Rethinking the End-pointChrome Shared DevicesSebastian Scheiter, Chrome Americas

Shared Devices

Share a common device among many users

Use a single device for multiple purposes

Simplify IT for distributed locations or locations with no

on-prem support

Run SaaS applications and controlled web environments

The Opportunity for ChromeChrome as a platform for shared devices can address these challenges in a number of ways

With the default security and automatic updates of ChromeOS, Chrome devices are an efficient solution for businesses who want to connect their employees and customers to critical applications and information without on-prem IT management or expensive hardware costs.

Core pillars

Smart

● Manage centrally/remotely● Scale with ease● One device, multiple

functions

Connected

● Devices fit-for-purpose● Customer & employee kiosks● SaaS/web applications● G Suite, Android apps, and

virtualization

Secure

● Security out-of-the-box; no third party software

● Defense-in-depth● Automatic updates● Easy solution for running

public sessions

Customer Value Proposition

Smart

Managed device experience

220+ configurable policies

Remote lock and automatic security

Control over OS updates

Single management panel

Central ControlChrome Device Management

User Settings

AppsExtensions

Security

Network Settings

Wi-fi Config.Manage Certs.

VPN Config.

Device Settings

Sign-inGuest mode

Device healthMachine data

Public Session & Kiosk Settings

Session lengthIdle logout timer

Policy refreshLanguage

AppManagement

Allow/force installKiosk appsApp pinning

Power mgmt.

Every setting, one admin console

One device can do the job of multipleOptimize IT efficiency, employee effectiveness, and customer experience

7:00AM: Bank associate logs on to complete training and check schedule

110:00AM: Associate uses device to educate customer on products

211:00 AM: Hands to customer to enter information to open account

3

4:00PM: Associate assists customer with research, adds product to customer account

62:00PM: Customer uses kiosk to learn more and requests help

512:00PM: Displays interactive ad for featured product to customers on line

4

Admin/Training Employee Assisted Selling Customer KioskCustomer-facingEmployee-facing

Digital Signage

45% 61.1% 67.4%Reduction in management hours per device, per year

Lower device cost More efficient ongoing device management

$4,146 319%Average annual benefit per device Three year ROI

Source: 2015 IDC Whitepaper - BV of Chrome Devices in Kiosk Mode

Affordability and efficiency produce a low TCOChrome share devices in kiosk mode vs. PC

Connected

ChromebaseForm factor: all-in-one (commercial options)Uses: Kiosks, Signage

ChromebookForm factor: Clamshell, convertibleUses: Productivity, Kiosks

ChromebitForm factor: HDMI stick (candy bar size)Uses: Signage, Kiosks

Chromebox Form factor: Desktop (commercial options)Uses: Kiosk, Signage, Meeting

Diverse devices for customers and employees

Chrome devices come in a wide range of form factors and price points, from HDMI sticks for powering intelligent screens to commercial-grade devices built for 24/7 uptime and heavy use.

Android Apps on Chrome devices

We’re combining the breadth and versatility of the Android app ecosystem with flexibility and manageability of Chrome.

+Manageability

Easy device sharing

Diverse form factors

Chrome and

Google Play

1 million+ apps

Strong offline capability

Ideal for touchscreens

Android Apps on Chrome devicesEnhancing native features while expanding on additional capabilities

Productivity

Multis-size window appsDesktop class browsingMulti-tasking

Mobility

Touch-optimized appsBreadth of Google Play appsOffline capabilities

Manageability

Cloud-based managementCustomizable experience

App Consistency

Native platform with wide API set across platformsConsistent UX

Enhance Expand

Android apps in single-app kiosk mode

● Remotely push apps from the management console, just like Chrome

● Includes support for:○ Signage/content delivery apps○ Thin client apps like Microsoft RDP○ Assessment/testing kiosk apps

Packaged apps and extensions

● Support for remote installation of packaged apps and extensions

● Supplements hosted app capabilities

New in Chrome

Admin experience: Android app management

Approval in Managed Google Play Delivery through Chrome Device Management (consistent w/Chrome apps)

Virtualization for legacy applications

Support for multiple solutions

● Citrix Receiver for Chrome● VMware Horizon Client● Amazon WorkSpaces Client● Chrome Remote Desktop (RDP)

