Aug 31, 2017

What is Chrome (Chromebook) Device Management? (Chrome Enterprise and Education)

How to manage Chrome Devices for Enterprise and Education.

Companies have not had a positive view of Chromebook. In recent years, however, businesses have changed the perception of Chromebook. According to the IDC report, there are predictions that by 2018, 25% of Fortune 500 companies will use Chromebook.

One of the biggest features for Chromebook is that it has an affordable price (average $ 150 - $ 300). In addition, it features fast performance, fast booting, secure computers free from viruses and malware, easy-to-manage computers, free office document editing tools, and MS Office compatibility tool. With the ability to run even millions of Android apps on the Google Play Store, Chromebook evolves into innovative computers that are capable of not only cloud-based online apps but also Android offline apps.

Google is launching a Chrome-based platform to strengthen its enterprise market. Google is driving the new paradigm of computers in the enterprise market as well as in the education market. That's why businesses and schools are starting to recognize Chromebook.

Chrome-based platforms launched by Google.     

First, Chrome  Enterprise and Education
    At the heart of this service is a combined platform of Chromebook hardware and Chrome Device Management Console software.
    Chromebook is also enhancing their business by getting solutions that can easily access Windows applications (Remote Desktop, Virtual Desktop, and Desktop as a Service).

Second, Chrome for Kiosk
   Anyone in a public place can use a PC for a low cost public use. It is a platform for Chrome OS devices to be used as a library's book search system and as a public PC in business centers and Internet cafes. In addition, schools can use Chromebook as a device for students to take exams.
    When a Kiosk app launches, any other application cannot be run, and only a single Kiosk app registered by an administrator is allowed to run in full-screen mode. This single Kiosk app can be managed through the Chrome Device Management console.
    Anyone can easily build and deploy Kiosk apps to the Chrome Web Store
Third, Chrome for Signage
    We have been flooding around with all kinds of digital displays. It is a platform that enables these digital displays to be published remotely at the desired time of day.
    You can install and manage Signage apps through the Chrome Device Management console.
    Chromebit, a stick-type PC, has been launched and is now making its way into the signage market.

Fourth, Chromebox for Meeting
    It is Google Hangout based video conferencing solution.
    Chromebox, high-definition Video Webcam, Speakerphone and so on, it enables companies to build video conferencing systems at low cost.
    To use this product, a separate service license ($ 250 per year / per device) is necessary.

Fifth, Chromebook that support Android apps on the Google Play Store
    You can now install and run Android apps on the Google Play Store on your Chromebook.
    Chromebook is now available in a variety of online and offline apps.

The Chrome Device Management console is a great feature that makes it easy to remotely manage Chromebooks from businesses and schools.

When a company or school distributes computers to its employees or students, it requires the cost and staffing of user preferences, software, OS updates, security software updates, and replacement or repair for other computers in the event of a malfunction.  

Chromebook is easy to manage remotely through the Chrome Device Management console. Administrator can manage all of their environments, software to be installed, automatic OS updates, and the ability to use the Internet only on a controlled network.

If a Chromebook is lost during a business trip or if it is stolen in a cafe, the administrator can remotely disable the device directly and the device will be immediately logged out and no longer available. If a lost Chromebook is retrieved, the administrator can make it available immediately by changing the device to reuse.

To efficiently manage the many Chromebooks distributed to your employees or students in your company or school, Chrome Device Management console is necessary. The Chrome device management console allows you to define and set up more than 150 policies. It's more complicated than it sounds, and it takes a lot of time and effort to figure it out and use it efficiently. In this book, you can easily learn important things from the functions of Chrome device management through various workshops.

Workshop 1-How to enable Chromebook only on your corporate or school network
Workshop 2-How to set up your Chromebook as a public computer
Workshop 3-How to use Chromebook for student assessments using a single Koisk app
Workshop 4-How to create Digital Signage System for In-house Promotion

It also includes essential guides for Chromebook beginners and advanced users. In this book, the author explains the new and updated functions and information recently. 

Key policy settings for Chrome Device Management
If you're using a Chromebook in a company or school that uses G Suite / G Suite for Education, you may be confused by the difference between user settings and Chromebook device settings.

User settings can be set through admin console of G Suite / G Suite for Education. However, Chrome Device Management console is required for Chromebook device-specific settings. I will explain the differences in detail.

There are more than 150 policies that can be set through Chrome Device Management. The settings can be broadly categorized into five categories - User Settings, Network Settings, Device Settings, Public Session Settings, and Kiosk Settings.

