Today, Jim Alkove made some important announcements about how we are raising the security bar for cybercriminals in Windows 10 through a blog post entitled “Windows 10: Security and identify protection for the modern world.” His post details important changes to Windows that can be summarized in three key areas: identity protection and access control, information protection and threat resistance. Here are some of the highlights.
Identity protection and access control – One of the ways that systems typically get compromised is through the use of weak passwords. Many IT Professionals are already aware of the value that multi-factor authentication can add in making it more difficult for an attacker to successfully compromise accounts. But what if one of those authentication methods required possession of a specific physical device such as a PC or phone? How much more difficult would that make it for cybercriminals? In Windows 10, using a process of enrollment, devices will now become one of two factors that are required for authentication. The second factor can be a PIN or biometric gesture. The credential itself can be either a cryptographically generated key pair (private and public keys) generated by Windows itself or it can be a certificate provisioned to the device from existing PKI infrastructures. Active Directory, Azure Active Directory and Microsoft Accounts will support the new user credentials right out of the box so that customers will quickly be able to move away from passwords.
Information protection – Many organizations are already familiar with Bitlocker drive encryption technology. This has become an industry leading solution that helps protect data at rest on devices. To help protect data once it leaves the device, Windows 10 has integrated Data Loss Prevention, a solution that separates corporate and personal data and helps protect it through containment. With this solution, there will not be a need to switch modes or apps in order to protect corporate data. It will be integrated into the platform itself enabling protection without disruption. Windows 10 enables automatic encryption of corporate apps, data, email, website content and other sensitive information, as it arrives on the device from corporate network locations. This solution will provide the same experience on Windows Phone with interoperability such that protected documents can be accessed across multiple platforms.
Threat resistance – Windows 10 will have the ability to only allow trusted apps that are signed using a Microsoft provided signing service to be run on specially configured devices. This provides an added layer of protection by locking down devices such that they can only run applications from trusted sources. Organizations will be able to choose what apps are trustworthy (e.g. apps signed by themselves, specially signed apps from Internet Service Providers, apps from the Windows Store, or all of the above).
Of course, I just scratched the surface of how Microsoft is raising the security bar for cybercriminals in Windows 10. If you have not read the blog post from Jim, I encourage you to check it out to learn all about how we are architecting the newest Windows operating system for the modern threats of today.