802.1x

StorageCertificatesNetworkingIdentity

Enterprise infrastructure integration

Secure

Secure by default: out-of-the-box on every device Defense-in-depth approach maintains security measures at every level

Level Feature(s)

Hardware Trusted Platform Module (TPM)

Firmware Verified boot

Operating System Sandboxing, Full disk encryption, automatic updates

User Sessions Per-user encryption, x-device policy compliance, safe browsing, certificates

Policies Sign in, network policies, signed policy delivery, permissions, public sessions

App Delivery Malware detection, remote malware uninstall, blacklist/whitelist, prevent side-loading

Verified Access Real-time device identity check

Hardware security Trusted Platform Module (TPM)

TPM & Encryption

● TPM standard on every device● Hardware-level encryption● Secure login credentials and enterprise

policies● Tamper proofing

Firmware security

Verified Boot

● Two copies of the operating system● Self-check upon boot● Switch to backup if error● Auto-downloads new copy

Operating system security Sandboxing

Sandboxing

● Independently run processes● Isolates issues to prevent infection● Play store apps and Android kernel run

as an isolated instance● Browser and system level separation

Operating system security Encryption & Automatic Updates

Automatic Updates

● Available approx. every 6 weeks

● Seamless updates take seconds

● Security patches in <48 hours

● Management control over OS versions

Full Disk Encryption

● Disk encryption enabled by default

● All data, both user session and system

● When device is off, data not accessible to outside attackers

User Session security

Per-user Encryption

Each user’s data exists in it’s own partition encrypted with a hash of their password

If one user is compromised, it will not affect others

Cross-device policy compliance

Applied policies follow each user around, increasing shareability of devices

Safe Browsing

Inherited from Chrome browser

Protects individual users if visiting sites known by Google to be malicious

Certificate Enrollment

Use TPM on device to generate keys for certificate enrollment

Hardware-backed certificates as opposed to software

Policy security

Permissions

Can disallow application or website access to functions like audio/video

Sign-in restrictions

Define which users can log into the device

Networks & Proxies

Restrict device to managed network only

Force user into a specific proxy to monitor all traffic going through their session

Signed policy delivery

Any policy that comes onto the device is signed by Google servers, mitigating policy injection attacks

Run public sessions without third party softwareProvision Chrome devices to run in public session mode with just a few clicks in the management console

Completely Ephemeral

User sessions are created in RAM so no data is written to the disk

No data persists past the end of the session

No log-in required

All relevant corporate policies are maintained

Multiple users can share a device without needing profiles

Controls

Browser: Blacklist/whitelist URLs to ensure only acceptable sites are visited

Hardware: Disable USB file storage, webcam, mic, and speakers

User Experience: Auto-launch sites or apps, pre-install apps, configure bookmarks

Branding: Set avatars and wallpapers that match your brand

App delivery protections with Google Play

Server-side malware detection

Google Play uses Verify Apps to identify those that are potentially harmful

Whitelist/blacklist

Configure Google Play to allow only certain applications

Remote malware uninstall

If a user has installed a harmful application, a remote uninstall command can remove the app

Prevent side-loading

Inability to side-load on Chrome devices helps ensure integrity of the approved app list

Verified access on Chrome devices

Network service

Verified access API

1. Create challenge

4. Grant access

2. Access request (includes challenge response) 3. Verify challenge-response

Chromebook

Thank you

Appendix

Managed from anywhereReduce reliance upon on-prem IT with all management functions available through a web-based console

Highlights

● Health monitoring● Admin alerts● Remote log fetch● Remote screen capture● Remote reboot● Full app management

A modern browser for today’s best web apps Connect device users to critical applications and sites with Chrome browser

Support for the latest web standards

● Run critical web apps○ Optimized for HTML5, progressive web

apps○ 37% more API standards vs. competing

browsers● Connect to important web pages

○ More responsive/reliable for most sites○ Run dedicated web pages such as time

entry, application forms, etc.

