Google Chromebooks are the latest craze in education. It makes perfect sense, too: They cost considerably less than other notebooks PC’s, and with Google’s suite of cloud tools, students can be just as productive as they are on a traditional notebook. According to Gartner, more than 50 percent of computer users will rely on the cloud as their primary source of digital storage by 2016. Why pay for an expensive device when the software does all the work?
That’s a question government agencies will need to answer in the coming year. But the cloud is complicated.
Chromebooks make sense for telework, mobility, email and a host of other government initiatives, but the reliance on a single cloud provider could be frightening to agencies that are used to knowing the physical location of their data at all times. But a potential $20 billion in annual savings is serving as both the carrot and the stick.
As Sean Gallagher, IT editor at Ars Technica, wrote recently, the problem isn’t the devices, which are usually as secure as the people using them; it’s the anxiety about the cloud:
As far as endpoints go, I'd agree that the Chromebook is far less insecure than many other platforms; but the point I'm trying to make has nothing to do with the Chromebook's local security and everything to do with the already well-demonstrated issues around cloud privacy. I could have just as well written an article entitled "Why the NSA loves (fill in name of public cloud service here)," but Chromebook is unique in its tethering to a single set of cloud services over web protocols. When used with the best practices for web security, the Chromebook is secure against most direct attacks on the local hardware and the Chrome browser, but its dependence on a web-based backend where US courts have already ruled there's less of an expectation of privacy is something no amount of end-point security is going to fix.
Gallagher’s article harps on the NSA’s PRISM program and the renewed paranoia surrounding any and all cloud services. While it’s often inexcusable for the government to fall so far behind in computing, there is good reason for agencies to move cautiously into this unchartered territory. After all, there is no going back once the contracts are signed and the data is moved.
Google clearly has security on its mind as it builds out the Chrome operating system that runs on all Chromebooks. It updates automatically, so no user is ever running outdated software. The operating system also uses sandboxing, so if the user “is directed to an infected page, it can't affect the other tabs or apps on the computer, or anything else on the machine.” (PDF) This, along with two-factor authentication and encryption, makes the devices ideal for handling sensitive data, assuming the data centers handling it are also safe.
That being said, nearly every agency is experimenting with the cloud. The Army has brought the cloud to the battlefield, the Defense Department is embracing private clouds and the National Oceanic and Atmospheric Administration is all in on Google Apps.
The cloud itself offers tempting benefits and enormous savings. As more agencies make the transition, the cost of devices will continue to decrease and Chromebooks could be the next big thing for government employees.