On October 26th, 2012, Microsoft launched its new operating system, Windows 8. Among the widely discussed changes this OS introduced, the hardware security features are some of the biggest differentiators for Windows 8. In short, these features are: pervasive encryption, modern access control and malware resistance.
Making hardware an integrated part of an OS’s security is a bold move on Microsoft’s part. Instead of manufacturing machines that will immediately need to have layers of software security added, Windows 8 puts the foundations for trusted security in the hardware of the machine before it’s put in the box.
They aren’t the first to do so, however. In fact, the Trusted Computing Group and its members (among which are Microsoft and Wave) have been advocating for hardware-embedded security since the TCG was formed in 2003. Those familiar with the standards created by the TCG may see similarities between the functionality offered on Windows 8 and the vendor-neutral standards written by the TCG. Standards such as the Trusted Platform Module (TPM) security chip and self-encrypting drive (SED) Opal specification were created by the TCG as a foundation for better embedded security. These standards are what Wave has built on to develop its first-to-market security solutions, and they are what Microsoft recognizes today with its Windows 8 OS.
In Windows 8, users will see:
With the release of Windows 8, Microsoft introduced integrated support for hardware encryption tools like the TCG’s Opal self-encrypting drives (SEDs).
This is great news for consumers and for enterprises. As SEDs become more mainstream, the ease with which an industry-standard drive can be procured and deployed will increase dramatically. This is because they can now be purchased from multiple sources and managed across an installed base – using Windows 7, Windows 8, or both.
The launch of the new OS also brings fresh capability for managing virtual smart cards and DirectAccess, allowing enterprise users to establish their identity using the machine as a token-for-network logon. Instead of using smart cards for authentication, enterprises can take advantage of the credentials stored in TPMs to identify machines to the network with a high level of assurance. This removes the need for numerous passwords, which are cumbersome and fail to live up to the current threats we face. It simplifies the user experience and provides higher assurance, reducing help desk costs.
With advances in malware detection and better support for related 3rd party solutions, Windows 8 provides support for early detection of boot-level malware hiding underneath the OS and remote attestation by trusted third parties. The active use of TPMs allows boot-level security features to be implemented. TPMs can also enable the enterprise to check the platform’s integrity, which can be affected by malware in the pre-boot state or BIOS. This attestation, confirmed by hardware-protected measurements bound to the platform, ensures the device has not been altered by malicious code. Software security fails to do this.
Microsoft also enables ELAM – Early Launch Anti-Malware. This feature ensures that anti-malware vendors’ drivers running on the validated platform will always be the first to load, so that they cannot be fooled by malware running first and feeding them false data.
For tablets and convertibles, users finally get secure tablet deployment opportunities. By deploying the full Windows 8 OS, which is supported on many new platforms launched simultaneously with Windows 8 or shortly thereafter, organizations will be able to run all their existing applications as well as their new, tablet-specific applications—all on a platform that enjoys the full security capabilities available to Windows.
Wave can help enterprises of all sizes move to Windows 8. We also understand that many organizations are not prepared to upgrade to the new OS yet, for various reasons. That is why Wave is pleased to offer solutions that can make Windows 8 security possible today on Windows 7, and other OSs as well. Whether moving to Windows 8 tomorrow, next month, or next year, Wave can help enterprises plan for a gradual migration, at their own pace and on their own terms, while putting in place hardware security today.