Enabling Secure Collaboration with Windows 10
Workplace evolution has created a number of security challenges. Microsoft’s latest operating system is equipped to address them.
The evolving technology of mobile devices, wireless connectivity, cloud computing, data analytics and advanced operating systems has transformed how people work. This new model of work is marked by unprecedented levels of collaboration.
At the same time, cybersecurity has emerged as a top concern for organizations in every industry. The transformation of work, with its high levels of data sharing and blurring of network boundaries, has brought new cybersecurity challenges. IT departments must deal with two tasks simultaneously: enabling a virtualized, highly collaborative workplace and protecting data and the high availability of IT services needed in this environment.
“We’re seeing a whole digital transformation,” says Jim Menendez, a cybersecurity practice lead at consultancy CGI. “Workflows are less defined since computing resources are coming from the cloud.” Security, he says, is essential to derive the most value from transformation.
Building In Security
There is good news for organizations seeking to secure the data and applications that are driving workplace transformation. Many new products are coming to market with security in mind. For example, Microsoft Windows 10 has crucial built-in features that address cybersecurity concerns while enabling organizations to continue the evolution of the workplace.
A Forrester Research report released in 2016 states that Windows 10 includes a number of new and updated features “to manage and improve security and encryption.” Forrester said organizations deploying Windows 10 reported enhanced data protection and fewer security problems that required remediation.
“In security, there are a lot of things Microsoft is doing; the key thing is their multi-pronged approach. They’re doing things to harden the operating system [OS] on an ongoing basis,” adds analyst Michael Cherry, a Windows client expert at Directions on Microsoft, an independent IT planning information service.”
These efforts, in turn, create greater confidence in workplace transformation among enterprises.
The widespread use of cloud services is essential to the new workplace. Among the ways organizations are using cloud are: software development, provisioning of mobile and desktop devices, and hosting of specific document management and collaboration platforms such as Microsoft Sharepoint.
These technologies enable productive work anywhere at any time on nearly any device. However, this computing architecture presents a security issue.
“Signature detection of malware is becoming more difficult,” says Wayne Anderson, director of global client information security at Avanade, an IT consultancy. “Some malware doesn’t even require a file on your system. It changes the way you look at security.”
In this scenario, users accessing cloud services via a browser may invoke malware on the network, most likely with a browser application, but the malicious file is never written to a disk or stored locally.
With Windows 10, Anderson says, “Microsoft is on top of that trend.”
Advanced Security Features
Enterprise Windows 10 users can implement Windows Defender Advanced Threat Protection (WDATP). This service detects and reports on threats at the local device level, on the network and with cloud providers. It uses machine learning algorithms to analyze threat information from sources, including anonymized data from Windows 10 enterprise customers and from 200 of Microsoft’s own cloud services, to alert IT security teams of risks anywhere on their networks, including on individual devices and down to the file level.
With Windows 10, Microsoft added to WDATP’s capability. Now it can detect malware in memory, before it is written to disk.
Data gathering about worldwide threat activity also helps to secure Windows 10 enterprise users. Microsoft engineers collect and analyze this data in Microsoft’s own cloud.
“Indicators of threat or attack are sent to the Microsoft cloud for analysis,” says Greg Peterson, director of Avanade’s global security technical operations team. “If you have a problem, you’ll know if it’s unique to you, or if you’re one in a million.”
And it gives security professionals time to deal with threats. “WDATP isn’t about stopping threats but instead reducing dwell time detection so you can start taking action,” says Cherry.
Microsoft also has added Defender Application Guard, which it describes as “a lightweight virtual machine that helps isolate potentially malicious website activity from reaching your operating systems, apps and data.”
Applications are prime entry points for cyberattacks. With many applications and software suites moving to the cloud, organizations no longer have the headaches of multiple versions. IT teams have slimmer storage requirements, less need for data deduplication and fewer management chores when applications and data reside in the cloud.
This model requires the type of security provided by Defender Application Guard. The essential feature of Application Guard uses virtualization to create an isolated environment for using the web via Microsoft’s Edge browser. Windows 10 also employs virtualization-based security to isolate vulnerable OS processes, diminishing the chance a browser hack will get through to Windows 10 or to any data.
User authentication also presents a challenge to many organizations, as the password paradigm grows more brittle. Another Windows 10 feature, Windows Hello, addresses this challenge. Hello is a biometric authentication system that was first offered on some Microsoft PCs and tablets that were equipped with cameras, iris readers or fingerprint scanners. Since its introduction, Microsoft has enhanced Hello. Now, it’s available for a growing list of other products. For example, third-party cloud applications, including Dropbox, accessed on the Edge browser, let users log in biometrically. Hello login also works to provide users access to Microsoft, Active Directory and Azure Active Directory accounts.
