Upload
others
View
21
Download
0
Embed Size (px)
Citation preview
Rethinking the End-pointChrome Shared DevicesSebastian Scheiter, Chrome Americas
Shared Devices
Share a common device among many users
Use a single device for multiple purposes
Simplify IT for distributed locations or locations with no
on-prem support
Run SaaS applications and controlled web environments
The Opportunity for ChromeChrome as a platform for shared devices can address these challenges in a number of ways
With the default security and automatic updates of ChromeOS, Chrome devices are an efficient solution for businesses who want to connect their employees and customers to critical applications and information without on-prem IT management or expensive hardware costs.
Core pillars
Smart
● Manage centrally/remotely● Scale with ease● One device, multiple
functions
Connected
● Devices fit-for-purpose● Customer & employee kiosks● SaaS/web applications● G Suite, Android apps, and
virtualization
Secure
● Security out-of-the-box; no third party software
● Defense-in-depth● Automatic updates● Easy solution for running
public sessions
Customer Value Proposition
Smart
Managed device experience
220+ configurable policies
Remote lock and automatic security
Control over OS updates
Single management panel
Central ControlChrome Device Management
User Settings
AppsExtensions
Security
Network Settings
Wi-fi Config.Manage Certs.
VPN Config.
Device Settings
Sign-inGuest mode
Device healthMachine data
Public Session & Kiosk Settings
Session lengthIdle logout timer
Policy refreshLanguage
AppManagement
Allow/force installKiosk appsApp pinning
Power mgmt.
Every setting, one admin console
One device can do the job of multipleOptimize IT efficiency, employee effectiveness, and customer experience
7:00AM: Bank associate logs on to complete training and check schedule
110:00AM: Associate uses device to educate customer on products
211:00 AM: Hands to customer to enter information to open account
3
4:00PM: Associate assists customer with research, adds product to customer account
62:00PM: Customer uses kiosk to learn more and requests help
512:00PM: Displays interactive ad for featured product to customers on line
4
Admin/Training Employee Assisted Selling Customer KioskCustomer-facingEmployee-facing
Digital Signage
45% 61.1% 67.4%Reduction in management hours per device, per year
Lower device cost More efficient ongoing device management
$4,146 319%Average annual benefit per device Three year ROI
Source: 2015 IDC Whitepaper - BV of Chrome Devices in Kiosk Mode
Affordability and efficiency produce a low TCOChrome share devices in kiosk mode vs. PC
Connected
ChromebaseForm factor: all-in-one (commercial options)Uses: Kiosks, Signage
ChromebookForm factor: Clamshell, convertibleUses: Productivity, Kiosks
ChromebitForm factor: HDMI stick (candy bar size)Uses: Signage, Kiosks
Chromebox Form factor: Desktop (commercial options)Uses: Kiosk, Signage, Meeting
Diverse devices for customers and employees
Chrome devices come in a wide range of form factors and price points, from HDMI sticks for powering intelligent screens to commercial-grade devices built for 24/7 uptime and heavy use.
Android Apps on Chrome devices
We’re combining the breadth and versatility of the Android app ecosystem with flexibility and manageability of Chrome.
