Windows 10 holds great potential to improve federal information security programs with new or enhanced features aimed at keeping data secure. Armed with these must-know facts, government IT professionals can make intelligent decisions on Windows 10 adoption.
1. Integrated Multifactor Authentication
Integrated Multifactor Authentication Windows 10 includes strong support for multifactor authentication technology. Users can supplement passwords with biometric authentication features such as fingerprint scans and iris recognition if they own the required hardware.
The new operating system supports the Fast Identity Online Alliance standard, which plans to bring device-based strong authentication to websites. As sites start to support FIDO, Windows 10 users will benefit from enhanced security, with more options for biometric authentication likely coming in the future.
2. Encrypted Containers
Microsoft recognizes that most workers use a single device, both personally and professionally. The company’s new Enterprise Data Protection technology protects sensitive data with encrypted containers. This serves as a buffer, safeguarding government information from personal applications running on the same system.
Administrators can specify server names and network address ranges to identify agency resources and keep them separated from personal programs. Content from those locations is placed automatically into encrypted containers that can be accessed only through preapproved applications.
3. VPN Control
Virtual private networks present a security concern, as administrators worry that users will allow malware and other unwanted software onto the agency network over those connections. Windows 10 allows administrators to specify what applications can run while connected to the VPN. Administrators also can restrict connections to particular ports and IP addresses.
4. Application Whitelisting
Windows 10 offers enhanced application whitelisting, improving administrators’ ability to restrict certain applications. Agencies can either use Microsoft’s approved applications list or create a private one inside the Windows Store.
5. Browsing on Edge
Windows 10 marks the end of Internet Explorer, replacing it with a new default browser called Edge, which includes new security features.
Edge does not use ActiveX technology, which Microsoft relied upon for nearly 20 years and which was the source of many security vulnerabilities. Microsoft believes the rise of HTML5 eliminates the need for the heavy browser extensions it previously used.
Edge makes use of sandbox technology that puts web pages in isolated containers. This ensures that other processes cannot access sensitive data, reducing overall risk.
While recent versions of Internet Explorer included optional sandboxing in Protected Mode, Edge deploys sandboxing as its default.