Post on 19-May-2015
description
Windows Tablets in corporate environment
Security Perspective
Āris Dzērvāns, MicrosoftTechnology Strategist
Imagination is transforming MicrosoftEmpowering people and businesses through a family of devices and services
Oneconsistentexperience
Our vision for devicesDelivering intuitive and immersive experiences
Any device, any location…
At home…
…on the go.…at work…
…powered by a service-enabled shell
The modern business
Work Home Off-site
Supports the latest processors – better performance, increased battery life
InstantGo enabled devices keep apps up to date
Supports new touch displays, both ultra high-res and smaller screen sizes
Smaller tablets, natural for portrait mode reading
Enables the latest hardware innovation: Miracast, NFC, biometrics
A new class of devices
TOUCH | LIGHTER, THINNER, FASTER
LONG BATTERY LIFE | MODERN SECURITY
NEW FORM FACTORS | SENSORS AND
CONNECTIVITY
Mobility
Weight | Battery Life
Workload
Casual | Intensive
Apps
Desktop apps | Windows Store appsLOB apps | Remote apps
Connectivity
Corporate Access | Always On
Manageability
Full | Simple | Governance
The Breadth of Capabilities
Windows Tablets with Intel Core Processors
Windows Tablets with Intel Atom Processors
Windows Tablets with ARM Processors
Great Windows Tablets For Every Business
The Choices of Windows-Powered Tablets
Windows 8.1Release October 18Free update from Windows 8
Building on the Windows 7 and Windows 8 foundation
Windows 8.1: Connectivity
SoC-integrated mobile broadband
Native Miracast wireless displayWi-Fi Direct printing
Your PC as a personal hotspot
NFC tap to pair with enterprise printers
Your Apps and Data Always With You
Pro
Replacement DeviceUser Settings onReplacement Device
Work folders or
Windows Device
Lost or Damaged Device
User Data on Replacement Device
Enterprise Grade Security
Windows 8 and 8.1 - Modern Access Control
Modern Authenticators
Security Credentials Protect Access to Resources
Trusted Key Infrastructure
Virtual Smart Cards
Picture Password
Fingerprint Biometrics
Touch To Buy
Credential Manager
Web Authentication Broker
TPM
TPM Key Attestation
Dynamic Access Control
Remote Business Date Removal
Certificate Reputation
Windows 8 and 8.1 - Protecting Sensitive Data
Protecting Data at Rest Protecting Data in Motion
Trusted Platform Module (TPM)
BitLocker
BitLocker to Go
Encrypting File System
Encrypting Hard Drives
Device Encryption all editions
Information Rights Management (IRM)
Exchange Data Loss Protection
DirectAccess
IPSec/SSL
Remote Business Data Removal
Empower BYOD
Mobile Device Management (MDM)
Based on open standardsUses Open Mobile Alliance Device Management protocols Secure communication with cloud-based management No additional agent required in Windows 8.1 and Windows RT 8.1
Implemented by multiple ISVsMicrosoft (Windows Intune)AirwatchMobile Iron
Open protocol enables implementation by additional vendors
Managing Windows Devices
Exchange ActiveSync
Mobile Device Management
via OMA-DM
Enterprise Management
Governance
Full Control
Windows 8.1 provides choicesChoose by device based on scenario or capabilities needed
Consider employee versus organization-owned, BYOD, connectivityOrganizations may choose all three
Manage access to company data
Register personal devices
Simple for the employee
Device enrollment with Windows Intune
Windows 8.1: Workplace Join
Windows 8.1 Enterprise Edition Features
Rights are included with Software Assurance for Windows
Enterprise edition use rights are perpetual for the licensed device even after SA coverage ends.
How to License
Windows To Go Creator
DirectAccess
BranchCache
Virtual Desktop Infrastructure AppLocker
Enterprise Sideloading
Create a corporate Windows 8.1 environment on a USB stick
Connected to corporate networks, seamlessly and more securely
Users in the branch office can download documents and apps faster
Improved end-user experience
Specify what software is allowed to run on a user's PCs
Deploy Windows 8 apps from outside of the Windows Store
Start Screen Control
Control Start screen configurations for different groups and roles using Group Policy
What does EOS mean?
18
April 8, 2014
No Free Support No Security Fixes
No Paid Support No Non-Security Fixes
No Engagement with Product Development
No Updates to Online Content
What is the risk of continuing to run Windows XP after its end of support date? • Attackers will have the advantage because they will have more information about
vulnerabilities in Windows XP than defenders• When Microsoft releases a security update criminals reverse engineer it to identify the
specific section of code that contains the vulnerability addressed by the update. • Then they develop code that will allow them to exploit it on systems that do not have
the security update installed on them. • They also try to identify whether the vulnerability exists in other products with the
same or similar functionality, e.g. other versions of Windows• Thats why Microsoft Security Response Center (MSRC) releases security updates for all
affected products simultaneously. This practice ensures customers have the advantage over such attackers, as they get security updates for all affected products before attackers have a chance to reverse engineer them.
• After April 8, 2014, organizations that continue to run Windows XP won’t have this advantage over attackers any longer.
• Attackers will reverse engineer security updates, find the vulnerabilities and test Windows XP to see if it shares those vulnerabilities. If it does, attackers will attempt to develop exploit code that can take advantage of those vulnerabilities on Windows XP.
• Since a security update will never become available for Windows XP, Windows XP will essentially have a “zero day” vulnerability forever.
• How often could this scenario occur? Between July 2012 and July 2013 Windows XP was an affected product in 45 Microsoft security bulletins, of which 30 also affected Windows 7 and Windows 8.
Adapted from: http://blogs.technet.com/b/security/archive/2013/08/06/the-risk-of-running-windows-xp-after-support-ends.aspx
XP's retirement will be hacker heaven• The average price on the black market for a Windows
XP exploit is $50,000 to $150,000, a relatively low price that reflects Microsoft's [fast security] response
• When a new vulnerability -- dubbed a "zero-day" -- is spotted in the wild, Microsoft investigates, pulls together a patch and releases it to XP users.
• If the bug is critical and being widely used by hackers, Microsoft will go "out-of-cycle," meaning it will issue a security update outside its usual monthly Patch Tuesday schedule.
• Because Microsoft will stop patching XP, hackers will hold zero-days they uncover between now and April, then sell them to criminals or loose them themselves on unprotected PCs after the deadline.
Adapted from: http://www.computerworld.com/s/article/9241585/XP_s_retirement_will_be_hacker_heaven?taxonomyId=85&pageNumber=1