Windows 11 — we haven’t seen anything, yet | #itsecurity | #infosec


Disclosure: Microsoft is a client of the author.

Microsoft this week had an analyst event about Windows 11 and a variety of productivity, management, and security features the company has planned. Over the last couple of years, Microsoft has aggressively improved both Windows and Office 365, but the big change ahead is the potential blend of Windows with Windows 365. We’ll see that start by the end of the year. The end game should be what appears to be a Windows desktop that integrates so well with the cloud that it can, when necessary, seamlessly switch between instances to comply with company policy, assure security, and provide recourse on automatic demand from Azure Cloud. 

Lagging on OS upgrades is becoming more risky

One of the big improvements to both Windows 10 and 11 involves security. Until the early 2000s, Microsoft didn’t take security seriously and left it up to firms like McAfee and Symantec to fill the gaps.  That was the one lesson Microsoft should have learned from IBM back in the 1980s, though it did learn the lesson eventually. Now, the focus on security at Microsoft is not only serious but has impressively advanced year-over-year.

This also means the company is moving far more quickly to address security threats and rearchitecting Windows for those threats. In the past, there was little incentive to do so outside of usability and UI changes (which in Vista and particularly Windows 8 worked against early deployment). Today, the risk of staying on an old version is the increased likelihood that credentials will be compromised, systems will be penetrated, and systems that haven’t been updated become a host for malware, and especially ransomware.

I’m an ex-internal auditor and my team used to penalize folks that made penny-wise but pound-foolish decisions, like delaying an OS upgrade when that decision opened the firm to attack. By penalize, I mean those employees were fired. Today’s risk landscape is so extreme that practices need to favor an approach that focuses more on protect against malware and worries less about limiting upgrade pain.

Companies might also want to favor Secure Core PCs in their specifications for much the same reason:  they offer the strongest protections for hardware, software, firmware, access, and credentials without adversely impacting productivity. It has simply become far too risky to put off changes that maximize your security profile. Being current on the OS, up to date on patching and having the most secure hardware can go a long way to assuring that the next breach will happen to some other company. Microsoft has even created a unique security processor called Pluton, which should be in your PC spec as a requirement from now on. 

Copyright © 2022 IDG Communications, Inc.



Original Source link

Leave a Reply

Your email address will not be published.

ninety five − = 88