Windows 10 Secures Your Company’s Confidential Information
Windows 10 is a major upgrade for Microsoft that offers significant security enhancements for businesses. Here are a few of its security features and how you can make them work for you.
One much-appreciated feature of the Windows 10 enterprise system is that security fixes, patches and updates occur automatically — unless you’d prefer to schedule them, which is an option. Peer-to-peer updates will allow offices with limited bandwidth to distribute updates themselves instead of having each Personal Computer (PC) download them separately. Otherwise, you don’t have to think about it — everything will be pushed to your devices as it comes out.
Described by CIO as a "really beefy bouncer" for your devices, Device Guard takes a hard look at any app you try to download (on any device running Windows 10) and alerts you if it was developed anonymously or has not been approved by the Windows app store. That should take care of a lot of security issues, but it’s not intended to be a replacement for antivirus software, Microsoft cautions — rather, it can help the software do its job better.
Device Guard can be used not just by the usual mix of PCs, laptops, tablets and smartphones, but also by point-of-sale systems and ATM machines — and even future Internet of Things devices.
Companies can configure Device Guard to be as aggressive as they want it to be. Acer, Fujitsu, HP, NCR, Lenovo, Par and Toshiba are working with Microsoft to install it on all their Windows-based devices.
Fingerprints and eye scans
Windows Hello is Microsoft’s leap into a future beyond passwords, which as we all know come in two unappetizing flavors: easy to hack or impossible to remember.
Hello uses biometric technology — fingerprint readers or iris scanners — to identify authorized users. The only catch is, you have to have computers with the hardware and software to support Windows Biometric Framework. Some computers already have fingerprint-reading capability, and Microsoft says it’s working with its hardware partners to prepare more devices that will ship with technology that puts Hello at your fingertips — or in your sights, whichever you prefer.
Devices with Hello equipment can also use Passport, which provides two-factor authentication for accessing all apps and programs with one access code. Instead of using various passwords to log into apps or sites, users log on to the device itself, and after that, they can access anything without having to enter passwords.
With Windows 10, Microsoft is extending the capability of its Bitlocker encryption feature, designed to protect corporate data. It enables automatic encryption of corporate apps, data, email and website content as data flows to the device. If users label new documents as corporate, they will be treated the same way. Companies that own devices can set them to designate all data as corporate and encrypted. They can also take steps to prevent their data from being copied.
Secure Boot is like Device Guard, but it goes a bit further, allowing a device to run only apps that your IT administrator approves. It was available in Windows 8, but the default setting was off, and few companies used it. Secure Boot is designed to prevent hackers from breaking into your system using a USB or microSD port.
Edge is Microsoft’s new browser. It comes with Windows 10, though you can still continue to use Internet Explorer — at least, for now. To keep malware out, Edge bans most extensions, which will not make users of Shareaholic, Tinyurl or Adblock Plus happy, but it will keep your data safer. Edge can also be configured to handle website certificates according to your IT department’s specifications.
Security through virtualization
The enterprise version of Windows 10 also contains a feature called Virtual Secure Mode, or VSM, which uses virtualization to protect data and credentials on a system’s hard drive.
Why should you care about that?
Because if hackers do get into your computer, they need to obtain credentials to get into your corporate infrastructure. VSM breaks the operating system into multiple containers, so that if a device is compromised, a hacker won’t be able to access the tokens needed to get around the system without using passwords. This system is only for computers that have virtualization — but to save on storage costs, most businesses these days do.
Find out how Windows 10 can keep your company secure with these new features and security upgrades.