+Manageability
Easy device sharing
Diverse form factors
Chrome and
Google Play
1 million+ apps
Strong offline capability
Ideal for touchscreens
Android Apps on Chrome devicesEnhancing native features while expanding on additional capabilities
Productivity
Multis-size window appsDesktop class browsingMulti-tasking
Mobility
Touch-optimized appsBreadth of Google Play appsOffline capabilities
Manageability
Cloud-based managementCustomizable experience
App Consistency
Native platform with wide API set across platformsConsistent UX
Enhance Expand
Android apps in single-app kiosk mode
● Remotely push apps from the management console, just like Chrome
● Includes support for:○ Signage/content delivery apps○ Thin client apps like Microsoft RDP○ Assessment/testing kiosk apps
Packaged apps and extensions
● Support for remote installation of packaged apps and extensions
● Supplements hosted app capabilities
New in Chrome
Admin experience: Android app management
Approval in Managed Google Play Delivery through Chrome Device Management (consistent w/Chrome apps)
Virtualization for legacy applications
Support for multiple solutions
● Citrix Receiver for Chrome● VMware Horizon Client● Amazon WorkSpaces Client● Chrome Remote Desktop (RDP)
802.1x
StorageCertificatesNetworkingIdentity
Enterprise infrastructure integration
Secure
Secure by default: out-of-the-box on every device Defense-in-depth approach maintains security measures at every level
Level Feature(s)
Hardware Trusted Platform Module (TPM)
Firmware Verified boot
Operating System Sandboxing, Full disk encryption, automatic updates
User Sessions Per-user encryption, x-device policy compliance, safe browsing, certificates
Policies Sign in, network policies, signed policy delivery, permissions, public sessions
App Delivery Malware detection, remote malware uninstall, blacklist/whitelist, prevent side-loading
Verified Access Real-time device identity check
Hardware security Trusted Platform Module (TPM)
TPM & Encryption
● TPM standard on every device● Hardware-level encryption● Secure login credentials and enterprise
policies● Tamper proofing
Firmware security
Verified Boot
● Two copies of the operating system● Self-check upon boot● Switch to backup if error● Auto-downloads new copy
Operating system security Sandboxing
Sandboxing
● Independently run processes● Isolates issues to prevent infection● Play store apps and Android kernel run
as an isolated instance● Browser and system level separation
Operating system security Encryption & Automatic Updates
Automatic Updates
● Available approx. every 6 weeks
● Seamless updates take seconds
● Security patches in <48 hours
● Management control over OS versions
Full Disk Encryption
● Disk encryption enabled by default
● All data, both user session and system
● When device is off, data not accessible to outside attackers
User Session security
Per-user Encryption
Each user’s data exists in it’s own partition encrypted with a hash of their password
If one user is compromised, it will not affect others
Cross-device policy compliance
Applied policies follow each user around, increasing shareability of devices
Safe Browsing
Inherited from Chrome browser
Protects individual users if visiting sites known by Google to be malicious
Certificate Enrollment
Use TPM on device to generate keys for certificate enrollment
Hardware-backed certificates as opposed to software
Policy security
Permissions
Can disallow application or website access to functions like audio/video
Sign-in restrictions
Define which users can log into the device
Networks & Proxies
Restrict device to managed network only
Force user into a specific proxy to monitor all traffic going through their session
Signed policy delivery
Any policy that comes onto the device is signed by Google servers, mitigating policy injection attacks
Run public sessions without third party softwareProvision Chrome devices to run in public session mode with just a few clicks in the management console
Completely Ephemeral
User sessions are created in RAM so no data is written to the disk
No data persists past the end of the session
No log-in required
All relevant corporate policies are maintained
Multiple users can share a device without needing profiles
Controls
Browser: Blacklist/whitelist URLs to ensure only acceptable sites are visited
Hardware: Disable USB file storage, webcam, mic, and speakers
User Experience: Auto-launch sites or apps, pre-install apps, configure bookmarks
Branding: Set avatars and wallpapers that match your brand
App delivery protections with Google Play
Server-side malware detection
Google Play uses Verify Apps to identify those that are potentially harmful
Whitelist/blacklist
Configure Google Play to allow only certain applications
Remote malware uninstall
If a user has installed a harmful application, a remote uninstall command can remove the app
Prevent side-loading
Inability to side-load on Chrome devices helps ensure integrity of the approved app list
Verified access on Chrome devices
Network service
Verified access API
1. Create challenge
4. Grant access
2. Access request (includes challenge response) 3. Verify challenge-response
Chromebook
Thank you
Appendix
Managed from anywhereReduce reliance upon on-prem IT with all management functions available through a web-based console
Highlights
● Health monitoring● Admin alerts● Remote log fetch● Remote screen capture● Remote reboot● Full app management
A modern browser for today’s best web apps Connect device users to critical applications and sites with Chrome browser
Support for the latest web standards
● Run critical web apps○ Optimized for HTML5, progressive web
apps○ 37% more API standards vs. competing
browsers● Connect to important web pages
○ More responsive/reliable for most sites○ Run dedicated web pages such as time
entry, application forms, etc.
