Chromebooks security & use in business environment

I would like to know how secure chromebooks are? I have a business that wants to start exchanging out their Windows PC's for Chromebooks since they are so cost effective. They are starting to use an online program (database) for the main part of their business so it makes since from that perspective. Are there any AV apps for Chrome?

Is anyone using Chromebooks exclusively? How secure are they in the business world? Any major problems??

Thanks!
LVL 1
BlinkrAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

gheistCommented:
Ask your favourite search engine for "chromebook for work"
Not, there are no viruses yet for Linux, even less for minimized Linux on android or chromebook (with option above you stop app installs, so no spy apps can get in)
McKnifeCommented:
You seem to think that devices and preinstalled software can be categorized into secure/less secure/insecure. That is not the case. Windows or linux are not secure/insecure but the question is how YOU use it. What do you do with it (applications being used, updates being applied, physical security and so on)? based on that, you will need to apply best practices in security.

So in short: this question cannot be answered or needs to be rephrased.
BlinkrAuthor Commented:
Thanks for the responses. I'm sure Chromebooks & Chrome are secure, but I was hoping that someone was actually using Chromebooks in their work or supporting a business that is using them. I was hoping to find out the pros & cons of using them with a businesses & any workarounds for any of its shortcomings.

Thanks again!
Get Cisco Certified in IT Security

There’s a high demand for IT security experts and network administrators who can safeguard the data that individuals, corporations, and governments rely on every day. Pursue your B.S. in Network Operations and Security and gain the credentials you need for this high-growth field.

gheistCommented:
Yes, i installed Debian on one.
You know whole chromebook is so clouded and clouded down to useless... Aproximately like having chrome browser and nothing else on a computer.
btanExec ConsultantCommented:
Chromebook has its security inherited from its Google Chrome OS (not Chromium OS, see this video). Generally, it is still secure against most direct attacks on the local hardware and with the Chrome browse. There is no 100% secure platform as bug exist and will alwys be discovered one day, hence the diligence in continuous patching and update to the Apps in the platform and OS. It does have that “defense in depth” to provide multiple layers of protection e.g.  
- Own updates and manage overall system readiness (releases official updates to Chrome OS every 6 weeks) automatically (compared to traditional OS with many vendors' software components bundled and different update mechanisms and user interfaces to keep it updated)

- "Sandbox" each web page and runs application in this restricted environment to contain threat to prevent mass infection spread, the page to malicious is isolated to the resource in that sandbox created for it only.

- Perform  "Verified Boot" and detects any system tampers or corruption in best means and does self recovery where possible, sort of revert back to original snapshot or best "clean" state. Just to share this uses an embedded 8192-bit RSA public key to verify the cryptographic signature on its read-write firmware, equipped with a TPM (tamper-resistant hardware) to ensure that outdated signatures won’t be accepted.

- Encrypt all its data at rest implemented using the Linux kernel's eCryptfs with keys that are protected by the TPM. Also those into the Cloud as best default configured for data in transit by authorised user login via online account or even via Guest mode. The latter mode from Chrome browser is to support privacy measures via such incognito mode so that none of your browsing data, including downloads, will stay persistent after session is closed.


But we need to be savvy that still dependent on Apps to make sure diligence to maintain such confidentiality at their codes to encrypt as another layer etc.

http://chrome.blogspot.sg/2011/07/chromebook-security-browsing-more.html

For AV wise, not that I hear it supports it natively but rather maybe via Apps. Not much venture or many shared it is that essential with measures mentioned earlier. At most one using Chrombook reset to its original state and just keep your data elsewhere and populate back again.

http://chromebooks.support/chromebook-virus-help/ 

Chrome has a software removal tool too if come to worst case that software is causing problems or experience crashes after installing Apps etc https://www.google.com/chrome/srt/

As a whole, it is really to cater more as friendly platform (maybe than Windows and not so much Apples). At the same time to proliferate its Google Apps platform to push growth in more developer friendly and collaborative applications into a cloud-connected environment.

So for security wise, it is definitely not lacking but its is likely not it core and competitive objective. Afraid I have to use it more to balance that with the cost and friendliness it offers wrt to the needs for greater mobility and accessibility connectivity.

