November 06, 2024

Secure BYOD Devices with Omnissa and Chrome Enterprise Device Trust

Omnissa and Google Chrome Enterprise have introduced a new integration called Device Trust. This feature checks the security status of devices that are not managed by an organization or are managed by third parties before allowing them to access apps and resources.

Introduction

Today, Omnissa and Google Chrome Enterprise announce their Device Trust integration that allows for the posture verification of unmanaged and third-party managed devices prior to granting access to apps and resources. The Chrome Enterprise Device Trust integration allows for the verification of the security of ChromeOS, Windows, and Mac devices with managed Chrome browsers or managed Chrome browser profiles. 

BYOD and Contractor Device Risk

The rise of Bring Your Own Device (BYOD) and the prevalence of contractor-managed devices in the workplace, while offering flexibility, introduce significant security challenges for IT and security decision-makers. Device updates could be lagging; threat protection can be outdated; encryption could be turned off; the firewall could be inactive; and screen locks could be disabled. 

Eliminating Risk: Management

One way to ensure that devices are compliant is to manage them as BYOD devices, either in registered or managed modes in Workspace ONE. While that is an effective strategy, in this use case it would require employee-owned PCs to be under management, which many employees don’t want for privacy reasons. Contractor devices are typically already managed by another system, so managing the devices is not possible. 

Browser-based Verification

Chrome Enterprise device signals make it possible to verify the posture of an unmanaged personal PC or a third-party managed PC prior to allowing access to company resources. In this use case, the Chrome web browser can collect information about the security posture of a device and share it with an access service so that a posture-informed access decision can be made in real time. 

The signaling service works with any Chrome browser version 109 or higher. There is no requirement for the end user to install an enterprise browser on their device.

Omnissa Access

Omnissa Access can broker access to applications and resources across a variety of device types and ownership models.

  • Customers can secure access in all kinds of scenarios from managed to unmanaged device or even third-party managed device by configuring device signals-based policies in Omnissa Access. 
  • End users of managed, unmanaged or third-party managed devices can access the apps designated by their admin, with common use cases including access to Horizon virtual desktops or access to an online application catalog.  

The verification of unmanaged devices prior to granting access to apps and resources is simplified via the Omnissa connector within the Google Cloud Console and an authentication adapter within Omnissa Access. Within Omnissa Access, conditional access rules can be created that require specific device signal criteria to be met.

Device signals that can be collected via managed Chrome browsers or managed Chrome profiles include:

  • Disk Encryption: This signal checks whether the device's hard drive or SSD is encrypted. Only devices with an active main disk encryption will be granted access. 
  • Firewall Status: This signal checks whether the device firewall is enabled. Devices will not be granted access if their firewall is in a disabled state. 
  • Screen Lock Secured: This signal checks whether the device's screen lock is secured. Only devices with an enabled screen lock will be granted access. 

Collected device signals are immediately shared with Omnissa Access, where decisions to grant access to applications and services are processed and carried out. The above signals are used in combination with primary authentication methods, such as passwords, certificates or biometrics, to create robust conditional access policies that ensure only trusted devices gain access to corporate resources. 

Summary

By incorporating the Device Trust integration with Chrome Enterprise into access decision making, we can ensure that only trusted devices gain access to corporate resources. By verifying the posture of BYOD and contractor devices prior to granting access to corporate resources, the risk posed by noncompliant endpoints can be reduced. Security signaling into the Omnissa platform supports a positive, streamlined user experience where information is communicated automatically, and work is centered around a secure browser and app-based experience. 

If you're interested in learning more about how the Omnissa Device Trust integration with Chrome Enterprise can enhance your BYOD and contractor access strategy, please contact us or request a demo. We'd be happy to show you how this integration can verify the security of devices accessing your organization.

information.

Filter Tags

Blog Announcement Manage

Sascha Warno

Read More from the Author

Staff Solutions Architect - Identity & Security, Omnissa Sascha has been with our team for 8 years having joined through the AirWatch acquisition, focusing on Workspace ONE UEM before shifting to Identity & Access Management as well as Security. He provided expertise on Sales and Customer Success teams. He currently provides security and access management guidance as part of the Tech Marketing team.