Microsoft Looks to Enable Practical Zero-Trust Security With Windows 11

Businesses looking to increase their security with Zero Trust initiatives received support from Microsoft this week when the computer giant announced a number of Zero Trust features are now available in its Windows 11 operating system.

The Zero Trust security approach aims to secure employee access to sensitive systems, networks and data through additional context, analysis and security controls. The goal is to “give the right people the right access at the right time,” Microsoft explained in the Windows 11 Security Book, a 74-page report on Windows 11’s security architecture.

The model verifies a user’s identity and location, as well as the security status of their device and only allows access to the appropriate resources according to the Windows 11 Security Book. In addition, Zero Trust capabilities include continuous visibility and analytics to detect threats and improve defenses.

The latest version of the operating system and software platform adds a wide range of features, from support for the Pluton security processor and Trusted Platform Modules (TPMs) to comprehensive functionality around Trusted Boot, cryptography and code-signing certificates, says David Weston, vice president of enterprise and OS security at Microsoft.

“Organizations worldwide are adopting a Zero Trust security model based on the premise that no person or device anywhere can have access until security and integrity are proven,” he says. “We know our customers need modern security solutions with tightly integrated hardware and software that protect against entire classes of attacks.”

READ:  Business HPC Cloud Market to Witness Huge Growth by 2027 : Advanced HPC, Microsoft, Alibaba, Dell Technologies, DataDirect Networks

The zero trust buzz is getting a boost

The zero trust concept has been floating around for years, and technologists and government agencies initially debated it for security reasons, with a dawning realization that network perimeters were rapidly disappearing. Then the surge in working from home caused by the coronavirus pandemic lent more urgency to the movement. Now, three quarters of security decision makers (75%) believe that the increase in hybrid work is creating vulnerabilities in their organization and making them more vulnerable to attacks.

“When employees have the freedom to choose where they work, their device, their tools, and/or their software, it becomes challenging to build trust based on static attributes,” said Ben Herzberg, Chief Scientist at Satori. “As competitive pressures push organizations to democratize data and unlock new customer value faster, employees will be afforded more flexibility, and Zero Trust will be the approach of choice to enable that flexibility while maintaining security.”

However, implementing Zero Trust is a complex undertaking, as illustrated by the list of things Microsoft has now built in:

Microsoft's Windows 11 security architecture
Microsoft’s Windows 11 security architecture. Source: Microsoft’s Windows 11 Security Book.

New features in Windows 11 include Smart App Control, which uses machine learning, AI modeling, and Microsoft’s massive telemetry network of 43 trillion daily signals to determine if an app is safe. Other functions also determine whether the driver code and virtual machine code show signs of maliciousness. Other improvements include credential checking in Windows Defender, passwordless support with Windows Hello for Business, and protection against credential-gathering websites, the company says.

READ:  TinyML SaaS to become a billion-dollar market by 2030

Complexity has hampered zero trust rollouts, but adding these capabilities directly into Windows 11 makes it more likely that organizations can easily deploy zero trust capabilities, says Microsoft’s Weston.

“Integrating rather than bolting on makes deploying and managing Zero Trust capabilities much easier and more efficient,” he says. “Also having these [features] The direct integration into the operating system allows Windows to provide important measurements in the hardware to increase the confidence and validity of the measurements.”

He adds, “Once Zero Trust capabilities are embedded into enterprise infrastructure, it becomes accessible to many organizations that would otherwise struggle to access this technology. … An integrated client environment for zero trust will make the transition to employees much smoother and internal change management easier.”

Microsoft, which throws its considerable weight behind zero trust, should indeed move the needle in terms of adoption and overall security: Microsoft sees 2.5 billion endpoint queries and 80 million password attacks every day, the company said in a blog post published this week.

Zero trust is still hard

Even with Windows 11 updates, organizations should assume that implementing Zero Trust is a process. Building a Zero Trust framework requires deep technical integrations, and the companies that are best at it are the ones most likely to be successful in their implementation, says Satori’s Herzberg.

READ:  HP Spectre x360 13.5 vs. Lenovo Yoga 9i Gen 7 comparison

To start, organizations should identify a set of users, devices, applications, and workflows that could benefit from Zero Trust; Build a Zero Trust architecture to protect these components; and then choosing and implementing the right technologies, he says.

An incremental rollout works because Zero Trust is a journey rather than a destination, says Jason Floyd, chief technology officer at Ascent Solutions.

“Zero Trust was never about solving a technology problem — it’s a strategic tool that guides how to leverage the technology that’s already there,” he says. “Bringing additional Zero Trust capabilities into Windows encourages organizations to adopt a healthy security mindset, but not for the one-size-fits-all solution that some executives might expect.”

Overall, Windows 11 adds “chip-to-cloud security,” establishing trusted processes that start with firmware and extend to workloads running in the cloud, Microsoft’s release says. This support aids zero-trust architectures by minimizing the work required to prove a user’s identity and verify system health, says Microsoft’s Weston.

“This reverses the previous system security paradigm, where a user or device was presumed sane until proven guilty,” he says. “Microsoft believes that the Zero Trust philosophy and architecture addresses many of the current and future security challenges customers face, and as such Microsoft and most of our customers believe it will be the predominant security approach.”

Source link