Securing devices in the new world of government mobility
By Marlowe Dayley, Worldwide OEM Hardware and Marketing Lead, Microsoft on February 29, 2016
Filed under Microsoft in Government
In today’s world, arriving at work at 8 and logging out at 5 are rapidly becoming a thing of the past. Organizations are demanding that employees be responsive 24/7, no matter where they are. And the lines are increasingly blurring between working in the office, at home, or on the go.
As work habits change, so, too, do the devices that government workers are using. Today’s employees are working from their own PCs, laptops, tablets, and smart phones—whatever it takes to get the job done. And with so many devices tied to so much information, security and privacy can be a major worry.
To prepare organizations for this new era of mobility, Microsoft and its hardware partners have developed several new security features to help keep their data safe. Using Windows 10 devices in combination with the sixth-generation Intel Core vPro processor, government employees can work wherever they are while still protecting the security and privacy of their information.
So how exactly do the new Windows 10 devices protect information? Here are four features that help governments safeguard their data, while enabling employees to work from any device they choose:
- Bitlocker drive encryption: Laptops, tablets, and cell phones are often left unattended, and they’re easily lost or stolen. Bitlocker works in combination with a Trusted Platform Module (TPM) microchip built into the computer to ensure that if that happens, the device can’t be tampered with. With Windows 10, the entire Windows operating system volume is encrypted and can’t be unlocked without a valid key.. So even if hackers remove the user’s hard disk and install it into another computer, they won’t be able to access the information.
- Credential Guard: With older operating systems, a user’s identity sat unprotected in the memory of the computer, making it susceptible to hackers. If hackers obtained access to a computer via a virus or other malware, they could then steal the user’s identity and continue to use it from other computers. With Credential Guard in combination with a TPM-supported mobile device, user domains are now encrypted and hidden in a secret virtualized area. So if a hacker tries to steal a user’s identity, the information remains encrypted and the hacker is out of luck.
- Device Guard: Device Guard uses a combination of enterprise-related hardware and software security features to lock down a device so that it runs only applications authorized by the organization. If a government agency hasn’t approved an application, it won’t run, giving IT managers full control over the software that’s downloaded. This feature helps government agencies prevent their employees from inadvertently downloading malicious software onto their devices.
- Enterprise data protection: As more government employees use their personal devices for work, the risk increases that they will disclose sensitive information to the public—either through email, social media, or the cloud. Enterprise data protection enables agencies to protect government information even when it’s stored on their employees’ own devices. For example, if managers fire an employee, they can wipe government-related information stored on the employee’s personal computer with the push of a button. Likewise, managers can set up PCs and mobile devices to prevent information from being forwarded to unauthorized users—making sure confidential information doesn’t end up in the wrong hands.
Combined, these features go a long way toward helping governments protect their data. And in the new era of mobile government, working securely is key. To learn more, please see our Windows 10 security overview.