By Ron Grattopp ….You should know by now that security is something of a continuing focus for my blog. In this vein I want to call out a recent blog by Stella Chernyak from the Microsoft Windows team called The Unsung Hero: Windows 8 Security. In the post she mentions that she’ll be sharing more information on Windows 8 security in the future so, hopefully, you’ll keep an eye out for those posts as well. One of the interesting things she did in this post, and the reason I wanted to call it out, was to identify not just some of the updated security features in Windows 8 but also to put them in a larger context of the “top security needs and threats that you’re facing today”. Today’s security landscape is less about the classic attacks and exploits of the past and more about: resisting malware, protecting corporate data, and modernizing authentication and access control. I wanted to point this out because IMHO this could be the way to start new customer conversations about the evolving state of security needs and, of course, how Microsoft technology, specifically Windows 8 in this case, can help protect you – and as you know customer conversation strategies is another pet focus of mine. So here’s a summary of the key points in the article, which will provide you with some talking points, but I really hope you’ll want to find out more in these areas about how you can help your customers deal with the landmines in the new security landscape.
The first key theme in Windows 8 security she addresses is Malware Resistence. In part 3 of an interesting series of posts on “security’s new reality” the author mentions how “Microsoft is doing its part in encouraging research into next-generation mitigation methods” alluding to the Blue Hat contest we sponsor and also mentions a security discussion by the Sr Director of Security for Adobe where “His main point was that the industry needs to make it more expensive and cost-prohibitive for the bad guys to hack” that also calls out Microsoft’s Microsoft's Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) technologies. Stella’s post highlights our Security Development Lifecycle (SDL), which I’ve mentioned and discussed in numerous previous posts, and how it’s helped us move from the “Microsoft security is an oxymoron” days (basically the 90’s) to the point where none of our products even show up in the Top 10 list of products with vulnerabilities (per Kasperky Lab threat report), and given that we have such a uniquely large product and customer footprint I hope you’ll recognize, or better yet help your customer recognize, what a great achievement that is. She goes on to note that “Bootkits and rootkits…have literally been designed out of the architecture with Windows 8 features like Secure and Trusted Boot” which, again, I’ve already touched on in a previous post. She then goes on to mention how Windows Defender has been significantly improved in every edition of Windows 8 by now including the full range of malware protection.
The second key theme in Windows 8 security is around protecting the corporate/business data itself which generally is accomplished through encryption. In this area she focuses on how we’ve improved (including sped up) the BitLocker solution by implementing Data Only Encryption and she also mentions how new encrypted hard drives can can provide onboard hardware assist to make BitLocker even more efficient.
The third key security area is modernizing authentication and access control. Multi-factor authentication is the primary solution technology here and to that end Windows 8 features Virtual Smart Card, which is a software-based technology that can be used in lieu of physical smart cards. "The virtual smart card feature can be used in place of existing physical smart cards with any application or solution that is smart card compatible” however, the key word there is “existing” so one has to have a smart card solution in place, but this certainly simplifies the end user experience – I use it at Microsoft and really love it. Beyond Virtual Smart Card, Windows 8 also comes with a new access control function called Dynamic Access Control (DAC) whIch is essentially a rules-based approach that eliminates the legacy static list approach.
OK so there’s a quick rundown on some of the ways Microsoft is addressing the current and future security threat environment in Windows 8, as I alluded to above, I hope this will provide some food for thought as well as some potential talking points for you to use in your customer conversations.