There has been a huge increase in the use of wireless devices to connect to organization’s secure networks and it’s created a new security challenge for network admins. Securely connecting devices like Chromebooks required certain processes to ensure they are configured correctly and protected against outside attacks. Now with increases in remote work and schooling, this challenge is made even harder.
SecureW2 has assisted the deployment of several Chromebook launches and provides powerful management tools to provide a streamlined experience for both admins and users. Read here how SecureW2 helped a global insurance firm successfully integrate Chromebooks.
With the help of our extensive experience with Chromebooks deployments, we have compiled some of the best strategies to implement when launching Chromebooks on your network.
Make Onboarding Simple
For the average network user, convenience will always out-value security. Users want simple solutions that are fast and reliable, so making enrollment and onboarding easy is a definite need. If the process becomes too difficult or time consuming, users will either make a mistake or circumvent the process, potentially opening a security liability.
For onboarding Chromebooks, there are 3 primary options.
- Require IT to configure every Chromebook
- While this method certainly would result in accurate configuration, it is more strenuous and time-consuming for IT. There would be no IT support tickets from students and each user would have a Chromebook that is ready to use. Unfortunately, IT would be taken away from value-add tasks. Overall, this method is likely too cumbersome to be a viable option for organizations with more than a few devices.
- Distribute onboarding instructions to every user and allow them to self configure their devices
- This of course takes the burden off IT, but it relies on the average user to perform complex device configuration steps. Even with a detailed list of instructions, there will inevitably be mistakes and IT support ticket requests as a result. Misconfigurations are certainly a risk here, as it is generally a bad security decision to rely heavily on the human component of cybersecurity.
- The use of 3rd party software to configure your Chromebooks
- This is the easiest solution for admins and users, but it is more expensive than the other options because of the 3rd party. Of course, if you choose this option, you should be getting a lot for your dollar. An effective onboarding software should be easy to configure by admins and easy to complete by end users. If you do your research and find an effective onboarding solution, it will result in accurate configuration for every user and nearly no support tickets for IT to address.
Configure Robust User Policies
One of the most effective ways to protect your network is to regulate who can access the network and what they have access to. If you’re able to prevent outside users from entering the network and reduce the number of people who have access to valuable data, your network will be far safer from attack. This is accomplished through network segmentation and use policies.
Segmenting the network into groups is logical as different people use their Chromebooks for different tasks. Take a school for example. Teachers would have different applications they use to complete their tasks compared to students. If the network wasn’t segmented by teachers and students, they would have access to the same resources and could result in serious issues. Additionally, network segmentation allows you to enact Zero Trust policies that make the network much more difficult to steal data from.
Next, through use policies, an organization can dictate which resources, sites, applications, etc., a user has access to. If people are allowed to take devices away from the organization, they are likely going to be used for non-school or non-work related activities. While this typically is harmless, some people may visit unsafe websites or accidentally contract malware that could damage an organization’s network the next time they connect.
Through use policies, admins can ensure certain apps or sites are inaccessible, or relegate Chromebooks to work/school related activities only. This can help protect against malware, phishing attacks, and more.
Avoid Configuring with AD CS
When it comes to authentication, certificates far outperform credentials in every metric. They are more secure, they authenticate faster, they provide a better user experience, and more. One of the most common certificate setups is the use of Active Directory Certificate Services (AD CS). While AD CS can be an effective introduction to certificates, it simply cannot match up to a complete certificate solution due to its status as an on-premise solution and the use of outdated security methods.
Compared to SecureW2’s certificate solution, AD CS is incomplete. SecureW2 provides all the tools needed to launch certificate authentication for your network. We provide a Cloud RADIUS and turnkey PKI that integrate with any network infrastructure. Every Chromebook can be easily equipped with a certificate and configured correctly for accurate authentication.
The JoinNow onboarding solution makes it easy for end users to configure their devices. The process takes minutes to complete and can be used by anyone. SecureW2’s solution also allows for efficient cloud integration, so if you want to upgrade to Azure AD (or ditch AD entirely), it can be done with SecureW2.
Chromebooks are an excellent tool for remote networking and can expand the capabilities of any organization. Check out SecureW2’s pricing page to see if our Chromebook solutions can provide effective networking for your organization.