For enterprises the number one reason to upgrade to Windows 10 is improved security, but the critical enhancements that rely on hardware protection will be difficult to adopt until you buy new PCs, says Simon Crosby, co-founder and CTO of Bromium, a Microsoft partner that delivers hardware enforced security to deployed Windows endpoints.
Windows 10 is designed to protect against known and emerging security threats across the spectrum of attack vectors, according to Microsoft. As a result, Microsoft has laid out three broad categories of security work that has been incorporated into Windows 10: identity and access control features, information protection, and malware resistance.
Identity and access control features have been expanded to simplify and enhance user authentication security, and features that utilize virtualization-based security to protect the Windows authentication subsystems and users’ credentials. Information protection focuses on guarding information at rest, in use, and in transit offering advanced encryption. Meanwhile, malware resistance includes architectural changes aimed at isolating critical systems and security components from threats.
“Microsoft has adopted a device-centric view of security now,” Crosby says. Hardware-based security is a fundamental component of all the three categories – identity and access control, information protection and malware resistance. “Microsoft is increasingly moving down the path using additional hardware features on a device to do security.” For instance, Microsoft provides hardware-assisted security technologies in the new feature called Device Guard, which ensures devices are booted securely, whitelists kernel code and offers credential protection and biometric authentication, Crosby notes.
“The primary benefit of Windows 10 is security, but few organizations can contemplate the complex and labor-intensive task of upgrading existing PCs or shoulder the cost of a hardware refresh just to protect credentials and benefit from kernel whitelisting,” according to a Bromium whitepaper. This means the adoption of Windows 10 might be stalled pending a hardware refresh with OEM configurations for Secure Boot and Windows 10 with virtualization-based security.
Here are seven security features that Microsoft says makes Windows 10 the most secure version of Windows ever.