Chromebook works on the principle of ‘defense in depth’ to render several protection layers but, in case a single layer bypassed then, the remaining layers are still in effect. Chromebook data security comes under the category of shared responsibility because it is based on the cloud computing concept. It becomes an impediment for G Suite for Chromebook customers to implement the security controls, which are essential from data security, compliance, and regulation perspective.
CloudCodes for Chromebook helps consumers in ensuring a 100% security level from their end. It enables customers to take precautions in securing their data and take relief to breathe while working on the web. CloudCodes adds a security layer of cloud data protection via DLP standards to implement depth visibility and control.
The Chromebook security offered by CloudCodes enables officials to secure their highly confidential data in real-time. Data loss prevention policies will allow users to detect, track, and block sudden information breaches on Chromebook. It will enable its customers to close their eyes when data is in use, at rest, or transmit mode.
CloudCodes uses two different approaches to bring control to G Suite Chromebook DLP.
An agent-based approach, CloudCodes agent, is installed on the end-user machine. The agent acts as a web proxy, i.e., the web traffic of applications that need to be monitored are passed through the agent. Other traffic can be redirected directly to the web without passing through the agent. The agent doesn’t store any content that it inspects. The following features are provided through the agent.
Sharing across OU:
this allows the IT to ensure documents across departments cannot be shared. E.g., the Finance department users cannot share documents with the operation team.
the IT can track/block the deletion of documents. There are times when the user tries to delete the records intentionally/unintentionally. The materials are the assets of the organization.
External Sharing of documents:
the IT can control in real-time track/block sharing of documents with blacklisted domains such as personal domains or competitor domains etc-etc.
Personal Gmail block:
the IT can now block access of personal Gmail within the enterprise network or on company-owned devices while allowing access to enterprise Gmail.
the IT can now also block clipboard operations such as copying content from Google Drive documents to external G suite applications such as notepad or third-party websites.
In the agentless approach, CloudCodes uses the API provided by Google Drive to poll on the events on a G Suite document. IT can configure multiple policies for various sets of users to overcome the challenges of data loss prevention. The agentless approach allows the action to be taken in near real-time. The following rules can be configured.
Sharing to an external organization:
if a user tries to share documents outside the organization, such as to a competitor.
Sharing to personal ID's:
if a user tries to share documents with their email ids such as gmail.com, aol.com or outlook.com, etc-etc.
Document contains keywords:
if a document contains a predefined keyword or regular expression.
The admin can configure the following actions as part of remedial measures.
revoke permissions of all users except the owner. It ensures if a user tries to share a document with a personal email id or another domain, the document sharing permissions can be immediately revoked in near real-time.
Notify Reporting Manager:
a notification will be sent to the reporting manager of the sender on the DLP, as mentioned in the rules.
Notify Super Admin:
a notification will be sent to the CloudCodes super admin.