Source URL: https://cloud.google.com/blog/products/chrome-enterprise/outbrain-taking-control-of-extension-security-with-chrome-enterprise/
Source: Cloud Blog
Title: Outbrain: Taking control of extension security with Chrome Enterprise
Feedly Summary: Editor’s note: Today’s post is by Travis Naraine, IT Infrastructure Engineer, and Harel Shaked, Director of IT Services and Support, both for Outbrain, a leading technology platform that drives business results by engaging people across the open internet. Outbrain adopted Chrome Enterprise and integrations from Spin.AI to create policies for secure app and extension use and manage automatic updates for its dispersed workforce.With a workforce as dispersed as ours, security is always a challenge. We standardized on Chrome Enterprise browser two years ago, and it’s become the linchpin of our cloud-first strategy, giving us a way to manage all of our users and stay secure. But we had concerns about browser extensions and we felt it was time to find a solution.The value of extension managementWe know people like to use browser extensions to improve their productivity and to access the tools and features they need to do their jobs. We also know there are malicious extensions available online. But vetting, testing, and blocking extensions manually was time-consuming and not 100% effective because it didn’t give us visibility into which extensions and apps were already in our environment.Our process was reactive instead of proactive, raising concerns over missed opportunities to detect and block risky extensions. We needed a more automated way to enable employees to safely install Chrome Enterprise extensions.Tools for extension risk assessmentAs we explored solutions for another security project, we came across Spin.AI’s SpinOne platform, which includes the SaaS Security Posture Management (SSPM) solution for third-party application security. SSPM had several points in its favor, including features for continuous app assessment for browser extensions and the ability to easily integrate with Chrome Enterprise. The SpinOne platform met several of our SaaS security needs, and we like to stay with one vendor whenever possible.Now we use Chrome Enterprise extension risk assessment, powered by Spin.AI, to generate risk scores and comprehensive risk assessment reports that assist in decisions about allowing or blocking extensions. In addition, with Chrome Enterprise Core’s extension workflow, Outbrain employees can easily submit extension requests for IT and security teams to review and allow or deny use of the extensions.
The automated process through Chrome Enterprise saves significant time compared with manual reviews. The new policies and the Chrome Enterprise and Spin.AI solution has created an environment that nudges users to think more about anything they were installing—extensions, and other apps as well.Using extensions securely and safelyChrome Enterprise makes management and control easy, enforcing policies for the browser and extensions with less complexity. We even develop our own in-house extensions for Chrome Enterprise for tasks like inspecting widgets within the company.In addition to setting browser policies through the Google Admin console, we can manage automatic updates to ensure our employees are using the newest version of Chrome with the latest security patches, further reducing our exposure to vulnerabilities.We definitely have fewer worries about browser security today. We know that Spin.AI and Chrome Enterprise are doing their job in the background, so we’re not constantly concerned that a user is installing something malicious. We can set it and forget it.
AI Summary and Description: Yes
Summary: The text discusses the integration of Chrome Enterprise and Spin.AI’s SpinOne platform within Outbrain’s cloud-first security strategy. This approach aims to manage browser extension security and mitigates risks associated with malicious extensions, thereby enhancing overall IT infrastructure security for a dispersed workforce.
Detailed Description: This analysis covers the decision-making process and solutions adopted by Outbrain, a technology platform, to bolster its browser security amidst a dispersed workforce. Key insights include:
– **Adoption of Chrome Enterprise**: The organization standardized on Chrome Enterprise as a fundamental component of its cloud-first strategy over two years ago, enabling centralized management of users and reinforcing security protocols.
– **Challenges with Browser Extensions**:
– Employees favor browser extensions for productivity, yet malicious extensions pose a significant risk.
– Previous manual vetting processes for these extensions were labor-intensive and lacked effectiveness, leading to missed opportunities for risk mitigation.
– **Automated Risk Assessment Tools**:
– Discovering Spin.AI’s SpinOne platform provided Outbrain with a solution that integrated seamlessly with Chrome Enterprise.
– The SaaS Security Posture Management (SSPM) capabilities allow for continuous assessment of browser extensions, essential for maintaining a secure environment.
– **Implementation of Extension Risk Management**:
– The risk assessment tool generates risk scores and comprehensive reports that inform the IT and security teams about which extensions to allow or block.
– Streamlining the extension request process has empowered employees while enhancing security oversight.
– **Policy Enforcement and Updates**:
– Through the Google Admin console, policies can be enforced across the organization, and automatic updates are ensured to keep all users on the latest version of Chrome, thus minimizing exposure to vulnerabilities.
– **Benefits Realized**:
– A significant reduction in browser security worries due to the automated management of extensions.
– The security measures in place not only enable Outbrain to manage risks effectively but also promote a culture of awareness concerning application use among employees.
Overall, this narrative underscores the importance of optimizing browser management through effective security solutions in the face of evolving cyber threats, making it highly relevant for professionals in IT infrastructure security and compliance.