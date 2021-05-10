



The pandemic forced employees to work in remote areas and required students to participate in distance learning. Educational institutions have adopted the Google Chromebook as a standard because it is relatively affordable and provides integration with all distance learning tools. As a result, according to IDC data, Chrome OS has surpassed macOS to become the second most popular desktop operating system in the world after Windows.

Protect your Chromebook with PKI

Since Google Chromebooks are mainly used online on WiFi networks, security is of paramount concern. It can be difficult in an educational environment with limited IT support resources. An effective way to protect your Google Chromebook is to use a public key infrastructure (PKI) that uses digital certificates. Once the certificate is deployed to the Trusted Platform Module (TPM), you can use a passwordless approach to authenticate to your enterprise’s wireless or wired network.

Google offers certificate registration for Chrome OS extensions. This extension provides a ready-to-use certificate enrollment experience for corporate Chromebooks by deploying a Microsoft public key infrastructure based on Active Directory Certificate Services (AD CS). After installing this extension on a managed device, users can generate hardware-backed keys and use them to request a certificate from ADCS.

Yes, you are reading that right: it only works with ADCS. If you don’t have ADCS in your environment, Google doesn’t have a solution available.

Automatic certificate management with PKIaaS

HID PKI-as-a-Service (PKIaaS) provides a unique way to automate certificate provisioning and management even when AD CS is not deployed. Five components make up a managed Chromebook certificate automation solution.

As a company or educational institution, you may have deployed the first three components. The HIDs PKIaaS solution provides the last two components for creating fully automated certificate provisioning and management for Google Chromebooks.

Used to host the Google MDM Certificate Enrollment Extension and perform enterprise management for managed Chromebooks. Chromebook Chromebook make / model is irrelevant, but must be managed by Google MDM. Identity Provider This is an external federation identity solution commonly used by businesses to enable single sign-on (SSO) authentication to employees for internal or external applications. PKI-enabled request proxy Located in a hosted environment and managed on behalf of the user. The two main tasks are to make sure that: Make sure that the certificate request you receive is from an organization-managed Chromebook. The user making the request is authenticated by a service trusted by the organization. Private PKI-as-a-Service managed by HID Global Provides support for a wide range of certificate types signed by the organization hosting issuing CAs that may be deployed in Chromebooks.

Learn more about how to use PKI to implement zero trust security on your Google Chromebook in this white paper. Alternatively, please consult a PKI expert.

Mrugesh Chandarana is HID Global’s Director of Product Management for Identity and Access Management Solutions, focusing on IoT and PKI solutions. He has over 10 years of experience in the cybersecurity industry in areas such as risk management, threat and vulnerability management, application security and PKI. He has held product management positions at RiskSense, WhiteHat Security (acquired by NTT Security), and RiskVision (acquired by Resolver, Inc.).

