2 New Windows 10 Security Features Worth Knowing About

2Windows10FeaturesMuch has been said about Windows 10 and more specifically about its built-in security features. We’ll take a closer look at two new security features Microsoft’s latest OS brings to the table: Data Loss Prevention and Windows Device Guard. They both help to solve data loss.

Data loss is a big problem as we all know. Different types of solutions have been available for Windows including technologies such EFs, Bit locker, BitLocker To Go Reader and AD RMS to name a few.

I recently read a statistic in a study by Stroz Friedberg that claims 87 percent of senior managers admit to regularly uploading work files to cloud services such as Google Drive or OneDrive; 58 percent have accidentally sent the wrong person sensitive information and 51 percent have taken files with them after leaving a job. Traditional security and encryption methods such as the ones I mentioned only work if the user chooses to use them. So, the challenge is making the security transparent so it’s always in place regardless of how the user consumes the data.

Separating Personal and Corporate Data

Windows 10 addresses the security problem with a Data Loss Prevention (DLP) solution that separates corporate and personal data and helps to protect it using containers. Devices will be segregated into two containers — one for personal data and one for corporate. Any data coming in from a defined corporate source will automatically be placed in the appropriate container. Windows 10 will automatically encrypt corporate apps, data, email, website content and other sensitive information, as it arrives on the device and only authorized apps can read the data. Users will have the choice when creating new data as to which container to place the data in and policies can even go so far as designating all new data as corporate by policy.

IT controls the necessary keys to access and remotely wipe the data from a device. In case a lost device’s keys are not cached, the keys are reacquired with every use. In such a case, there are no keys stored locally to be compromised. Even locking the device removes the keys. The beauty is that this works across all Windows 10 platforms including PCs, tablets and phones and users don’t need to switch the device between work and personal mode making the experience seamless and therefore “user proof”. Readers are also available for iOS and many flavors of Android.

Guarding Devices from Malware

Another challenge we’ve always faced in IT is keeping devices safe from malware. Once upon a time all we had to worry about was a computer getting infected with a virus that, in the worst- case scenario, would require us to wipe and rebuilt it. Recently things have gotten much more serious. Hackers can use malware to ransom our data by encrypting it and selling some unfortunate user the recovery keys, or to steal credentials to secure websites such as banks. Keeping ahead of the bad guys is a challenge that most IT departments struggle with. Traditionally, we try to educate our users on what to do and what not to do. Then, we rely on anti-virus software to detect malicious behavior and save us from ourselves.

Windows 10 takes another approach, one learned from the mobile world. Windows Device Guard no longer allows everything and anything to run on our PCs and devices with the hope that anti-malware software can detect threats and protect us from them. Instead, Windows has taken a page from the mobile device playbook and only allows applications that have been certified and digitally signed to be installed, like those found in the Windows store.

This way you can’t just run any old .exe or .msi file even if you are the administrator, much less if the code comes from a malicious source. All applications must be signed by specific software vendors, the Windows Store, or even your own organization for apps that are developed in-house or from vendors that might not be around anymore. Windows 10 puts you in control of what sources Device Guard considers trustworthy and it comes with tools that can make it easy to sign any app, and once you have signed the app and added it to the catalogue of trusted sources for your enterprise these apps will be trusted by all Windows 10 devices.

Cybersecurity is a concern for all of us, individuals as well as big businesses. Windows 10 offers two new tools to actively address threats with advancements in both information protection and threat resistance. Take advantage of them.

Related Courses
Installing and Configuring Windows 10 (M20697-1A)
Deploying and Managing Windows 10 Using Enterprise Services (M20697-2A)
Supporting and Troubleshooting Windows 10 (M10982)

In this article

Join the Conversation