App and information delivery via multiple channels Connect employees, customers, and other users to critical applications and information
Apps & information at your fingertips
● Sites & Web Apps via Chrome Browser● G Suite● Google Play store● Virtualization
(Citrix, VMware, Amazon, Chrome RDP)
Smart card support & extended login
Extended login options
● Smart cards, badges, QR codes● HTTPS support● Citrix & VMware passthrough
App developer partnerships
Google Photos
Google Play Movies
Google Play Music
Hangouts
Infinite Painter
Google Keep
Kindle
SketchBook
Skype
Slack
Spotify
Texture
YouTube
YouTube Kids
Adobe Lightroom
Adobe Photo Editor Pro
Adobe Photoshop Mix
ArtCanvas
Squid
Duolingo
Evernote
Increasing use of innovative technology
Elevating customer & guest experience Reducing costs
Audience challengesTechnological priorities of IT and line-of-business buyers
Device management and deployment are already straining IT budgets, and represent key concerns for future spending.
Source: IDC 2016 Commercial PC & Tablet Survey
Number of Respondents % Response
2015 - Top Budget Items 2015 - IT Key Concerns
75 150 225 3000
Software Apps
Security
Digital Workplace
Cloud enablement
Device Deployment
Device Management
20 40 60 800
Security
Transitioning to Windows 10
Transitioning to detachables
Shrinking budgets
Device Manageability
Extending HW lifecycles
Challenge: Reducing costsSimplifying management and increasing device efficiency to reduce overall IT spend
Challenge: Elevating customer & guest experienceProviding on-demand services and capabilities to match or exceed those found online
Source: Forrester Research (2016) & RSR Research (July 2015)
Retail and business leaders are seeing the opportunity to use technology to optimize employee effectiveness, convenience, and self-service in order to grow revenue.
Top two business priorities:● LOB: Grow revenue (42%), Improve customer experience and address rising expectations (combined 22%)● ITDM: Grow revenue (25%), Improve customer experience (16%)
Industries are shifting to the cloud Businesses are making the move to the cloud, and need the technology to match
37% 42% 52%
+ +Budgeting more on the public cloud
Budgeting more on the private cloud
Budgeting more on SaaS & cloud applications
Source: CIO Magazine Poll (2016) & Accenture
78%of business leaders expect their organizations to be a digital business in the next three years
57%of companies will have migrated from a traditional IT infrastructure to the cloud by 2018, up from 23% in 2015
Access G Suite apps with easeA set of intelligent apps from Google Cloud to connect all the people in your organization
Communicate
GmailCalendar
Hangouts ChatHangouts Meet
Google+
Collaborate
DocsSheets SlidesFormsSites
Store
Google Drive
Manage
AdminVault
Mobile ManagementCloud Search
IT innovators and business decision-makers are increasingly looking for ways to add value with new technology - and top performing businesses are prioritizing it over traditional IT.
Top 2016+ technology priority:● 60% Line-of-business buyers● 46% IT decision makers
Challenge: Increasing use of innovative technologyBuyers are looking to increase process efficiency and optimize/streamline operations
Sources: Forrester Research (2016) & Gartner (2017)
77%Of top performing
businesses are focusing on innovation to streamline
processes and drive growth
Challenges● Faced challenges from online competition● Wanted to provide a more connected in-store experience
Solution● Chromebits for in-store informational signage● Chrome kiosks for in-store ordering● Chromebooks w/G Suite for sales associates
Benefits● Simple device provisioning and central management● Savings of over $200 per device vs. alternate solutions● A better experience for customers with more informed
employees and streamlined workflows
Blog Post
“With Chrome, our experts can spend more time with customers and show them personalized customer support”
Challenges● Faced budget cuts in wake of the 2008 recession● Needed alternative options to reducing staff and lowering
salaries
Solution● Deployed Chromeboxes across multiple driver services
branches in place of existing PCs● Replaced reception counters with open floor kiosks
Benefits● Met budget cuts w/o impacting staff● Hundreds of thousands of dollars in cost savings● 80% reduction in avg. wait time from 30 min. to 6● More positive customer experience
Blog Post
“Since we started using Chromeboxes in 2013, we’ve saved hundreds of thousands of dollars each year and expanded our use of Chrome to create a better customer experience.”
