By Aaron Lint, Security Lead, Prasanna Gautam, Technical Lead, Protocols, David Oh, Member of Technical Staff, Kas Sarmeidani, Member of Technical Staff and Leslie Ankney, Director of Communications
Welcome to Engineering at Anchorage Digital! As a fast-scaling company, Anchorage Digital’s technical staff is core to our institutional digital asset platform. We are excited to showcase the great work being done by our engineering team to help institutions participate in the digital asset ecosystem.
For our Medium followers, we first want to say: thank you for following news about Anchorage Digital over the years. This page will now feature engineering-specific content, starting with a deep-dive today into why we built our internal security architecture on Chromebooks. You can follow our Twitter and LinkedIn pages for company news and updates or check out our company Insights blog — and of course, we hope you’ll continue following this page.
Launched in San Francisco in 2017, Anchorage Digital is a regulated crypto platform that provides institutions with integrated financial services and infrastructure solutions. Two security industry veterans founded the company with the goal to secure digital assets, and security is foundational in everything we do. Our differentiated custody solution protects billions of dollars in digital assets — all without compromising accessibility. So when it came to selecting workstations — the computer and hardware setup for our team — security was our top priority.
Our decision to use Chromebooks as our main hardware and OS at Anchorage Digital was an uncommon choice. It was driven by this central desire to enable the highest level of security. When it came to selecting our hardware and operating systems, we knew we would need a combination of security, developer productivity, and scalable choices as we grew. Early on, we decided to use Chromebook Pixelbooks with strong hardware Two Factor Authentication (2FA) as our computers of choice for most employee activities. These most easily allow us to safely sandbox sensitive company data and maintain an extremely high standard for security.
Beyond the standard concerns to prevent security breaches that happen every year¹, we take additional precautions as a company operating in the crypto industry, which is especially tempting for hackers. Zero-day attacks targeting crypto exchange employees are just one of the many examples of elevated risk in our industry. Google’s ChromeOS allows us to stay nimble and run the latest secure code while developing cutting edge technology and security for our customers, along with additional security measures we’ve taken when it comes to employee workstations.
Our hardware selection
For growing companies like ours, scaling highly secure, auditable access while balancing the cost and friction of those controls presents a variety of challenges. This can acutely manifest if the choice is made to deploy and maintain perimeter Virtual Private Network (VPN) servers, which create a single point of failure, compromise, and bottleneck which can become brittle as companies expand.
Our selections are as follows:
- Chromebooks using up to date, Verified Boot ChromeOS
- Hardware for non-carrier based two-factor authentication
- Isolation of non-Chromebook hardware from corporate network
- Policies enforced through Chrome Enterprise which prevent arbitrary installation of untrusted applications and extensions
Using Chromebooks allows us to cleanly restrict access to company-managed and approved devices only. We rely on the Chromebook-native principles adhering to the BeyondCorp philosophy, ensuring that every internal application is hardened with strong cryptography and access controls directly. This is an intentional choice of embedded security instead of introducing perimeter services (like VPNs) which, once breached, allow an attacker to more freely pivot on an internal corporate network. We took steps to further deepen our resiliency against credentials-based attacks by using 2FA on our hardware. And these choices have paid off: Since our launch, there’s been no need to introduce services that have to be managed outside the Chrome Enterprise ecosystem; we use the Identity Aware Proxy to enforce meaningful hardware-level policies as a part of every authentication and authorization decision.
Over time, we have consistently found that Chromebooks have evolved with our increased security needs. Most new Chromebooks now come equipped with the Titan C chip, which helps ensure the devices have a strong hardware root of trust where tampering will be detected and unauthorized access blocked, ensuring coherent, integrated data protection.
Although it requires some reconsideration of norms in corporate computing, enabling Anchorage Digital employees with ChromeOS was based on a commitment to the “Defense in Depth” philosophy. This secure design pattern ensures that attackers must circumvent multiple layers of protection to impact operations. This increases the effectiveness of integrated monitoring and response capabilities for detecting even small attacker footholds, long before real, costly organizational impact.
Additionally, from a device management and security operations perspective, these choices make onboarding and offboarding employees safer and easier. It is easy to reliably and verifiably wipe devices remotely, and track the machines through the cleaning and reset process when the Chromebooks are either reassigned or decommissioned. A certificate of data destruction is provided upon request.
Selecting Chromebooks initially presented a challenge of creating our own onboarding processes from scratch. For the first few years, the setup was simple enough that our engineering team could manage it directly. However, as Anchorage Digital scaled to hundreds of employees, and we had to coordinate replacing and refreshing the laptops, self-managing became challenging. The IT team was starting to make daily trips to storage units and FedEx.
