Clearing the Air
Google’s New “No Chrome Browser Injection Policy” Has No Impact on Digital Guardian’s DLP Capabilities
Contrary to what McAfee implied in a recent blog post, with the release of Chrome 68, DLP products will no longer be able to inspect web uploads and/or block the upload when the Chrome browser is being used. Digital Guardian’s DLP solution still supports content inspection and policy enforcement on Google Chrome 68. Our DLP architecture includes a web inspection proxy in the endpoint agent which detects web transmissions and provides proactive mitigation options to prevent sensitive data loss.
In late 2017, Google made a decision to disallow 3rd party software code injection into the Chrome browser beginning in July 2018. They made that decision for a good reason: injecting code into any application can be risky. Unless you know with 100 percent certainty that the code is not malicious, you risk creating new vulnerabilities. Permitting injection could allow an attacker to gain access to your private information and actively blocking code injection can reduce this risk. But despite that good reason, many agent-based information security solutions such as AV and DLP solutions, like McAfee’s, rely on code injection to perform their core tasks.
Digital Guardian understood the impact of Google’s decision and engineered a new way to preserve critical DLP functionality for Chrome users. Our innovative approach is able to connect file information (e.g. sensitivity, location, type) with the transmission destination (e.g. an unauthorized external site). This provides security professionals with the ability to fully manage the risk of data loss, all done without the need for injection and therefore eliminating the potential for conflicts.
As of May 2018, per Netmarketshare.com, Chrome commands over 60 percent of the desktop/laptop browser market, the next player, Internet Explorer, has around 12 percent. So not supporting Chrome 68 (and future versions) was not an option – it would leave too big a gap in our customer’s data protection programs.
Just wanted to be clear. Google Chrome’s new no-injection policy may present challenges to other DLP providers, but Digital Guardian is good to go.