Google has begun disabling internet access for on-premises desktop PCs as it tests a measure aimed at increasing security across the organisation, according to internal documents.
The tech giant has started a pilot program to test the feasibility of restricting the internet on work machines, CNBC reported, though staff will still be able to use Google’s own tools like Drive, Docs, and Gmail.
Improving security was cited is the main reason for the test because “Googlers are frequent targets of attacks”.
Limiting internet access on their devices mitigates some of the risks if on-premises company devices get compromised – making it harder for malware to communicate with control servers for exfiltrating data or dropping further exploits.
A spokesperson for Google confirmed the trial’s existence to Information Age, saying that the security of its products and users was one of the company’s “top priorities”.
“We routinely explore ways to strengthen our internal systems against malicious attacks,” the spokesperson said.
Only around two per cent of Google desktops will be affected by the experiment that will also see root access removed for staff alongside internet limitations.
Employees will still be able to use the internet on their phones and laptops when at the office and they can choose to op-out of the program.
Google has been tightening its remote work policies, telling staff last month that it was going to closely monitor office attendance and start including it as a performance measure now to ensure Googlers are in the office at least three days a week.
The company’s chief people officer Fiona Cicconi told staff Googlers “there’s just no substitute for coming together in person”, as reported by CNBC.
Remote work can bring its own set of vulnerabilities as password manager LastPass discovered last year when an senior DevOps engineer had their personal PC breached thanks to an old Plex Media Server vulnerability.
Once the attacker was inside the engineer’s machine, they installed a keylogger and boosted AWS decryption keys from the employee’s LastPass corporate vault.
A push to secure remote work has been part of Microsoft’s pitch for enterprises to run Windows from the cloud.
Microsoft has also proven the importance of hardening security following its revelation that a Chinese-based threat actor forged Azure Active Directory tokens to break into email accounts belonging to US government agencies.