Today, we’ve created a way to pre-configure our new employee Chromebooks that removes our need to store and ship them ourselves by partnering with a company that handles full lifecycle inventory management, from storage, deployment, retrieval, and disposal. Now we can send a new workstation with a couple of clicks. We also offer all new employees a comprehensive onboarding process including training for using Chromebooks, webapps, and security best practices.
As we’ve shifted to a remote-friendly work culture, the ability to easily ship a pre-configured system meeting our parameters has made it equally easy for employees to quickly start work and for us to quickly ship them what they need. More importantly, relying on ChromeOS has significantly reduced our attack surface in terms of concerns that security teams are all too often faced with — the reduced footprint of the OS, the out-of-the–box containerized capabilities, and device integrity features. This baseline level of security allows our security engineers to focus on building secure code and deploying prevention capabilities, instead of spending countless hours with incident response and recovery.
Limitations and exceptions
We have also formulated innovative ways to work in combination with expanding our workstations to the Cloud. This allows us to provision workstations for employees whether they work in our physical offices or remotely. Each workstation we provide uses the Google Cloud to link a user’s authenticated identities to their Chromebook device, ensuring that configurations are standardized across the company. When members of our team need help or larger disk space, IT requests can be addressed remotely with appropriate escalation and approval paths.
That said, not everyone can do everything with Chromebooks or even Linux workstations in the cloud. A designer who needs to work with cutting edge graphics tools in Photoshop, or an iOS engineer, for example, needs to use MacOS. We prefer to use web-based tools like Figma for cross-team sharing, but some of the work makes a Macbook essential. Rarely, some teams also need to use Windows workstations to access restricted documents requiring certain versions of Microsoft Excel or Adobe Acrobat. In those instances, we use cloud workstations that can be created on demand using cloud native tools like Terraform. We still get the same flexibility of being able to use the required or mandated tools for the job without adding a new attack surface.
Compliance, Management, and Monitoring
Choosing Chromebooks simplified our compliance efforts significantly compared to rolling out our own system. Centralizing and monitoring the devices helps us provide metrics that would have taken other companies much more work. This lets us focus on security and improvement on our key product and less on IT.
Chrome device policies provide a simplified management experience that helps us eliminate risky behaviors across the organization by providing the control we need to rapidly apply configuration changes. A key example is the restriction of apps and extensions through allowlisting while still providing the flexibility users need to request exceptions and new additions that are reviewed on a per-request basis.
On the monitoring side, we rely on the native Beyond Corp Data Loss Prevention capabilities Chrome provides, which allow us to easily audit and control movements of sensitive data such as downloads, copy-paste, or dragged and dropped activities from members of our company. We have set up alerts for some highly sensitive Data Loss Prevention activities such as downloads of Personal Identifying Information (PII) information from internal applications, and are working on expanding further our threat detection use cases relying on Beyond Corp enterprise as well as additional third-party solutions.
The Future of Chromebooks at Anchorage Digital
Anchorage Digital has scaled the company for the past five years using Chromebooks and the capabilities provided by Google Cloud and Google Workspace in our mission to provide a safe and secure digital assets platform for Institutions. Our employees have shown flexibility in adjusting to this novel system, and we’ve been pleased with the progress and continual improvements in security posture of the ecosystem.
We’d like to credit Diogo Mónica, Nathan McCauley, Boaz Avital, Viktor Stanchev, João Peixoto, Aaron Lint, and Prasanna Gautam who were the foundational leaders in selecting our workstation solutions and implementing a security-first process. We also would like to thank Amethyst Hills for managing the whole Chromebooks provisioning, management and replacement processes from her home as we went remote. Taking on this mountain of work on top of existing responsibilities until we had a dedicated IT team was a huge feat. We also would like to thank Sofia Fidalgo for navigating and scaling this operation in Portugal.
Anchorage Digital endeavors to provide accurate information through its communication, but cannot guarantee all content is correct, or updated. “Anchorage Digital” refers to services that are offered through Anchorage Hold, LLC, a Delaware limited liability company and registered Money Services Business, Anchorage Digital Bank National Association, an OCC-chartered national trust bank, Anchorage Lending CA LLC, or Anchorage Digital Singapore Pte Ltd, a Singapore private limited company, all wholly-owned subsidiaries of Anchor Labs, Inc., a Delaware corporation.
Anchorage Digital does not engage in the trading, offer, or sale of securities and does not provide legal, tax, or investment advice.