Embed Size (px)
Citation preview
How Google Chrome is Putting Your Company in Danger
Robert Ayoub, Industry Manager
Network Security
October 2, 2008
2
Focus Points
• Google Chrome - The Gateway to Google Apps
• “Throw away your email server and fire your IT guy”
• Main Street vs. the CSO
• Strategic Recommendations for CSOs
• Conclusion
3
Google Chrome - The Gateway to Google Apps
4
“At Google, we spend much of our time working inside a browser. We search, chat, email and collaborate in a
browser. And like all of you, in our spare time, we shop,
bank, read news and keep in touch with friends - all using a browser. People are spending an increasing amount of
time online, and they're doing things never imagined when the web first appeared about 15 years ago.”
Why We Built a Browser -
http://www.google.com/chrome/intl/en/why.html?hl=en
Google Chrome - The Gateway to Google Apps
5
Google Chrome - The Gateway to Google Apps
• Google Chrome was officially released on September 2, 2008
• Lots of innovative features
• Crash Control
• Optimized Javascript
• Improved interface
Source: www.google.com
6
Google Chrome – Security Features
• Google Chrome has implemented a number of security features
that other browsers should note:
• Sandboxing
• Phishing indication (which many browsers do offer)
• Virtual machine usage
• Enhanced security model
Source: www.google.com
7
Google Chrome Leads to Google Apps…
• The real danger to the organization does not come from the
browser itself.
• The danger comes from what the browser enables for the
organization:
Source: www.google.com
8
“Throw away your email server and fire your IT guy”
9
“Throw away your email server and fire your IT guy”
Google Apps offer many advantages
• Integrated applications
• Easy to set up
• Full office productivity suite that’s online
• No maintenance
10
“Throw away your email server and fire your IT guy”
• Numerous reductions in cost for organizations
• Reduction in infrastructure costs
• No new servers
• No new storage requirements
• Reduction in the update cycle for machines
• Reduction in patching costs
• Patching falls onto the host
• Reduced security costs
• All responsibility for security falls onto the host
11
“Throw away your email server and fire your IT guy”
• For all the advantages, there is still one major disadvantage…
The minute that you put your data in the hands of your provider, you have just lost
control and security of that data!
12
“Throw away your email server and fire your IT guy”
• Despite the fact that Google no doubt takes the security of
Google Apps very seriously, the truth of the matter is:
• There is no longer visibility into who is viewing the data
• There is no tracking of attacks
• There is no access control tracking or viewing of SIM data
• Even more scary is that the end users – those with no security
training – are the ones creating their own sites and moving data
outside the enterprise.
13
Main Street vs. the CISO
14
Main Street vs. the CISO
• Let me introduce Denise….
Source: Frost & Sullivan
15
Main Street vs. the CISO
• This is Denise’s monitor
Source: Frost & Sullivan
16
Main Street vs. the CISO
For the first time, end users are driving the adoption of application
in the enterprise, not IT.
Source: www.apple.comSource: http://www.brighthand.com/default.asp?newsID=14437
17
Main Street vs. the CISO
• With the first release of the iPhone into the Entrerpise
• The iPhone is Not Meant for Enterprises
• iPhone Not Good Enough for Business and Enterprise Users
• Not a Year later…
• The iPhone Trickles into the Enterprise
• Enterprise, Meet the iPhone
18
Strategic Recommendations for CSOs
19
Strategic Recommendations for CSOs
• Recognize both the risks AND benefits of new devices and
applications.
• There might be compelling reasons to implement Google Apps within your organization.
• Know that doing so would instantly limit your visibility into the security around the data.
• What legal liability do you have?
20
Strategic Recommendations for CSOs
• Be vigilant
• Look for new devices to appear on the network.
• Look for data leaving the enterprise to sites like Google.
21
Strategic Recommendations for CSOs
• Educate your management and your users
• If your C-suite are likely early adopters, make sure they are aware of and accept the risks associated with bringing those devices into the enterprise.
• Make sure that your policies specifically cover the transfer of data outside the enterprise.
• Make sure your users understand the implications of bringing newdevices onsite and setting up their own sites or apps.
22
Conclusion
23
Your Feedback is Important to Us
Growth Forecasts?
Competitive Structure?
Emerging Trends?
Strategic Recommendations?
Other?
Please inform us by taking our survey.
What would you like to see from Frost & Sullivan?
24
For Additional Information
• To leave a comment, ask the analyst a question, or receive the
free audio segment that accompanies this presentation, please contact Stephanie Ochoa, Social Media Manager at (210) 247-
2421, via email, [email protected], or on Twitter at
http://twitter.com/stephanieochoa.
