Chromebooks: From Home to the Office
Today, Chromebooks have gained traction in a market that Linux never really did. But as result of not being one of the big three OS everyone buys, there can be a lot of obscurity about what Chromebooks do that make it a liability when transitioning from the home to the organization. It isn’t really a computer in the traditional sense. Some protections traditional PC need, the Chromebooks won’t. Some things PC’s automatically lock down are going to be shared on Chromebooks by default. This presents many questions. Does the user need AV software, can a Chromebook be removed from the Internet, and will confidential data stored on a Chromebook from local shares potentially be pulled to the cloud? This differs from the questions usually posed by users, “Can I do my work?”
For such a simple device, Chromebook are more complicated for an organization to manage and deploy than just setting up a user. Unlike phones and other mobile devices they can’t be as easily locked down, users expect a much greater level of access to network resources when using a Chromebook as their primary computer; and there can be serious concerns how these cheap cloud based PC’s should be managed.
INVESTING IN ANTIVIRUS AND MALWARE TOOLS
Many users and organizations seem to insist antivirus software is needed. Meanwhile manufacturers are pretty unanimous this isn’t the case. This was a big positive presented for Chromebooks and generally AV software represents an unnecessary expense by administrations that still have a PC Windows mentality. While a user could install something from the market that wasn’t a good program (malware), Chromebooks are a locked architecture, like a phone. They have little or no chance of viruses, spyware, or system corruption because Google would automatically scan and clean any file uploaded to its server. They are basically a hardware based browser so they can obviously get all the unpleasantness browsers do. But generally, the user accessible parts of a Chromebook are synchronized to the web and scanned thoroughly…and the rest; the system itself, can be wiped regularly without data loss.
A bigger issue however for organizations introducing Chromebooks for general use is managing Enterprise owned data. Chromebooks are more like an Android phone in many ways in that the primary account used to log into the device is a critical part of any accounts managed with it. This means a picture taken on a cell phone by an employee may sync to the same drive and account as the presentation shared to the board; and confidential documents may be synchronized to off-prem accounts without warning. There is poor indication of ownership on shared resources with Google. A personal Gmail account document shared to a work account will appear to reside in the work account, but completely managed by the user and not the organization.
CHROMEBOOKS DO NOT HAVE TO USE GOOGLE DOCS INSTEAD OF MS OFFICE
On the other hand, a positive is that Microsoft Office has had a web based Office component called Office 365 for some time which was available to anyone with E1 licensing. For most this is now free for individual use. So there is actually a high level of compatibility between Chromebooks and existing Windows PC. Like Google, Microsoft requires a small fee for some organizations when several accounts are managed. But Office 365 is web based and Google Chrome is a browser, it works very well and is stable. So there has been an Office product for the Chromebook since almost day one. While this web based product is different than the local versions of Office. They are functionally more similar to each other than Google Docs is to either product, and both are able to work to some extent interchangeably.
CHROMEBOOKS NOT ALWAYS A GOOD FIT FOR SCHOOLS
That said, one of the best applications marketed for Chromebooks are schools and educational programs and this might not be the case. While the schools certainly have the need, the platform, and the environment to make Chromebooks great; they also have some of the highest liabilities to protect and preserve student data. This is a problem because Google itself defers all liability back to the enterprise and the device owner. Ironically therefore Chromebooks may be better used by other non-profits and small companies than schools. Google does not filter web content automatically beyond the settings in the Chrome browser. To do that, an organization may have to buy enterprise controls, content filtering, proxies, and other programs most schools can’t afford or think they need. Since Google accounts are essential to using a Chromebook, it’s hard to separate Google from Chrome or stop users from installing software from the Google store, or any other actions online that students choose to do. The computer is the account and not the hardware, so users can even install software in a browser at home and it will push to the device when they log in.
In short, the money a school saves on AV software and hardware may have to go directly into security, data management tools, and resource tracking. Many of these tools are not free and some are even quite expensive. Also keep in mind that the data is stored with the user ID and not the device. So while a lost Chromebook can be remotely wiped and just transfer over when the user logs in elsewhere; that also means that anywhere the user logs in that data exists.
GOOGLE IS STILL BEHIND WHEN IT COMES TO ENTERPRISE
Allowing Chromebooks into the organization means also opening the organizations to Googles "free data" policies. Problems creating and deleting large numbers of users can be a problem too. Scripts that automatically deploy large numbers of accounts, auto agree to the use policy, or automatically assign group permissions exist. But may also inadvertently violate Google’s terms of use. The fines are also pretty stiff when they do. Chromebooks make it all too easy to share data publically; and unless the organization has savvy technology people with liability and security as a primary focus, it can be a real nightmare. There is an inability to add and then easily remove information like age from a generated account, or pictures shared publically, or slander posted online. Each user has to individually confirm their ages and information, agree to use policies set by Google, and software restrictions may limit the device to the point of un-usability if they are too young. For example, Kids 13 years or younger can’t use Hangouts, which is the main communication client for Google and in turn it integrates with a lot of other applications so features like collaboration in Google Docs, Google Voice, and other programs might be affected. Many enterprise features are there: Creating users, groups, and shared resources. But managing a large enterprise is difficult without adding a massive number of commercial add-ons and tools right now.
To spite the obvious benefits of the Chromebook as a personal device. Google as a back end is very much the Chromebooks Achilles heel in terms of security. There is an ease with which data can move over Google resources that could well make any good lawyer or manager cringe.