 I will refrain very much to use it for Enterprise wide roll out or sensitive site engagement. A setup for POC, mobility classroom and possibly some BYOD use case of limited user pool in SME implementation may suit better. To reduce exposure and yet able to always stay connected easily and transact with soundness and measured safety in mind.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
McKnifeCommented:
You would like to see someone saying "yes, we use it and we think it's very secure, because...". You would be better off defining needs in a checklist and then do research on those and see if they can be fulfilled with the CB. We could help you!

Until then, read http://static.googleusercontent.com/external_content/untrusted_dlcp/www.google.com/en/us/intl/en/chrome/assets/business/chromebook/downloads/chromebook-security-built-in.pdf for a start. And maybe (maybe), also read http://arstechnica.com/information-technology/2013/09/why-the-nsa-loves-googles-chromebook/
gheistCommented:
It is all cloud. no internet no computer.
As I said it makes cheap alternative to refurbished laptop installing Linux
BlinkrAuthor Commented:
Thanks btan! Your response was more of what I was looking for. I have a client who is deciding to go with Chromebooks for his business, as he has a friend that has done this. I was sort of baffled as why he would give up on Windows to go this route. I had looked at his friends office to see how it was working for him & its doing well since both businesses use an online database program almost exclusively anyway.

I was basically looking for someone that supports a business/office that uses Chromebooks already to find out what they find as its benefits & problems.

Thanks McKnife as well for responding, but no I wasn't looking for that "phrase" at all. I wanted to find someone that was already supporting, or using, Chromebooks in a business/office environment to see how well it was working. I don't have any specific "needs" at this time as this situation is a first for me. I had always put Chrome in the same category as  Apple as far as business use was concern. But now that I have read more about it, especially the links posted by btan, I am getting a better picture how useful & cost effective it can be.

Also I have discovered some valuable advantages & pitfalls concerning an exclusive online environment. So I can better understand which clients can take advantage of Chromebooks & which may not want to dive into it currently.
btanExec ConsultantCommented:
staying connected has its pro and cons. my experience of having a fully lockdown make business centric user frustrated due to the constraint. Chromebook is good for such matter as long as the data is stored elsewhere and even within the encrypted usb drive they have. It is just a shell or carrier to facilitate user data exchanges and running, other than that, the baseline Chromebook based on its current OS is fine with them - they are looking for tablet and iPad which latter also does not have AV.  We just revert back to snapshot as necessary, no loss or harm. The concern is more of safeguarding the data residing in Cloud (Google Drive) and elsewhere in those virtual instance. As long as user is savvy and not just click and let their guard down, I still see them as first (and last) line of defence against attack attempt against the basic phishing email and malicious website surfed.

.. I wrote some article just for info - we only try our best wearing the security hat and support business which has final say.
http://www.experts-exchange.com/articles/17459/Navigating-the-2015-Fail-Factors-Be-security-wise.html
http://www.experts-exchange.com/articles/15959/Cyber-Security-The-Good-The-Bad-and-The-Ugly.html
gheistCommented:
Probably the somebody is google only...
Chrome OS is essentially a computer running only Chrome browser.
Can you imagine anybody working (like really adding value) using browser only? Facebook day long does not count.
Allen FalconCEO & Pragmatic EvangelistCommented:
Yes, we use Chrome devices and feel they are secure because:
Built-in security in depth
We control who can access each device and whether or not devices can be shared or have guest accounts
We control if and how the local SSD storage is used, and whether or not data can be transferred by USB device
Our data is kept securely in cloud services
We use 2 Factor Authentication (2FA) to further protect user identity and access
We control which apps are installed and/or accessible from each device
Allen FalconCEO & Pragmatic EvangelistCommented:
Oh, and we do nearly everything via cloud services and applications ... from docs, spreadsheets, and presentations, to CRM, service management, and project management.  For legacy apps, like our accounting system, we use VDI to access a cloud-hosted Windows environment.
BlinkrAuthor Commented:
A lot of great input here. Thanks to all.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Google Chrome OS

From novice to tech pro — start learning today.