[go: nahoru, domu]

Keeping Businesses and People Safe on the Web

From improved productivity to invisible security, how Google Chrome Enterprise is mapping the future of browsing.

In an increasingly interconnected world, securing an enterprise browser like Google Chrome Enterprise isn’t just about deploying robust cybersecurity measures. It also involves fostering a secure and user-centric experience. In this interview, Robert Shield, director, engineering, Google Chrome Enterprise, discusses how layered protection, streamlined functionalities and “invisible” security features contribute to a safer browsing environment and enhance overall productivity. As cyberthreats evolve, striking a balance between complex security structures and user-friendly interactions becomes more than an added advantage—it’s a critical necessity, shaping the way businesses navigate and benefit from digital solutions.

Q: How has Google Chrome’s approach to security evolved over the years, and what key lessons have been learned?

Robert Shield: As threats have evolved, so too has cybersecurity. Over the past few years, we’ve seen a shift toward cloud-based operations and remote and hybrid work. Security has always been a cornerstone of our approach, but we’ve had to adapt as people’s usage of computers changes. The browser has become the main point of access for corporate data, requiring us to think actively about securing data within it. Chrome’s approach to security is multilayered, from Chrome sandbox and site isolation to our auto-update cycle. As more and more organizational and user data has moved to the cloud, Chrome protects that data at rest and in transit, with additional layers of enterprise security capabilities. So, really it’s just layers of security all the way down.

Q: Could you elaborate on the value of this layered protection, especially for businesses?

Shield: Businesses are currently undergoing digital transformations, evolving their IT infrastructure and security posture. As businesses navigate this transition, they’re considering security access controls, auditing data access, and migrating to zero-trust architectures like Google’s BeyondCorp Enterprise at every layer of their computing stack. All these features, implemented within the browser, simplify the process, eliminating the need for additional software agents or expensive infrastructure. This layered protection, provided by Chrome, contributes to what we call secure enterprise browsing.

Q: How do you prioritize which security features to develop and implement in Chrome, given the ever-evolving landscape of cyberthreats?

Shield: We work very closely with our customers, IT admins, security architects and chief information security officers to understand the security challenges they’re facing and to make sure we’re building the right technology for them. Our customers tell us data loss prevention, secure access, hybrid workforces and the migration to cloud are all top of mind. We also work with both internal and security experts and external vendors to fully understand security trends and how we can keep our users and customers as safe as possible.

As threats and the landscape evolve along with trends such as hybrid work and cloud computing, it’s critical to maintain an end-to-end viewpoint on security, and the browser must be a priority when securing environments.

Robert Shield, Director, Engineering, Google Chrome Enterprise

Q: How does Chrome’s secure enterprise browsing work, and what additional security measures are in place to protect sensitive business data?

Shield: Our Chrome Browser Cloud Management system provides robust data protection, security-event reporting and customizable control over an organization’s Chrome deployment. This “control plane” enables administrators to activate various security layers, set policies and implement data loss prevention measures. It allows customers to manage and control access to corporate data and configure Chrome to prevent certain data types from being downloaded or copied, or flag suspicious activities like sudden mass downloads. These incidents are reported to your security-event-management systems, alerting you to any potential threats and enabling you to react swiftly.

Q: What are some examples of “invisible security” features in Chrome that help users make better security decisions without being overwhelmed by complex choices?

Shield: IT and security administrators face a delicate balance in securing data access while enabling productive work. The challenge lies in creating a system that’s secure, yet doesn’t involve convoluted processes that hinder workflow. We aim to strike a balance between what we call invisible and usable security. There are a ton of capabilities working in the background whenever someone is using Chrome, including our malware, ransomware and phishing protections. Google’s Safe Browsing protects over 5 billion devices every day, keeping users safe from dangerous websites, downloads and extensions.

Chrome’s data loss prevention and secure sign-in capabilities operate quietly in the background as users go about their day, logging into corporate email or downloading files. Chrome registers these events with corporate security systems, intervening only when something goes wrong, like a user tries to download a restricted file or access an off-limits system. It then informs the user of the administrative policies that prevented the action and provides next steps. Our approach parallels that of our Safe Browsing, site isolation and sandboxing measures—all functioning invisibly in the background, protecting users without disrupting their work.

Q: What’s the biggest lesson businesses should learn from you?

Shield: The key takeaway here is that security is a continual process, involving layers of capabilities across systems both in the cloud and on the endpoint. Chrome supplies many of these layers and integrates with security systems customers already have in place. An end-to-end perspective is vital, especially in the context of browser access to data. The term “secure enterprise browsing” encapsulates this holistic approach, utilizing all the layers and capabilities developed by us and others in the industry. As threats and the landscape evolve along with trends such as hybrid work and cloud computing, it’s critical to maintain an end-to-end viewpoint on security deployments, and the browser must be a priority when securing environments.

Learn more about what Google Chrome can do for your enterprise.

Custom Content from WSJ is a unit of The Wall Street Journal Advertising Department. The Wall Street Journal news organization was not involved in the creation of this content.