App and information delivery via multiple channels Connect employees, customers, and other users to critical applications and information

Apps & information at your fingertips

● Sites & Web Apps via Chrome Browser● G Suite● Google Play store● Virtualization

(Citrix, VMware, Amazon, Chrome RDP)

Smart card support & extended login

Extended login options

● Smart cards, badges, QR codes● HTTPS support● Citrix & VMware passthrough

App developer partnerships

Google Photos

Google Play Movies

Google Play Music

Hangouts

Infinite Painter

Google Keep

Kindle

SketchBook

Skype

Slack

Spotify

Texture

YouTube

YouTube Kids

Adobe Lightroom

Adobe Photo Editor Pro

Adobe Photoshop Mix

ArtCanvas

Squid

Duolingo

Evernote

Increasing use of innovative technology

Elevating customer & guest experience Reducing costs

Audience challengesTechnological priorities of IT and line-of-business buyers

Device management and deployment are already straining IT budgets, and represent key concerns for future spending.

Source: IDC 2016 Commercial PC & Tablet Survey

Number of Respondents % Response

2015 - Top Budget Items 2015 - IT Key Concerns

75 150 225 3000

Software Apps

Security

Digital Workplace

Cloud enablement

Device Deployment

Device Management

20 40 60 800

Security

Transitioning to Windows 10

Transitioning to detachables

Shrinking budgets

Device Manageability

Extending HW lifecycles

Challenge: Reducing costsSimplifying management and increasing device efficiency to reduce overall IT spend

Challenge: Elevating customer & guest experienceProviding on-demand services and capabilities to match or exceed those found online

Source: Forrester Research (2016) & RSR Research (July 2015)

Retail and business leaders are seeing the opportunity to use technology to optimize employee effectiveness, convenience, and self-service in order to grow revenue.

Top two business priorities:● LOB: Grow revenue (42%), Improve customer experience and address rising expectations (combined 22%)● ITDM: Grow revenue (25%), Improve customer experience (16%)

Industries are shifting to the cloud Businesses are making the move to the cloud, and need the technology to match

37% 42% 52%

+ +Budgeting more on the public cloud

Budgeting more on the private cloud

Budgeting more on SaaS & cloud applications

Source: CIO Magazine Poll (2016) & Accenture

78%of business leaders expect their organizations to be a digital business in the next three years

57%of companies will have migrated from a traditional IT infrastructure to the cloud by 2018, up from 23% in 2015

Access G Suite apps with easeA set of intelligent apps from Google Cloud to connect all the people in your organization

Communicate

GmailCalendar

Hangouts ChatHangouts Meet

Google+

Collaborate

DocsSheets SlidesFormsSites

Store

Google Drive

Manage

AdminVault

Mobile ManagementCloud Search

IT innovators and business decision-makers are increasingly looking for ways to add value with new technology - and top performing businesses are prioritizing it over traditional IT.

Top 2016+ technology priority:● 60% Line-of-business buyers● 46% IT decision makers

Challenge: Increasing use of innovative technologyBuyers are looking to increase process efficiency and optimize/streamline operations

Sources: Forrester Research (2016) & Gartner (2017)

77%Of top performing

businesses are focusing on innovation to streamline

processes and drive growth

Challenges● Faced challenges from online competition● Wanted to provide a more connected in-store experience

Solution● Chromebits for in-store informational signage● Chrome kiosks for in-store ordering● Chromebooks w/G Suite for sales associates

Benefits● Simple device provisioning and central management● Savings of over $200 per device vs. alternate solutions● A better experience for customers with more informed

employees and streamlined workflows

Blog Post

“With Chrome, our experts can spend more time with customers and show them personalized customer support”

Challenges● Faced budget cuts in wake of the 2008 recession● Needed alternative options to reducing staff and lowering

salaries

Solution● Deployed Chromeboxes across multiple driver services

branches in place of existing PCs● Replaced reception counters with open floor kiosks

Benefits● Met budget cuts w/o impacting staff● Hundreds of thousands of dollars in cost savings● 80% reduction in avg. wait time from 30 min. to 6● More positive customer experience

Blog Post

“Since we started using Chromeboxes in 2013, we’ve saved hundreds of thousands of dollars each year and expanded our use of Chrome to create a better customer experience.”

