Shadow IT: Google Chrome Remote Desktop

I’ve seen quite a bit of Google Chrome Remote Desktop in the wild as of late, and to me it presents some challenges worth talking about and being aware of. The vast majority of SMB’s I’ve worked with over time standardize on Active Directory and Microsoft 365, so people are likely using personal Google accounts with this service. To me, it would seem Chrome Remote Desktop introduces risk that businesses should be aware of:

  • Shadow IT. Do you know if your employees are accessing your network this way? Are they circumventing policy and/or defined methods for remote access?
  • Potentially weak authentication. The default settings require the Google account username, password, and a PIN. AKA, a single factor.
  • No Audit and Accountability. Do you have the ability to log and monitor these connections?

This list goes on, but if you’d like help understanding these concerns, feel free to reach out!

Here is an example of a system being access remotely through the Chrome browser: