Google is offering enterprises a way to cryptographically confirm the identity of Chrome OS devices.
The feature, called Verified Access, uses a Google server-side API to guarantee the identity of a device and the user trying to access a network service, like a VPN gateway, enterprise certificate authority (CA), a sensitive server, or an enterprise wi-fi access point . It relies on the Trusted Platform Module found in every Chrome OS device to ensure the device is authentic, unmodified, and policy compliant.
"This matters because most businesses, particularly large enterprises, have policies and requirements in place that allow network and data access only to enterprise-managed and verified devices, but many of the current solutions rely primarily on heuristic client side checks," senior product manager Saswat Panigrahi wrote in a blog post. "But, a bad actor that can compromise your Operating System can probably also fake the signals being checked for."
Google has been using Verified Access internally for years, Panigrahi said. To deploy it, an organization needs to install a Chrome extension on users' Chrome devices.