One important aspect of setting up Chrome devices is setting Chrome devices to Public Session, Kiosk Settings, and Single App Kiosk Mode.
For example, if you are using a Chrome device for multiple users, a business center PC, a PC for book searching in a bookstore or library, or a public PC used by several production workers in a production plant for business purposes, Device management is setting this as a public session. You can use your PC without a login in a public session.
A single app kiosk setting lets you run only a single specified app, which only works in full-screen mode. Other apps, including things like regular Internet search, will not be available.
Typically, the most important of the administrative settings in a business or school will be user settings and device settings. Public session and kiosk mode settings are optional depending on your Chromebook usage.

Differences between user and device settings

  • User policies apply regardless of which devices are logged in
    • Targeted users in the domain through the Admin Console.
    • Control your Chrome browser environment
      • Allowed apps and extension controls
      • Force apps and extensions to install
      • Chrome Web Store Permission Limitations
      • Browser environment control - Incognito mode, history, ad hoc mode, safe browsing, malicious sites, remote access client allowed
      • Proxy settings
      • Control the use of screenshots, block and allow access URLs
      • Print control etc.
    •  Organizations that use G Suite or G Suite for Education users can manage policies in the G Suite Admin console.
    • Companies and schools that do not use Google Apps must acquire and manage Chrome Device Management Console licenses..
  • Device policies are to control and manage devices regardless of who logs in.
    • Control who can log in, how to update, etc.
    • Control how users operate the device rather than what they use on the device

● Device registration and access
● Allow Guest Mode, Login Restrictions (Use only specified users), SSO,
● Chrome OS auto-update control, distribution channel control
● Manage kiosk settings
● Device status reporting
● Scheduled reboot
● Cloud Print Management
● Bluetooth control
● Stop using your device remotely
  •       Device policies can only be controlled through the Chrome Device Management console through Chrome device management licensing.
        Each policy is mutually exclusive. - There is no policy that conflicts with each other.
If you're using Chromebooks in a company or a school that uses G Suite or G Suite for Educations, you can manage Chromebook's users and set up network without having to register your device. However, device management or opt-in settings, kiosk settings, device provisioning /deprovisioning, etc. are only available if you have a Chrome Device Management license.
Companies that use Chromebooks without G Suite will need a Chrome device management license to manage their Chromebooks and manage their users.

Management topics
G Suit /GSuite for Education Admin Console
Chrome device management console
User Settings
Network Settings
Device Settings
Public Settings
Kiosk Settings
Device Provision/Deprovision

For More information - Kindle Store - Paperback/Kindle Edition


Jul 19, 2017

[WhitePaper] How to use G Suite to protect against Ransomware

How to use G Suite to protect against Ransomware

Ransomware infection route and severity

Ransomware has been infected by opening e-mail attachments or visiting suspicious websites. However, it is known that it is infected even if only Internet connection is used by using security weakness of MS Windows OS recently.

According to the security industry, the main culprit is the "WannaCry," which began circulating around Europe on December 12 (local time). Warner Cry is a variant of Ransomware known as WannaCrypt, which infects computers by exploiting security vulnerabilities in Microsoft's Windows operating system.

Key files in the infected computer are encrypted and can no longer be opened by the user. The attacker requires $ 300 as a condition for passing the encryption key and doubles the price if he does not pay the ransom within three days. The attacker threatens to permanently delete the encrypted file if he does not pay the ransom for seven days.

WarnerCry was able to spread around the globe in the first place because it would automatically be infected by running email attachments or visiting certain Web sites, unlike traditional Ransomware, even if they were only connected to the Internet. WarnerCry also has a worm feature that uses Windows Server Msessage Block (SMB), a file-sharing network feature of Windows, to infect not only that computer but also other computers connected to the network.

Because of this situation, there is no way to avoid infection with Ransomware, so its severity is higher than expected.

Typical prescriptions from Ransomware solution providers

A security vendor supplying a vaccine does not offer a specific solution for files already infected with Ransomware (files encrypted by Ransomware). However, in order to minimize infection in advance, four guidelines are suggested.

  • Spamming Email Attention
  • Back up important files
  • Set "Read Only" for important documents
  • Maintain the latest security patch of MS Windows OS

In other words, the point of this rule is that one of the Ransomware infection route is received through e-mail, and if you get infected, you should make the original backup to the safe store so that you can restore the original.  

Security solution vendors are pushing the introduction of a spam processing e-mail system that prevents spam in addition to existing e-mail systems. Storage or backup solution vendors are promoting the need for backup devices to back up important files.

It is an important document, but it is not uncomfortable to set it as 'read only' as it should be edited frequently. In some cases, document management solution providers may encourage the introduction of expensive document management systems that can be centrally controlled, while important documents are managed with appropriate security regulations.

MS Windows OS security patches are made from time to time. However, since malware hackers who create Ransomware are always exploiting Windows OS vulnerabilities, OS security patches are not a fundamental solution.

Full Content Download - PDF