Security is becoming a pressing concern for enterprise IT companies in the digital age as threats are constantly evolving and testing their network infrastructure and endpoints. While potential vulnerabilities can be catastrophic, Windows 10 addresses many security scenarios. It’s combination of hardware/firmware security with software security is ushering in a new paradigm of enterprise protection. Windows 10 delivers a potent security arsenal with containerization, identity and access control, information protection, and malware resistance. The new platform provides a solid foundation from which to execute sophisticated cybersecurity strategies.
Adaptiva provides an overview of Windows 10’s host of security and non-security related features in our Top 5 Security Best Practices for Windows 10 in the Enterprise report. This report goes into detail about key features, how they work, and how to take advantage of them. Let’s look at some key topics that will be covered in much more detail in the report.
UEFI with Secure Boot
Windows 10 offers a secure way to protect yourself from bootloader tampering. The Unified Extensible Firmware Interface (UEFI) specification connects the computer’s firmware to its operating system (OS), replacing the old Basic Input Output System (BIOS) traditionally used on PCs. UEFI with Secure Boot ensures that when your PC boots, it only uses trusted software trusted by the PC manufacturer.
Credentials are clearly a vital part of networks for controlling and gaining access to systems. Credential Guard in Windows 10 leverages Microsoft’s Hyper-V hypervisor technology to strengthen some inherent weaknesses with credential validation. Known as virtualization-based security (VBS), this new standard will isolate and protect system and user secrets so that they cannot be stolen through “pass the hash” and other malicious attacks.
The Device Guard feature in Windows 10 allows users to mitigate the potentially damaging effects of running untrusted, unlicensed, or malicious applications on their system. Device Guard is a combination of hardware and software hardening features that utilize the new virtualization-based security (VBS) environment introduced in Windows 10.
Protecting locally-stored data has always posed a challenge even with modern day encryption methods. Windows 10’s BitLocker is at its most effective when it is used on a machine with a Trusted Platform Module (TPM) chip. The chip works with BitLocker to protect individual files as well as entire hard drives (both system and data). Some encryption information is stored in the chip, and some in Windows, making it easy to access—just log into Windows—and difficult to crack. Windows 10 includes is instrumentation that allows the operating system to fully manage the TPM, simplifying setup and management.
Windows Information Protection
The Windows Information Protection (WIP) feature, formerly known as Enterprise Data Protection, helps to secure data and applications from unauthorized use. With WIP you can’t send corporate documents through personal email or personal Dropbox account, for example. Specifically designed to work with Office 365 ProPlus and Azure Rights Management, WIP can distinguish between corporate and personal data. Then it can restrict what happens to corporate data.
So much to Learn
Windows 10 includes a plethora of other security-related elements that address many potential issues. Is your organization ready to start implementing these security capabilities? Check out Adaptiva’s Top 5 Security Best Practices for Windows 10 in the Enterprise report to learn more.
Gary Walker, Director of Customer Support, Adaptiva