Challenges● Field crews were unconnected, relied on paper processes● High turnover due to lack of connection● Rapid growth (3x number of crews compared to 2006)
Solution● Shared Chromebooks for field crews● Chromebooks for HR and training● Integration with G Suite to connect crews
Benefits● Affordable - able to provide a device to every crew● Easy to use for field crews● Streamlined onboarding and training● Better transmission of data and more efficient crews
Blog Post
“To connect our teams and provide greater mobility, we replaced paper processes with Chromebooks...they provide our crews with the capabilities they need”
Challenges● Launching Schwab Intelligent Portfolios; needed secure
way for customers to sign-up in branch ● Finding devices that provided the experience and security
they needed
Solution● Deployed Chromebooks across 25 branches in public
session mode
Benefits● No third party software or manual installation● Lower IT overheard: <10 hours per week on 1700 devices● Public sessions: Limited sessions, data wiped after use● Devices locked to Schwab network
Video Blog Post
“Chromebooks rigorous security settings ensure our clients’ data is safe. Chromebooks manage software updates automatically, so devices are always running the latest and most secure version.”
Challenges● Remote call center with no on-prem IT● More hardware than needed, creating higher IT costs● Needed more agility in onboarding new reps
Solution● Shared Chromeboxes for call center reps ● Chromebooks for supervisors ● Chrome Device Management
Benefits● Able to add new users in seconds● Instant access to needed applications● Group policy deployment● Significant reduction in IT help tickets
Video Blog Post
“By bringing our contact center to the cloud, adding reps and managing hardware and software is easier than ever — and we’ve broken free of the traditional call center model.”
Challenges● Needed a solution for mobile health coaches to securely
access Omada programs
Solution● Issued Chromebooks to each health coach● Configured to delete data upon log-off via Chrome Device
Management
Benefits● Simple and cost effective ● Log-in restricted to coaches to prevent unauthorized access
Blog Post
“Giving Chromebooks to our health coaches makes us confident that we can meet our strict security requirements in a way that doesn’t break the bank.”
Challenges● Needed a way to scale their doctor review program
Solution● Deployed a Chromebook to the office of every doctor
opted into the program to allow patients to fill out reviews while at the office
Benefits● Cost effective and easily shareable amongst multiple
users● Cost savings passed through to doctors● Easier IT management
Blog Post
Deploy devices to connect customers and employeesCreate more connected experiences with flexible devices and self-service terminals
“Our average transaction value is 28.7% higher when customer have the autonomy and time to consider their purchase, ordering on their own
in-store kiosk”
Empower Customers & Guests
● Transform retail experiences with self ordering, point-of-sale, and endless aisle devices
● Provide more context with information terminals and wayfinders
● Make it easier to connect to employees and staff
Enable Employees
● Shift focus from clerical tasks (checkout, etc.) to assisting customers and guests
● Receive more insight into customer and guest behavior to assist employees
● More information right at each employee’s fingertips
“Instead of sitting behind a reception counter, employees greet customers on the floor and help
them fill out applications online”
Challenges● Furniture finance application process across all stores;
slow fax-based process● Cost effective and secure with no stored data
Solution● Deployment of Chromebooks configured to run public
sessions across 1300 stores
Benefits● Reduction in application time from 45 minutes to 10● Doubled average transaction size; 9% sales uplift● No stored customer data
Video
Challenges● Client (hotel) wanted to replace old three ring binders
being used by the concierge with an interactive solution● Avoid use and maintenance of expensive tablets
Solution● Deployed Chromebit and touchscreen monitor
combinations
Benefits● Less expensive and more easily managed than tablets● Replaced 20+ pitch books with a single device: up $1000
in cost savings per hotel desk● Always useable even if the concierge is not there
Video Blog Post
Challenges● Wanted to create a modern, more customer-friendly
environment
Solution● Deployed commercial-grade touchscreen Chromebases
from AOPEN● Deployed in kiosk mode with custom menu board
Benefits● Boosted transaction values by up to 29%● Increase in brand awareness/perception● Able to easily scale the solution with their growth
Video Blog Post
Challenges● Wanted to be able to focus on the running the business
instead of dealing with IT issues● Accelerate the move to the cloud
Solution● Deployed Chromeboxes running public sessions, allowing
customers to browse properties, start applications, or pay rent
Benefits● Manage 1000+ bank transactions per month securely with
public sessions● Able to offer better service with less IT overhead
Blog Post
Challenges● Wanted to make getting online as easier for library
patrons
Solution● Replaced outdated PC fleet with 200+ Chromebooks● Added touchscreen Chromebases to Children’s area
Benefits● Cost effectiveness has allowed them increase the number
of devices● Low IT overhead; control over browsing● Visitors have total mobility within the library
Blog Post