This year has been an exciting one for technology enthusiasts, particularly those waiting for Microsoft to release its newest operating system, Windows 10. Having received widespread positive acceptance, Windows 10 reached 75 million downloads from July 29th to August 26th. I can tell our users that the transition from Windows 7 and 8 to Windows 10 is as painless as it can get. But we cannot discuss the wonders of Windows for business without addressing the elephant that will never leave the room... security. How does the latest and greatest of Windows help your business stay secure? Here at Beringer we want to help our clients feel as safe as possible with their data. So without further ado, let's talk security.
Device Guard is one of the new approaches Microsoft has taken with Windows 10 to secure your device's safety. Technically speaking, Device Guard's concept isn't entirely new. Microsoft implemented the concept to some extent with UEFI in Windows 8 and the Windows Phone 8 OS. The idea is simple, rather than relying upon the operating system and/or anti-malware programs to stop malicious software, security is enforced on the hardware level. Device Guard uses hardware and virtualization, allowing the Windows' decision-making function to work independently from the operating system. What does all this gibberish mean? Malicious attacks that have full-system access on your PC won't be immune to Device Guard. The security feature will be able to help deal with these compromises even if your traditional software solutions would fail. Device Guard isn't a replacement for anti-malware software, just its new best friend.
Windows Hello is part of Microsoft's approach to improve login security. Windows Hello is a feature that incorporates bio-metric scanning in order to protect your PC from unwanted logins. More recent Windows 10 devices that have Intel's 3D Real Sense Camera can provide retinal scanning and likewise for devices with fingerprint scanners. Passwords have not been eliminated, but it's clear that Microsoft is working toward a secure enterprise environment in which forgetting your login password isn't the end of the world. Windows Hello also supports multi-device authentication. Business customers can utilize Windows Hello between their cellular device and PC. Users with their devices linked can use their cellphone as a smart card, in a sense, to ensure that someone else cannot log in without that device present. A quick scan of my fingerprint and detection of my phone in my pocket prompts my laptop to allow me entry. Even if my laptop were stolen and the perpetrator had my password, the authentication required from my phone would ensure security. If connected to my PC via Wi-Fi or Bluetooth, I can enter my computer's password into my phone and use my mobile device as my sole method of entry.
Passport is another great feature that is intended to improve login security. Once a user is logged into his or her device, Passport allows you to log into trusted applications, like Azure, without entering in another password. Microsoft is part of the FIDO (Fast IDentity Online) Alliance. Because of this, third party applications are allowed to work with Microsoft on Passport compatibility. The potential of this solution is that I could scan my iris to log into my PC via Windows Hello and then log into services like Azure, my bank account or other encrypted services without the redundancy of multiple passwords.
I think I've rattled on enough about the outstanding approaches Microsoft has taken to improve security…or have I? Stay tuned for Part II where I'll discuss Microsoft's approach to security with its Azure platform and threat-prevention.
Beringer Associates is always here to provide expert knowledge in topics like these. Please contact us with any questions you may have.