During a 2015 event at the Northwestern Institute for Policy Research, participating panelists discussed the digital revolution and the classroom’s exposure to it. At the time, school districts had begun to adopt 1:1 policies, where each student would have access to laptops or tablets. Google was at the forefront of this surge, gaining a healthy chunk of new users each year across the education industry.
Today, the formidable duo of the Google Chromebook and the G Suite for Education has changed the way education is approached. In this post, we will explore three different factors in the discussion about Google Chromebook security that has been raging in the education sector.
A fundamental shift has taken place in the education sector. According to the New York Times, “Today, more than half the nation’s primary- and secondary-school students — more than 30 million children — use Google education apps like Gmail and Docs.” Google Chromebooks represent an affordable option for school districts and a familiar interface for students. These devices house Google’s G Suite for Education, which reportedly accounted for 70 million users as of January of 2017, up from 60 million in 2016.
This trend is just getting rolling. Chromebooks provide a variety of benefits, such as ease of use and affordability that competitors have failed to match, which is fueling its adoption. However, with such a broad network of devices and applications, questions about Google Chromebook security have begun to be raised.
In order to assure maximum benefits from the technology, complex security controls are necessary. Google Chromebooks have the benefit of automatically downloading and installing their own security updates. However, the device and its associated cloud still have an attack surface that can, and will be targeted.
The path of least resistance to devise a successful attack on Google Chromebooks is to start from the inside. For example, Google Chrome extension iCalc was revealed to be a malicious extension that took advantage of invasive permissions, allowing it to track all browser activity and mine user data. It was eventually discovered and removed from the Chrome store, but not until it had compromised over 1,000 users.
Access to inappropriate or malicious websites needs to be controlled. Attacks from the web or the Google store only need to be active for a short time in order to compromise a significant amount of user data. Which is why automated patching isn’t enough – by the time a patch is available and applied, the damage to some end users has already been done. In order to continue the development of advanced networks within educational institutions that enable interactive learning, educational institutions are being forced to find a proactive Google Chromebook security solution.
Ensuring the protection of the intellectual property that users house on a vast network of devices must be a priority in the education sector. Google has the capacity, along with access to the third-party tools necessary to protect the Chromebook attack surface. They just need to step up to the plate.
Due to the number of moving parts and a growing set of unknown factors, maintaining a widely accessible network while working within country, state, and local regulations is a challenge of its own. It is imperative, therefore, that in addition to any security solutions provided for the Chromebook, that educational IT teams build a security infrastructure that can scale as the network grows, can adapt to the elastic nature of a dynamic and highly mobile educational network, and can automatically detect and respond to malicious activity anywhere across the environment. As education institutions continue to adapt and expand, they will continue to face fresh, complex cyber threats. They require advanced security solutions designed to keep pace with those demands.
Educational institutions are a critical part of every country’s infrastructure. Connected devices and interconnected networks are becoming the norm in at all levels of education, and the legacy security systems of the past were never designed to keep up. The Google Chromebook is a prime example of this change. They are vulnerable not only because they are the dominant device in education, but also because the network security educational institutions have in place were never designed to protect them.
Protecting the privacy and intellectual property of the young minds that have been trained to pour their knowledge into a suite of Google education products is paramount. Meeting the evolving security requirements in education institutions requires a strategy that can address the unique requirements that devices like the Google Chromebook bring with them.
Fortinet Education Solutions are cost-efficient, and provide proactive and adaptive protection for all devices and data on today’s growing and highly elastic networks. For those educational institutions that employ the services of Google Chromebooks, the FortiClient Chromebook Solution provides comprehensive protection designed to complement your security infrastructure, including delivering automated updates to keep defenses up-to-date.
Want to learn more about Google Chromebook security? Register for our upcoming webinar to better protect your school while meeting compliance.