Many enterprises, their customers and employees are asking what it will really take to better help secure their phones, tablets and PCs. The challenge has become exponentially difficult with more and more deployed enterprise mobile end points combined with the increased sophistication of hackers and the rise of millennialism, where Starbucks, co-working facilities, home, and the gym are a big part of the modern workplace. Microsoft’s #1 enterprise goal for Windows 10 was to provide a more secure platform and the company added a myriad of new features and services to help deliver on that promise. What hadn’t come to the forefront was a huge deployment demonstrating just how secure the platform is. Well, they just got it from the U.S. DoD. Today, Microsoft announced that the U.S. DoD (Department of Defense) has committed to upgrade 4 million seats to Windows 10 for DoD users over the next year.
This announcement comes on the heels of Microsoft announcing last month that they already have 200 million users on Windows 10 in less than a year. Microsoft also reports that they already have 76% of their enterprise and education customers in active pilots of Windows 10. There are a lot of reasons why enterprises are looking at switching from Windows 7 to Windows 10, with one of the biggest reasons being Windows 10’s native security features. I have written extensively about Windows 10’s new features and big focus on security as a major draw for enterprises.
The DoD is one of the biggest enterprises on earth, the U.S.’s largest employer, and is also one of the most sensitive to breaches and data compromises. Think Snowden, think state-sponsored hacking with legions of bad guys who would do just about anything to get their hands on DoD secrets. In this spirit, Secretary of Defense Ash Carter has directed all U.S. DoD agencies to begin the rapid deployment of Windows 10. This transition is targeted to begin this month with a goal of completing deployment within one year. What makes this announcement so interesting on timing is that the US military and DoD overall is generally one of the last to adopt the latest technology, but now they are one of the first. The DoD’s CIO, Terry Halvorsen, has been aggressive on cyber-security and is most likely deploying Microsoft Windows 10 Enterprise Edition due to its increased security and managability, although we don’t know for certain.
Terry Halvorsen previously alluded that the DoD already was intending to adopt Microsoft Windows 10 and today’s announcement highlights the directive by the Secretary of Defense for all of the DoD. The DoD sees Windows 10 not only as a way to be more secure as an organization, but also to save costs on security by being up to date, giving them more software choices and competitive pricing. I believe this could indicates a new approach to security, one where using the latest, not the most dated software is the best hacking defense. Security is still the paramount concern for the DoD and the State Dept. has been vocal, in particular, about Credential Guard. Credential Guard has safeguards built into the operating system designed to protect user data from tampering via secure containers. It’s a new Windows 10 security feature that secures a person’s credentials even if there is malware in the system and the DoD stated it was the only feature needed to convince them to move to Windows 10. That tells you how important to protect the DoD from “pass the hash” attacks.
In addition to the credential protections, there are familiar features in Windows 10 like Secure Boot that are designed to safeguard against hardware-level attacks from malware. Microsoft also provides the Windows Defender software, which is not unique to Windows 10, but does serve as optional malware protection for free. There is also a new feature called Enterprise Data Protection which is currently in testing that creates a separation between corporate and personal data and prevents data from being copied out of corporate trusted zones. What’s unclear is whether the DoD will use something like Windows Hello which is an integrated multi-factor authentication scheme built into Windows 10 or if they will go a step further and use an integrated, hardened MFA which we explain here.
While the DoD isn’t specific on exact Microsoft Windows 10 security features they are using, what they’re not using, how they are augmented with their own proprietary security technology or what hardware-based MFA is being used, what’s clear is that Windows 10 is the base for a new level of security. The deployment speed is telling as well, saying to me that they do not believe their current deployments are secure. These are my words, not theirs. It also obviously says that Windows 10 is commercial enterprise-ready for financial institutions, healthcare and retail, all who are being ravaged by client-side breaches.
Commercial enterprises should ultimately see this as a wake-up call to consider expediting their Microsoft Windows 10 rollouts and actually implementing the new security features. As we outlined here, security isn’t just about protecting company, customer and employee data, it’s also about keeping your CEO job.