For many years, Microsoft has touted their commitment to security and trusted computing. With each new iteration of Windows, Microsoft introduces a new set of strategies to foil the unyielding efforts of cyber-attackers. Microsoft has identified several key areas to focus on securing in their latest operating system.
The password is the bane of today’s user as well as the security professionals tasked with protecting the devices and data you use. One of today’s most common methods of breaking into a computer system is by using stolen passwords. Why is it so popular? Well, because it is so easy. Microsoft aims to make this much more difficult though in Windows 10 by including multi-factor authentication directly into the operating system. Let’s talk about the ways you can authenticate so this becomes clearer. First, you can provide something you know like a password to prove you are who you are. You can provide something you have like a smartcard or a code from a key generator like an RSA key. Finally, you can provide something you are…this sounds a little weird, but what we are talking about is biometrics like a finger- print. Most systems will let you use one of these methods and to a certain degree stealing any one of these authentication methods can be accomplished easily, and an attacker then has the keys to the kingdom. If you start mixing and matching them say by using biometrics and an RSA key it becomes much harder to get both when trying to compromise a system. Windows 10 includes everything you need to set this type of authentication up out of the box with no additional software needed. Another feature of this built-in, multi-factor authentication is the ability to enroll devices as the something you have. For example, you can enroll your laptop and add fingerprint scanning as your two forms of authentication. In this example, anyone trying to access your network account would need to be physically using the laptop you enrolled and have your fingerprint in order to be authenticated. The device enrollment can be implemented a few ways. You can enroll a single device or multiple devices you use to access the network with or you can enroll a Windows 10 phone and use it like a secure key that communicates with whatever device you are using via Bluetooth, like a smart card. Multi-factor authentication is not a new concept but it is the first time Microsoft has built the ability to use multi-factor authentication into the Windows operating system rather than just handing it off to a third party vendor. This shift could eventually spell the end of the password…I hope.
Another area Microsoft is focusing on is securing data. Microsoft does a fine job securing data on your network and local machine using technologies like permissions and encryption like BitLocker, but what about when it leaves like in an email or is shared and someone makes a copy and suddenly your data is out in the wild and you have no control over who can see it. With the latest round of security that is being baked into Windows 10, Office 365, and the rest of Microsoft’s suite of products you will be able to control everything. You will be able to classify data and apply rules that scan documents and files for those data classifications, and if the rule says it can’t be emailed the file will not go out over an email. If you are accessing a classified contract on a Word application on a phone and the rules for that type of file say that you can take a screen capture or copy the text in any way all those features are disabled on the device even if it is an Android or iPhone. And it all works seamlessly behind the scenes. The corporate data is always kept separated from personal data on mobile devices, but transition between the two is undetectable by the user.
Lastly, Trusted Apps. When it comes to employee computers, the unapproved software that gets installed either on purpose or by accident can have an effect on the performance and security of the system. With Windows 10 you can lock the system down so that it can only install apps that have been digitally signed by a Microsoft authorized signing service, similar to the way applications in the Microsoft App Store are vetted and signed to make sure they contain no malware. You can even go so far as to create a white list of trusted software, and any application not on the list will not be installed.
While these are not the only new security related features Windows 10 has to offer these are the ones that are most directly geared at blocking some of the most common attacks and data breaches of the last year or so.