Every new Microsoft operating system release is both a cause for celebration and a cause for serious consternation and concern among IT folks. New features tend to resolve persistent problems and make things a little easier for end-users. We already know the new Start menu is going to make workers more productive, and there will be a clearer divide between desktop and touch users (the OS will know which one you are using).
Thankfully, in terms of security, there's always a few new features to protect not only employees from would-be hackers but to protect the company from a data breach. Still, there's always a possibility that the new OS will provide new attack vectors, especially related to phishing and viruses, that are as yet unknown.
With Windows 10, it's clear Microsoft wants to bolster security without opening up any new holes. For the most part, after testing the preview build, it's clear most of the changes are related to usability and solving that Start menu issue for end-users. The tech giant is not trying to reinvent the wheel again with a dramatically new UI, which is good news for security pros.
Fewer weak points
Brenden Vaughan, a threat research manager at Webroot, says it's a big step in reducing security threats. "With the release of Windows 10, Microsoft is introducing a number of security improvements that should make the world of computing a significantly safer place. All things considered, the security improvements Microsoft is making for Windows 10 sound very promising. Much of it still relies on IT admins and end-users to use the tools at their disposal correctly, but Windows 10 should provide hackers fewer weaknesses to exploit."
In examining the features in the preview build for Windows 10 and the early Microsoft reports about features, the experts agree that the security upgrades look like a major win for those who worry about data breaches. Here are the top new enhancements to ward off hackers.
1. Multi-factor authentication
We already know that Microsoft will add new methods of authentication. IT analyst Charles King says the most important change is that the user will have a few flexible and workable options. For example, if you use a Windows Phone smartphone, you can enable a feature that requires the device to be connected over Bluetooth or Wi-Fi in order to gain access. (This feature has already been available on HP laptops for some time, but now it's baked into the OS).
King says the other options include the requirement to have a biometric device such as a fingerprint reader used as a second authentication in addition to a password. As we've already seen with enhancements to Mac and iOS devices, having a second form of authentication can radically change how easy or hard it is to break into a device. Having these features baked into the OS means it will be easier to deploy and manage them.
2. Separation of corporate and personal data
We've seen this trend already on smartphones like the BlackBerry Bold and the Samsung Galaxy S5 where corporate data is locked down and encrypted in a separate portal from all personal apps and data. King says this will be a feature in Windows 10 and will occur "on the fly" without the end-user even knowing (or understanding) what is happening.
"All apps, data, email, website content, etc. defined as 'corporate' will be automatically encrypted without user intervention. Windows Phone will support the same technology so that protected documents can be accessed via the phone," says King.
3. Trusted apps
Ask any IT pro about a typical cause for headaches when it comes to end-user computers and you'll likely get an earful about unauthorised end-user apps. Employees sometimes browse to unknown sites and see a prompt to install an application that looks helpful, or purposefully try to install their own app that's not approved for enterprise use. Then the problems start.
Fortunately, Microsoft is taking action on this security issue as well. Trusted apps will be those that are approved by IT to run and must be authenticated first.
"Microsoft also hopes to make it easier for users to stay free of malware with Windows 10 by providing the ability to lock down devices, allowing only trusted applications to be installed and executed," King says. "These trusted applications must be signed by a Microsoft authorized signing service and organizations will have total flexibility to decide which applications they deem trustworthy."
Derek Tumulak, the vice president of product management at Vormetric, notes that the operating system is making a reach beyond OS functions, logins/authentication, and user access control into a fuller security infrastructure platform that addresses the reason security threats arise in large companies.
"Extending the capabilities to 'lock down' the software set used on PCs and mobile devices by prohibiting installations of software that aren't specifically authorised is something that would really have helped prevent the many recent retail POS breaches on those dedicated machines," Tumulak says, referring to recent data breaches at companies like Target.
More in the pipeline
In the end, adding these improvements should help admins and executives at large companies that need to manage a complex IT infrastructure and maintain security. "These are all features that should help businesses attain better security by gaining greater control over the company endpoints used by employees," King observes. "With the escalation of cybercriminal activities against corporations, businesses need to be more proactive in the ways they protect themselves. These initial Windows 10 security options should help them do just that but I expect we'll see additional features as Windows 10 continues to evolve."
Of course, only time will tell if the new OS, set to debut next year, lives up to these claims of enhanced security, and if data breaches start occurring less frequently for end-users.