Data security is crucial for every business, especially Healthcare organizations. In this episode of CloudUp, we talk about how Chrome Enterprise and Chrome devices can help secure data in the Healthcare industry. 

Meet the Speakers

Mitchel Steele

Mitchell Steele

Google Chrome Sales Manager

rion ellis image

Rion Ellis

Chrome Enterprise Deployment Engineer

Transcript

– The way Chrome can play a role in that is that, out of the box, it’s already secured and ready to go for you. As well as being HIPAA compliant. Google Cloud in and of itself is also HITRUST, CSF certified and they meet the ISO, IEC 2700 series standards, which are the three, I guess, guiding principles of managing healthcare data today.

– Hey everyone, today we’re gonna be talking about Chrome Enterprise and Healthcare and how it’s more secure for your environment. So, if I’m a hospital system, I’m obviously heavily audited. Extremely worried about security, lots of compliance to follow. Why would I wanna look at Chrome?

– The way Chrome can play a role in that is that, out of the box, it’s already secured and ready to go for you. As well as being HIPAA compliant. Google Cloud in and of itself is also HITRUST, CSF certified. And they meet the ISO, IEC 2700 series standards, which are the three, I guess, guiding principles of managing healthcare data today.

– So, it sounds like they check all the compliance boxes. Talk to me a bit about what does that mean for me? Do I obviously, if I put in a Windows device out there, there’s a security suite I got a little of everything. What does it look like on a Chrome device?

– The Chrome device is a security suite. So, you don’t have to install anything. And matter of fact, you can’t. You can only install Chrome extensions, web apps and Android apps that are all been checked through the Android or Google Play Store. So, you don’t have to worry about those. You can’t install nefarious software on there, because you can’t actually get to the kernel and run application. So, in and of itself, I mean, it’s been designed from the bottom up to be inherently secure.

– Got it, so, from an update standpoint, or a security standpoint, all that patching is included in Chrome Enterprise, is that what you’re saying?

– Correct, it’s like about a six weeks schedule, and then they’ll roll out updates. A beautiful thing about that is it’s gonna update in the background while your users are working, so they won’t even be affected by it or notice, they’ll just see a little flag pop up that says an update has been applied, restart when you’d like to take effect. Because it happened in the background and updated the known good partition of the Chrome OS device, it only takes ’em again, 10 to 15 seconds to boot up and then be running on that updated OS.

– So, none of my Windows updates that are getting pushed are taking down a patient room for a considerable period of time on updates applied to machines that’s all that thing, all that is stuff that will no longer… I won’t have to worry about that anymore.

– Yeah and in addition to that, you don’t have to worry about users saying, oh updates are ready, do you want to apply? And then them continually clicking no, no, remind me later, it’s not an option, it’s just automatically going to happen you’ll be alerted once it’s taken place.

– Cool, so obviously in healthcare I’m using, I’m in Citrix, I’m in VMware, I’m using VDI solutions. Whatever your flavor of VDI might be. So, everything is housed in the boxes I like to say. So the endpoint, obviously, I’m securing the endpoint a bit and I’m doing that with Group Policy today on my Windows device. How am I gaining anything from security standpoint on a Chrome device, if all I’m doing is connecting people to Citrix or taking people into VDI.

– As opposed to a Windows device where you can still install applications to it and you have to make sure that device is protected and secured, you can set up a Chrome device in what’s called manage guest session. And nothing is stored on that local device, like the session is just to connect into the VDI, nothing’s on the local device, everything’s taking place on the server end. And once they close that session, it’s completely wiped and it’s like a brand new machine ready to go for the next person.

– Got it, cool.