As remote work remains the norm for many people, organizations continue to seek out solutions to protect corporate data regardless of where employees are located and which devices they use. In particular, monitoring for potential data exposures can be a challenging task when employees or contractors use unmanaged devices, as there is risk of downloading unauthorized data or accidentally uploading sensitive files to personal accounts.
Traditional solutions to these challenges, such as using Virtual Desktop Infrastructure (VDI) or agent-based tools, can be costly and interrupt user productivity. We’ve added two secure enterprise browsing capabilities in Google Chrome to help implement strong, low-overhead data controls in tools already in end-users hands.
New Data Loss Prevention (DLP) rules with Context-Aware conditions can provide the ability to control sensitive information transfers based on user and device attributes. An admin can create targeted rules that limit access based on the user’s device information, such as only allow access to users with Chrome Managed Browsers. Such rules are a key ingredient for organizations that want to protect their data from unauthorized access, particularly when data is being accessed on personal devices, external networks, or restricted geo locations.
A data loss prevention (DLP) rule blocks downloads of documents from high-risk geolocations by configuring a simple Context-Aware Access condition in Chrome.
Using Context Aware device conditions can be particularly useful when you pair it with our new Chrome URL filtering feature. Combining these two capabilities together allows administrators to create rules for specific authorized URLs or categories of URLS based on user device and profile. For example, a customer can now write a rule to block access to social network sites on Chrome for all managed chrome browsers.
These new capabilities are generally available from BeyondCorp Enterprise (BCE) and are delivered through Chrome, which make up our secure enterprise browsing solution. BCE with Chrome gives administrators the ability to target specific actions and easily scale policies without forcing an installation of any new browser or additional software which can impede end-user productivity.
Customers have already been using these new features across a number of use cases, including:
- Creating rules to block users from transferring data to websites in defined URL categories, such as “social media,” for managed browsers
- Prohibiting access to a URL category of websites for an entire organization
- Defining custom lists of URLs in order to manage access to web resources based on a set of URL patterns
- Blocking users from accessing certain sites from restricted geo locations or only allowing IPs from specific countries to download files from SaaS apps
- Configuring rules that restrict users in the certain departments (such as finance) from downloading or uploading documents when they are not in a specific geographic region
- Blocking downloads from Google Workspace (including Drive and Docs) on non-corporate devices, effectively making these apps view-only
For example, customers who manage contact centers where employees use unmanaged devices can now ensure their help desk agents can only access specific web applications, and do not have general Internet access from within a corporate profile.
Customers can set up URL filtering in a matter of minutes. As you can see below, setting up a new Context-Aware Access rule to stop all managed browsers from accessing social networks can be easily applied to an entire org using the new URL visits option. The context condition for accessing URL categories in this case is managed browsers, and the action is set to block. In this example, we use the power of Google Search indexing to offer hundreds of website categories across the web with new sites being indexed and categorized within hours.
The above is an example of how context-aware policies can be used to improve the security of your users and corporate data. Additionally, admins aren’t limited to these set categories or predefined access levels. You can create your own granular rules and lists of URLs to set the right conditions for your organizations and keep users safe.