Cloud Technology Solutions Ltd

Google Chrome Enterprise Management Console

Perpetual device licence service is a web based enhanced administration suite for Chromebooks and Chromeboxes allowing administrators to manage their organization's Chrome devices from a single place.Configure Chrome features for users, set up Chrome device access to VPNs and WiFi networks, track Chrome device shipments, pre-install Chrome apps, and more.

Features

  • Assign devices to users and get configuration and usage reports.
  • Blacklist, whitelist or pre-install apps, extensions and URLs.
  • Apply policies, apps and settings to different sets of users.
  • Control who uses your Chromebooks.
  • Set network and proxy settings.
  • Modify user settings like bookmark and app sync.
  • Virus protection built in.

Benefits

  • Rapid deployment of devices.
  • Easy synchronisation of user data across devices.
  • Consistent experience and data across devices.
  • Chromebooks start up in seconds.

Pricing

£17.50 to £89 a licence a year

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at alison.king@cts.co. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

5 0 8 6 0 0 7 1 7 7 7 4 3 9 7

Contact

Cloud Technology Solutions Ltd Alison King
Telephone: 07847 302291
Email: alison.king@cts.co

Service scope

Software add-on or extension
No
Cloud deployment model
Private cloud
Service constraints
Support is provided as a remote Managed Service
System requirements
Google account is needed to use the device license

User support

Email or online ticketing support
Email or online ticketing
Support response times
P1 1 hour P2 1 Business Day P3 1 Business Day P4 1 Business Day
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
1st, 2nd and 3rd line support is provided by cloud support engineers and in some cases a technical account manager is assigned. Costs for the service start from £5000 and will be based on the levels required, response times, resolutions times and hours of availability required. Calls are processed and managed based on standard P1, P2, P3, P4 classifications. Support channels provided include web, phone and email. Service Level Agreement (SLA) is defined and provided to the customer as part of the service design and transition to their live operations environment.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Basic support is provided with collateral that is available online. More in depth training and onboarding is provided at extra cost.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Chromebook, data is held within the Google cloud using G Suite. Users can take their G Suite data with them. To extract data the individual end users will need to use 'Download your data' option within G Suite. More information can be found here: https://support.google.com/a/answer/100458
End-of-contract process
Access to the G Suite instance will be terminated and data will be removed from all Google systems within 180 business days.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 10
  • Chrome
Application to install
No
Designed for use on mobile devices
No
Service interface
Yes
Description of service interface
The device license is used via G Suite admin console
Accessibility standards
None or don’t know
Description of accessibility
Accessed via G Suite admin console
Accessibility testing
Testing available via admin console
API
Yes
What users can and can't do using the API
All controlled via Google Admin console
API documentation
No
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
Customers can push certain policies in the admin console to customize the user experience.

Scaling

Independence of resources
These device licenses run independent despite the demand

Analytics

Service usage metrics
Yes
Metrics types
This is available on the G Suite admin console, customer is able to measure key metrics, such as use of applications, time & date and many more.
Reporting types
  • API access
  • Reports on request

Resellers

Supplier type
Reseller providing extra support
Organisation whose services are being resold
Google and third party solutions

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
EU-US Privacy Shield agreement locations
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
In-house
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
No
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Via G Suite admin console
Data export formats
  • CSV
  • ODF
Data import formats
  • CSV
  • ODF

Data-in-transit protection

Data protection between buyer and supplier networks
Other
Other protection between networks
Security is built in the license.
Data protection within supplier network
Other
Other protection within supplier network
As a Chrome administrator, you can protect Chrome Browser users who visit untrusted sites by turning on site isolation.

Site isolation separates pages from different websites. When site isolation is turned on, it's harder for malicious sites to bypass security measures that exist to prevent data theft

Availability and resilience

Guaranteed availability
Contractually Google's Service Level is guaranteed to 99.9% availability for any calendar month and backed with service credits. Definitions and service credits are described at https://gsuite.google.com/intl/en-GB/terms/sla.html
Approach to resilience
To minimize service interruption due to hardware failures, natural disasters or other incidents, Google has built a highly redundant infrastructure of data centres.
Outage reporting
Google provides access to a G Suite dashboard offering performance information for G Suite services

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
Depending on administrator preference, users can be signed in via a federated identity service, including Active Directory, LDAP, DaaS or use G Suite as their identity provider. 2 Factor authentication is supported and can be enforced. Administrative access privileges are granted separately to individual users or groups.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Between 1 month and 6 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
Between 1 month and 6 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
EY CertifyPoint
ISO/IEC 27001 accreditation date
13/04/18
What the ISO/IEC 27001 doesn’t cover
Any service not listed on the ISO certificate is not covered.
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
Available on request
CSA STAR certification level
Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover
Any service not listed on the CSA STAR certificate is not covered
PCI certification
No
Other security certifications
Yes
Any other security certifications
  • ISO 27018
  • SOC 1
  • SOC 2
  • SOC 3

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Google’s customers and regulators expect independent verification of our security, privacy, and compliance controls. In order to provide this, Google undergoes several independent third-party audits on a regular basis. For each one, an independent auditor examines our data centres, infrastructure, and operations. Regular audits are conducted to certify our compliance with the auditing standards ISO 27001, SOC 2 and SOC 3, as well as with the U.S. Federal Information Security Modernization Act of 2014 (FISMA) for G Suite for Government.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
In Google production environments, software updates are manually vetted to ensure the stability of the system. Changes are then tested and cautiously rolled out to systems. The details vary somewhat depending on the service being considered, but all development work is separated from the operation systems, testing occurs in a multi-staged fashion in both environments and in dedicated test settings. Google can share, under NDA, the SOC2 audit report (based on standards from the International Auditing and Assurance Standards Board), which describes the change management process
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Google administrates a vulnerability management process that actively scans for security threats using a combination of commercially available and purpose-built tools, intensive automated/manual penetration efforts, quality assurance processes, software security reviews and external audits. The vulnerability management team is responsible for tracking and following up on vulnerabilities. Once a vulnerability requiring remediation has been identified, it is logged, prioritized according to severity, and assigned an owner. The vulnerability management team tracks such issues and follows up frequently until they can verify that the issues have been remediated. Google also maintains relationships and interfaces with members of the security research community.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Focused on information gathered from network traffic, employee actions on systems and outside knowledge of vulnerabilities. Traffic is inspected at many points for suspicious behaviour. Analysis is performed using open-source and commercial tools for traffic capture and parsing, supported by a correlation system built on top of Google technology. Analysis is supplemented by examining system logs for unusual behaviour, such as attempted access of customer data. Security engineers place standing alerts on public data repositories to look for security incidents that might affect company infrastructure. They actively review inbound security reports and monitor public mailing lists, blog posts, and wikis.
Incident management type
Supplier-defined controls
Incident management approach
If an incident occurs, the security team logs and prioritises it according to severity. Events directly impacting customers are assigned the highest priority. This process specifies courses of action, procedures for notification, escalation, mitigation, and documentation. Google’s incident management program is structured around NIST guidance on handling incidents. Key staff are trained in forensics and handling evidence in preparation for an event, including the use of third-party and proprietary tools. Testing of incident response plans is performed for key areas, such as systems that store sensitive customer information. Tests consider a variety of scenarios, including insider threats and software vulnerabilities.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£17.50 to £89 a licence a year
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Sign up for a Chrome Enterprise trial to start using the Google Admin console to manage and monitor devices running Chrome OS

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at alison.king@cts.co. Tell them what format you need. It will help if you say what assistive technology you use.