Chrome OS adds enterprise identity verification

Google has boosted security for its Chrome devices, adding verification that ensures enterprise network services know the identity of clients connecting to them.

Acer Chromebook

Chrome for Work product manager Saswat Panigrahi said Verified Access provides a hardware-level cryptographic gurarantee of device and user identity, and validates that their state is policy compliant.

Enterprises can limit connections to network resources such as wireless access points, intranet pages, virtual private networks, and file servers to authenticated users with trusted devices only.

Chrome OS uses the Trusted Platform Module (TPM) crypto processor present in the Google-designed devices like Chromebooks for identity and status verification to enforce enterprise policies around network and data access.

Using cryptographic confirmation of identity and status with TPMs prevents malicious actors who have compromised operating systems from authenticating on enterprise networks, by sending out fake signals that current heuristic client-side solutions check for.

Verified Access supports Google and Microsoft certificate authorities, allowing admins to distribute hardware-protected digital certificates only to managed and verified devices.

Verified Access has been a Google-only security feature until today, but it is now made available for external use through an application programming interface (API).

Panigrahi said Chrome devices will now also have smartcard authentication, an enterprise security feature that Microsoft's Windows operating system has had for many years, and which is also available in Apple's OS X/macOS.