IT departments can configure Windows 10 Hello for Business according to organizational policy. This feature implements two-factor, key-based authentication that enables both single sign-on and remote access while improving resistance to breaches and theft.
The new paradigm of working combines the capabilities of mobility, analytics, data sharing, collaboration and the cloud. The advantages this delivers enable greater productivity and efficiency, but it also requires an advanced approach to cybersecurity. The Windows 10 platform enables open collaboration with safety.
1/3
The factor by which a Windows 10 deployment can reduce desktop security issue remediation time
SOURCE: Forrester Research, “The Total Economic Impact Of Microsoft Windows 10,” June 2016
Energy & Utilities
How Energy Firms Can Keep Pace with Threats
Companies and public authorities have been the frequent targets of cyberattacks, which are potentially catastrophic. Security for utilities has been the subject of intense research by the industry.
Utilities must modernize their IT infrastructures to keep pace with cyber-attackers. One way is by adopting cloud-hosted applications that provide multi-factor authentication and automatic failover to distributed data centers. Microsoft’s Azure Active Directory delivers these features via the cloud. This helps to ensure that only authorized users gain access and that sessions are isolated from adjacent applications, thereby limiting the damage an attack can do.
Corporate
Bolstering Security in Corporate Mobile Deployments
Many businesses are giving users greater choice in how and where they want to work to be most effective. Employers have explored a variety of strategies for on-boarding mobile devices into existing infrastructures.
Most organizations support a finite number of mobile devices. IT leaders must ensure that personal apps and data don’t mix with enterprise systems. The latest versions of mobile device management (MDM) packages, such as AirWatch Express from VMware, boost security while balancing convenience. For example, MDM provides capabilities such as remote wiping and device tracking; but it saves time by configuring devices to automatically connect with authorized Wi-Fi networks.
Healthcare
A Healthier Security Environment for Medical Providers
Healthcare providers face numerous security threats, such as the rising potential for hacking of medical devices that now use the internet. Under the Health Insurance Portability and Accountability Act, the medical community is required to protect patient health information.
Windows 10 is ideally suited to improve security in this environment. Its virtualization technology isolates internet activity conducted within the Edge browser so that online sessions don’t have the potential to become gateways to enterprise-level information.
Microsoft’s Enterprise Data Protection feature provides persistent file-level encryption to protect data residing on medical systems and manages rights to medical information to make sure that only authorized users access it.
Retail
Windows 10 Security Features and Retail Sales
Many retailers are replacing cash registers with mobile point-of-sale (mPOS) devices that enable users to perform a variety of functions, including conducting transactions for customers from anywhere in a store.
An important security consideration in such settings is when users have rights to specific online services. Windows 10’s Hello biometric ID capability helps retailers to ensure that only authorized store personnel can have access to mPOS devices or log on to an enterprise network. Further, Microsoft’s Windows Information Protection provides data loss prevention features, which ensure that customer data doesn’t fall into the wrong hands.
Education
How Windows 10 Can Help Protect Student Data
Laptops and devices such as Microsoft Surface Pro tablets have become classroom and homework staples. Windows 10 gives schools and universities ease of administration and access to both local and cloud-based services and data.
Microsoft also launched Intune for Education, a new cloud-based application and device management service tailored to schools and educational institutions. Intune enables easy setup and management in shared learning environments, allowing administrators to quickly set up default policies for devices and users. This capability reduces the burden on IT administrators while setting a higher standard for security.
Sports & Entertainment
Windows 10: Strong Defense for Sports and Entertainment
Sports and entertainment venues face a challenge in securing their widely dispersed points of sale. As concessions efforts become more sophisticated, and more venues accept credit cards for transactions, security is a growing priority.
By deploying mobile point-of-sale applications on tablets or smartphones running Windows 10, venues gain assured, two-factor sign-in for their associates. With the Edge browser, their sessions are safe from hacking. By using the devices in conjunction with cloud services such as Azure Active Directory, venues get enhanced security and greater application availability; avoiding downtime and the resulting loss of revenue and customer service.
State and Local
How Windows 10 Security Features Protect Government Data
Government agencies at the state and local levels possess large amounts of sensitive data, such as business and personal tax records. Such data is subject to legal protection and to the expectation by citizens that the government will safeguard their privacy.
By using cloud-hosted applications in virtualized sessions within the Windows 10 Edge browser, agency users can have assurance that the databases they’re accessing will be protected. When cybercriminals carry out malware-based attacks, the behavioral analysis and threat intelligence capabilities of Windows Defender Advanced Threat Protection can help IT personnel detect an attack quickly and take defensive measures.
Windows 10 and CDW can help your organization deploy this innovative platform
MKT14M297