RSA is here again, and presents a great opportunity to discuss the security in Windows 7: specifically how certain features in the OS address key security-related enterprise scenarios. In today’s economic times, businesses and their shareholders need to know that when they make an investment in a product, they are doing so responsibly and securely, and the investment is sound. Windows 7 is this sound investment: it includes features that allow workers to work anywhere, while leaving IT Pros confident that business-related data and content are secure.
The world has changed a great deal in the last decade. Information workers interact with their computers in new ways and have incorporated technology into everything they do, as a result the security landscape has greatly evolved. For example, in 2001, mobile and wireless workers weren’t impacting IT decision making; today, they make up more than a quarter of the workforce. In 2008, laptops made up more than half of all devices purchased in the enterprise. With Windows Vista, we made significant investments to address many of these security concerns and developed the most secure OS to date. With Windows 7, we are carrying forward that investment.
When we began developing for Windows 7, we decided to approach our security feature enhancements in terms of user type and scenarios. We looked at a few types of workers - the mobile worker on the go, the remote worker in a branch office, the IT Pro and the security expert. All have unique needs, pain points, and styles of work - and we’re addressing each in Windows 7.
Consider being a mobile worker. The challenge for you is connectivity and access. Meanwhile, your IT Pro at the office is worried about balancing those with data protection and network security. With Windows 7, we focused on a few key features to address this scenario, and to build confidence in enterprises trying to get the most out of a mobile workforce.
The remote worker scenario has similar challenges to the mobile worker, but requires ease of access on a more regular basis. According to a recent study, 91% of employees work away from the corporate headquarters, with the bulk of these working in branch offices. These workers often face difficulties and long wait times accessing information off the corporate drive. With this pain point in mind, we introduced BranchCache, which lets users access information more quickly. For IT Pros, this means the assurance that branch machines maintain the same security protocols as the home office.
For home-use scenarios, employees expect the same level of connectivity and access they would have in the office. In Windows Vista, the firewall policy was based on the type of network connection established – such as Home or Work. This created an obstacle when workers logged on at home, using a Home connection and virtual private networking (VPN), because firewall settings were not set up appropriately for this scenario. So we made changes. With Windows 7, enterprises will be able to simplify their connectivity and security policies by maintaining a single set of rules for both remote clients and clients physically connected to the corporate network.
And businesses will have confidence that all remote users – whether branch office or mobile - will benefit from key improvements in IE8, including protection against XSS threats, identity theft, and new types of phishing attacks like Clickjacking. I think the work we did in IE 8 really helps put people in control of their online safety and privacy.
Finally, let’s take a look at issues people face when trying to manage these environments. Not surprisingly, IT Pros and security experts have daunting missions: they enable secure access to data for mobile, remote and local users; keep systems up to date; and track accessed data– all while attempting to drive new value for the business - it’s enough to cause IT Pro insomnia. As such, we continue to develop a range of security solutions to address evolving IT needs.
Some key examples of user scenarios empowering technology:
- AppLocker: We received feedback that workers today put software from home on their PCS, download applications from the Internet, and access programs through email. As a result, there’s a higher difficulty ensuring PCs in the enterprise environment are running only approved, licensed software. AppLocker solves this issue; it’s an administered mechanism that allows a business’ security expert to specify what is allowed to run on each user’s PC.
- Network Access Protection: This allows IT Pros to create solutions to validate computers that connect to their network and limit the access or communication of noncompliant computers.
- Microsoft Asset Inventory Service: Part of Microsoft Desktop Optimization, complements the OS security and compliance technologies by allowing our IT Pro a comprehensive view of the enterprise desktop software environment.
- User Account Control: We heard loud and clear that end-users wanted fewer UAC prompts and more control over what items they are prompted for, but we know IT Pros still need control over what’s installed or run on a machine. As a result, in Windows 7, we made specific changes to enhance the user experience, while still ensuring the same level of security.
The enterprise security features we’re discussing today are the product of hard engineering work coupled with an understanding of our customers and the security landscape. It’s important to keep in mind that some of these features only work when partnered with Windows Server; for an optimal experience, we recommend businesses use Windows 7 and Windows Server 2008 R2 together upon their availability.
We recognize the enterprise customer for Windows has evolved dramatically over the years and we’ve created solutions to address the needs of varying enterprise scenarios. It’s important to note our work is never finished! We are constantly hearing from our customers about ways to make their machines more secure and productive in their environments. We continue to listen to this feedback and apply it to our technologies. It’s our goal to build technology that lets businesses prosper in a consistently changing security landscape.