An enterprise IT security guide for Windows 10

The introduction of mobile into the workplace has destroyed previous enterprise security models, introducing a modern operating system (OS) architecture that puts the employee in the driver’s seat.

At the same time, breaches targeting traditional Windows operating systems are at an all-time high, with over 1 billion records compromised in the last two years.

In response, Windows has made several updates to its operating system to make it easier for IT security professionals to protect corporate data, without affecting the user experience – a win-win for everyone in the enterprise.

Welcome to the mobile-driven enterprise

With traditional enterprise IT architectures, IT departments focused on controlling the flow of data by maintaining a network perimeter. All software was preinstalled and several security agents ran on the desktop device to protect the system, but performance often suffered in the process.

Now, employees can choose their own devices, select from a catalog of IT services, and update the OS on their own devices.

As a result, data now lives everywhere on devices, in apps, in the cloud, and on-premises, so IT security professionals have to be confident that data is secure even when it is far outside the perimeter.

Protection at the file level

Windows 10 resolves a number of security and mobile device management issues evident in previous versions, that included the use of an open file system and OS kernel, vulnerable to modifications by other applications.

With modern operating systems, security is focused on protecting apps and data.

Apple introduced a sandboxed architecture to isolate data at the application level and protect both the file system and the operating system from unauthorised access. OS X, Android, and Windows 10 now follow this same model.

Management Primitives (MDM and EMM APIs)

Modern mobile architectures, including Windows 10, have introduced the concept of enterprise management primitives. Management primitives are ways to take certain OS-level actions, such as installing or deleting an app, storing a certificate, or configuring connectivity, that can only be accessed by a trusted platform.

With Windows 10, the operating systems have been converged so that security and mobile devices can be managed from a central location. Management primitives allow the OS kernel to remain secure while providing the enterprise with appropriate controls.

Advanced data loss protection

While the traditional enterprise security model of locking-down devices and desktop VPNs, has given way to securely enabled mobile devices, IT must still meet enterprise security requirements and address privacy concerns for mobile employees.

To help protect business apps and data on Windows devices, Microsoft has introduced EDP in Windows 10. With EDP devices can determine whether to protect data or not, depending on where it comes from.

If data is categorised as business data, Microsoft will encrypt and protect the information by default and store the data in a secure virtual container on the device.

IT is also able to set the authorised applications able to access the business data. For example, if an employee downloads a business attachment in Outlook, and then tries to post an image of that attachment on a personal Facebook page, the device could block the action.

Secure remote access

Another new feature in Windows 10 is that both Windows Store and Win 32 apps are able to execute application allow and deny lists through AppLocker.

AppLocker is a Windows feature that allows IT admins to define rules to allow or deny applications based on unique file identities, group policy, or user role.

Available for Windows Phone, laptops, and PCs, this platform provides a reliable way for third-party VPN solution providers to implement their VPN inside of Windows. This also allows IT to create a secure list of applications that have access to the VPN on any Windows 10 device.

A new era of IT security

As a result of these fundamental architecture changes, the old model of Windows desktop computing, with its anti-virus software, cumbersome patches, license management, long deployment cycles, and the IT security approach of locking-down devices, are fading away.

Modern operating systems, such as Windows 10, allow companies to move from the traditional, time-consuming, and costly full imaging of a device, to a distributed security model that enables business users to upload and retrieve enterprise data from anywhere on multiple devices.

The upgrades to Windows 10 make it easier for the IT department to secure and manage corporate data in a new mobile world.

Check out our Windows 10 migration hub for everything that CIOs and enterprises need to know.

Mike Raggo, Director of Security Research, MobileIron

Image source: Shutterstock/wk1003mike