Technology Decision Makers

last person joined: 22 days ago 

A group for those in nonprofit IT decision-making roles to connect with peers and share best practices. This Technology Decision Makers group is for nonprofit IT or MIS Directors/Managers as well as CIOs and CTOs to connect with their peers and share best practices. Topics for discussion include, but are not limited to: hardware and software management, product reviews, emerging technology, best practices, collaborating effectively with other departments, and management conundrums. Membership is restricted to IT staff at nonprofit organizations.

End of Life Chromebooks - risks and mitigations

  • 1.  End of Life Chromebooks - risks and mitigations

    Posted Jun 03, 2019 11:49
    Thinking a number organizations might be facing this.

    I have a client with several hundred Chromebooks going End-of-Life (EOL) in 2019. Replacement cost is >$100,000 (non-trivial for this org) and they have asked me to assess risk and suggest mitigations if they don't replace them.

    I outlined risks as things like remote code exec via website drive-by as most likely vulnerabilities they would be stuck with. Especially since these Chromebooks are used by young people without any awareness training.

    I suggested that they could implement DNS protection via OpenDNS Umbrella or something similar as a mitigation. Would add cost, but much less than replacing hundreds of Chromebooks.

    My questions for the group:

    What risks of EOL Chromebooks am I missing?
    What mitigations (other than replacement) am I failing to think of?

    Joshua Peskay
    Vice President
    RoundTable Technology
    2020 Nonprofit Technology Conference Logo  w/ Baltimore Skyline

  • 2.  RE: End of Life Chromebooks - risks and mitigations

    Posted Jun 03, 2019 13:05
    Umbrella is a great idea Joshua!

    An alternative would be having them use Quad9 for DNS which has many of the OpenDNS/Umbrella protections though w/o the centralized management of Umbrella.

    Finally, I wonder if any of the spend avoided by moving to a DNS solution can be shifted to perimeter based defenses (e.g. sandboxing etc at the firewall level) IF they're largely on one managed network.

    As for the devices per se, I'd be interested in seeing if there's a roadmap of when Chrome updates are scheduled to stop because, as we noticed from some EOL Chromeboxes we have, being EOL doesn't mean that Chrome updates stop. For us the biggest obstacle is that things like using Android apps on a CB isn't an option when EOL.

    Finally, this might help extend the life but I feel it's a short-term fix: 

    Ken Montenegro
    Gender Pronouns: he/him
    Information Technology Director
    Asian Americans Advancing Justice | Los Angeles

    1145 Wilshire Blvd. Los Angeles, CA 90017
    T: (213) 977-7500 (213) 241-0219
    C: (323) 545-4904
    F: (213) 977-7595
    Building upon the legacy of the
    Asian Pacific American Legal Center

    2020 Nonprofit Technology Conference Logo  w/ Baltimore Skyline