Challenges● Field crews were unconnected, relied on paper processes● High turnover due to lack of connection● Rapid growth (3x number of crews compared to 2006)

Solution● Shared Chromebooks for field crews● Chromebooks for HR and training● Integration with G Suite to connect crews

Benefits● Affordable - able to provide a device to every crew● Easy to use for field crews● Streamlined onboarding and training● Better transmission of data and more efficient crews

Blog Post

“To connect our teams and provide greater mobility, we replaced paper processes with Chromebooks...they provide our crews with the capabilities they need”

Challenges● Launching Schwab Intelligent Portfolios; needed secure

way for customers to sign-up in branch ● Finding devices that provided the experience and security

they needed

Solution● Deployed Chromebooks across 25 branches in public

session mode

Benefits● No third party software or manual installation● Lower IT overheard: <10 hours per week on 1700 devices● Public sessions: Limited sessions, data wiped after use● Devices locked to Schwab network

Video Blog Post

“Chromebooks rigorous security settings ensure our clients’ data is safe. Chromebooks manage software updates automatically, so devices are always running the latest and most secure version.”

Challenges● Remote call center with no on-prem IT● More hardware than needed, creating higher IT costs● Needed more agility in onboarding new reps

Solution● Shared Chromeboxes for call center reps ● Chromebooks for supervisors ● Chrome Device Management

Benefits● Able to add new users in seconds● Instant access to needed applications● Group policy deployment● Significant reduction in IT help tickets

Video Blog Post

“By bringing our contact center to the cloud, adding reps and managing hardware and software is easier than ever — and we’ve broken free of the traditional call center model.”

Challenges● Needed a solution for mobile health coaches to securely

access Omada programs

Solution● Issued Chromebooks to each health coach● Configured to delete data upon log-off via Chrome Device

Management

Benefits● Simple and cost effective ● Log-in restricted to coaches to prevent unauthorized access

Blog Post

“Giving Chromebooks to our health coaches makes us confident that we can meet our strict security requirements in a way that doesn’t break the bank.”

Challenges● Needed a way to scale their doctor review program

Solution● Deployed a Chromebook to the office of every doctor

opted into the program to allow patients to fill out reviews while at the office

Benefits● Cost effective and easily shareable amongst multiple

users● Cost savings passed through to doctors● Easier IT management

Blog Post

Deploy devices to connect customers and employeesCreate more connected experiences with flexible devices and self-service terminals

“Our average transaction value is 28.7% higher when customer have the autonomy and time to consider their purchase, ordering on their own

in-store kiosk”

Empower Customers & Guests

● Transform retail experiences with self ordering, point-of-sale, and endless aisle devices

● Provide more context with information terminals and wayfinders

● Make it easier to connect to employees and staff

Enable Employees

● Shift focus from clerical tasks (checkout, etc.) to assisting customers and guests

● Receive more insight into customer and guest behavior to assist employees

● More information right at each employee’s fingertips

“Instead of sitting behind a reception counter, employees greet customers on the floor and help

them fill out applications online”

Challenges● Furniture finance application process across all stores;

slow fax-based process● Cost effective and secure with no stored data

Solution● Deployment of Chromebooks configured to run public

sessions across 1300 stores

Benefits● Reduction in application time from 45 minutes to 10● Doubled average transaction size; 9% sales uplift● No stored customer data

Video

Challenges● Client (hotel) wanted to replace old three ring binders

being used by the concierge with an interactive solution● Avoid use and maintenance of expensive tablets

Solution● Deployed Chromebit and touchscreen monitor

combinations

Benefits● Less expensive and more easily managed than tablets● Replaced 20+ pitch books with a single device: up $1000

in cost savings per hotel desk● Always useable even if the concierge is not there

Video Blog Post

Challenges● Wanted to create a modern, more customer-friendly

environment

Solution● Deployed commercial-grade touchscreen Chromebases

from AOPEN● Deployed in kiosk mode with custom menu board

Benefits● Boosted transaction values by up to 29%● Increase in brand awareness/perception● Able to easily scale the solution with their growth

Video Blog Post

Challenges● Wanted to be able to focus on the running the business

instead of dealing with IT issues● Accelerate the move to the cloud

Solution● Deployed Chromeboxes running public sessions, allowing

customers to browse properties, start applications, or pay rent

Benefits● Manage 1000+ bank transactions per month securely with

public sessions● Able to offer better service with less IT overhead

Blog Post

Challenges● Wanted to make getting online as easier for library

patrons

Solution● Replaced outdated PC fleet with 200+ Chromebooks● Added touchscreen Chromebases to Children’s area

Benefits● Cost effectiveness has allowed them increase the number

of devices● Low IT overhead; control over browsing● Visitors have total mobility within the library

Blog Post