Windows 10 Security: Update Your BYOD Policy

Amid Microsoft Corp.’s Windows 10 launch on July 29, chief compliance officers and CIOs would be wise to review their BYOD (Bring Your Own Device) policies and overall security stance.


Amid Microsoft Corp.'s Windows 10 launch on July 29, chief compliance officers and CIOs would be wise to review their BYOD (Bring Your Own Device) policies and overall security stance. Consumers running Windows 10 on BYOD devices could surface on corporate networks in the days ahead.

Admittedly, Windows 10 isn't expected to trigger a tidal wave of PC upgrades or purchases. Enterprises are expected to test the new operating system for several months before deciding whether to embrace Windows 10 -- which blends Windows 8's touch capabilities with the classic Start Menu.

Still, businesses with relaxed BYOD policies could see some users arriving with Windows 10 systems in the next few days and weeks. Acer, Dell, Hewlett-Packard and Lenovo will offer PCs with Windows 10 pre-installed on the operating system's launch day. And Microsoft's own Surface tablet -- which has enjoyed fast-growing sales -- will surely attract Windows 10 adopters.

Windows 10's Built-in Security

Windows 10 features a range of security enhancements -- particularly Device Guard (zero day defense), Windows Hello (which replaces passwords) and Microsoft Passport. The updates aim to boost authentication while protecting the operating system and underlying PC from malware. Passport, for instance, replaces passwords with two-factor authentication, leveraging Windows Hello (biometrics) or a PIN.

Microsoft will also deliver urgent security and software patches to Windows 10 Pro for business customers -- basically, eliminating the classic wait for "patch Tuesday."

Lingering Risks

Still, some very targeted security issues remain, according to third-party technology companies that have studied Windows 10.

WinMagic, which focuses on encryption, says Microsoft's new authentication features don't address FDE security and compliance issues if the BitLocker-enabled drives are decrypted before both authentication factors are cleared. Full disk encryption is most effective (and compliant) if authentication is performed first, and then data is decrypted. the company adds. Pre-boot authentication, as it's called, is necessary so that data is not decrypted or unlocked prematurely, WinMagic says.

HP also sees some potential risks, including root or BIOS issues. Attacks on the BIOS can give hackers free reign over a system, including the installation of key logging software and other nefarious activity, HP says.

To counter the issue, HP promotes BIOS-level protection called HP Sure Start. HP also is designing its latest business PCs with Windows 10 in mind, while extending its security tools to the new OS.

More Security, Smarter BYOD Policies

HP isn't alone. Dell is describing its Windows 10 security perspectives to all comers. Lenovo will ship Windows 10 systems free of bloatware to mitigate potential security issues. Acer has a range of hardware options. And NCP engineering updated its NCP Secure Client for Windows 10 customers.

All that said, chief compliance officers and CIOs would be wise to review and update their BYOD policies -- officially stating whether Windows 10 is a supported and permitted operating system on corporate networks. Businesses that support Windows 10 need standard, documented approaches for BYOD authentication and security. Businesses that reject the operating system for now must take steps to block BYOD users that nevertheless adopt Windows 10.

The overall BYOD market will grow 25 percent annually from 2014 to 2019, according to Technavio. Much of that growth involves smartphones and tablets gaining virtualized access to corporate desktops. But Windows 10 could spill into the BYOD conversation if businesses don't get ahead of potential consumer adoption.

More for you

Loading data for hdm_tax_topic #better-outcomes...