlike "Enterprise Browsers" solutions that replace the existing browsers). The extension "resides 'within' the existing browser, has visibility into every event in the web session that the browser has, and can interfere – if needed - in the actual session to apply a protective action." As a result, it makes use of all Chrome's security features.
Security teams that read the report will be supplied with detailed information required for making a rational choice about how best to secure the Google Workspace. They can weigh all the factors and decide how to enhance their Google app security in general, and their Chrome browser in particular.
from The Hacker News https://bit.ly/45x9lo4