Windows Tablets in corporate environment

Security Perspective

Āris Dzērvāns, MicrosoftTechnology Strategist

Imagination is transforming MicrosoftEmpowering people and businesses through a family of devices and services

Oneconsistentexperience

Our vision for devicesDelivering intuitive and immersive experiences

Any device, any location…

At home…

…on the go.…at work…

…powered by a service-enabled shell

The modern business

Work Home Off-site

Supports the latest processors – better performance, increased battery life

InstantGo enabled devices keep apps up to date

Supports new touch displays, both ultra high-res and smaller screen sizes

Smaller tablets, natural for portrait mode reading

Enables the latest hardware innovation: Miracast, NFC, biometrics

A new class of devices

TOUCH | LIGHTER, THINNER, FASTER

LONG BATTERY LIFE | MODERN SECURITY

NEW FORM FACTORS | SENSORS AND

CONNECTIVITY

Mobility

Weight | Battery Life

Workload

Casual | Intensive

Apps

Desktop apps | Windows Store appsLOB apps | Remote apps

Connectivity

Corporate Access | Always On

Manageability

Full | Simple | Governance

The Breadth of Capabilities

Windows Tablets with Intel Core Processors

Windows Tablets with Intel Atom Processors

Windows Tablets with ARM Processors

Great Windows Tablets For Every Business

The Choices of Windows-Powered Tablets

Windows 8.1Release October 18Free update from Windows 8

Building on the Windows 7 and Windows 8 foundation

Windows 8.1: Connectivity

SoC-integrated mobile broadband

Native Miracast wireless displayWi-Fi Direct printing

Your PC as a personal hotspot

NFC tap to pair with enterprise printers

Your Apps and Data Always With You

Pro

Replacement DeviceUser Settings onReplacement Device

Work folders or

Windows Device

Lost or Damaged Device

User Data on Replacement Device

Enterprise Grade Security

Windows 8 and 8.1 - Modern Access Control

Modern Authenticators

Security Credentials Protect Access to Resources

Trusted Key Infrastructure

Virtual Smart Cards

Picture Password

Fingerprint Biometrics

Touch To Buy

Credential Manager

Web Authentication Broker

TPM

TPM Key Attestation

Dynamic Access Control

Remote Business Date Removal

Certificate Reputation

Windows 8 and 8.1 - Protecting Sensitive Data

Protecting Data at Rest Protecting Data in Motion

Trusted Platform Module (TPM)

BitLocker

BitLocker to Go

Encrypting File System

Encrypting Hard Drives

Device Encryption all editions

Information Rights Management (IRM)

Exchange Data Loss Protection

DirectAccess

IPSec/SSL

Remote Business Data Removal

Empower BYOD

Mobile Device Management (MDM)

Based on open standardsUses Open Mobile Alliance Device Management protocols Secure communication with cloud-based management No additional agent required in Windows 8.1 and Windows RT 8.1

Implemented by multiple ISVsMicrosoft (Windows Intune)AirwatchMobile Iron

Open protocol enables implementation by additional vendors

Managing Windows Devices

Exchange ActiveSync

Mobile Device Management

via OMA-DM

Enterprise Management

Governance

Full Control

Windows 8.1 provides choicesChoose by device based on scenario or capabilities needed

Consider employee versus organization-owned, BYOD, connectivityOrganizations may choose all three

Manage access to company data

Register personal devices

Simple for the employee

Device enrollment with Windows Intune

Windows 8.1: Workplace Join

Windows 8.1 Enterprise Edition Features

Rights are included with Software Assurance for Windows

Enterprise edition use rights are perpetual for the licensed device even after SA coverage ends.

How to License

Windows To Go Creator

DirectAccess

BranchCache

Virtual Desktop Infrastructure AppLocker

Enterprise Sideloading

Create a corporate Windows 8.1 environment on a USB stick

Connected to corporate networks, seamlessly and more securely

Users in the branch office can download documents and apps faster

Improved end-user experience

Specify what software is allowed to run on a user's PCs

Deploy Windows 8 apps from outside of the Windows Store

Start Screen Control

Control Start screen configurations for different groups and roles using Group Policy

What does EOS mean?

18

April 8, 2014

No Free Support No Security Fixes

No Paid Support No Non-Security Fixes

No Engagement with Product Development

No Updates to Online Content

What is the risk of continuing to run Windows XP after its end of support date? • Attackers will have the advantage because they will have more information about

vulnerabilities in Windows XP than defenders• When Microsoft releases a security update criminals reverse engineer it to identify the

specific section of code that contains the vulnerability addressed by the update. • Then they develop code that will allow them to exploit it on systems that do not have

the security update installed on them. • They also try to identify whether the vulnerability exists in other products with the

same or similar functionality, e.g. other versions of Windows• Thats why Microsoft Security Response Center (MSRC) releases security updates for all

affected products simultaneously.  This practice ensures customers have the advantage over such attackers, as they get security updates for all affected products before attackers have a chance to reverse engineer them.

• After April 8, 2014, organizations that continue to run Windows XP won’t have this advantage over attackers any longer. 

• Attackers will reverse engineer security updates, find the vulnerabilities and test Windows XP to see if it shares those vulnerabilities.  If it does, attackers will attempt to develop exploit code that can take advantage of those vulnerabilities on Windows XP. 

• Since a security update will never become available for Windows XP, Windows XP will essentially have a “zero day” vulnerability forever.

• How often could this scenario occur?  Between July 2012 and July 2013 Windows XP was an affected product in 45 Microsoft security bulletins, of which 30 also affected Windows 7 and Windows 8. 

Adapted from: http://blogs.technet.com/b/security/archive/2013/08/06/the-risk-of-running-windows-xp-after-support-ends.aspx

XP's retirement will be hacker heaven• The average price on the black market for a Windows

XP exploit is $50,000 to $150,000, a relatively low price that reflects Microsoft's [fast security] response

• When a new vulnerability -- dubbed a "zero-day" -- is spotted in the wild, Microsoft investigates, pulls together a patch and releases it to XP users.

• If the bug is critical and being widely used by hackers, Microsoft will go "out-of-cycle," meaning it will issue a security update outside its usual monthly Patch Tuesday schedule.

• Because Microsoft will stop patching XP, hackers will hold zero-days they uncover between now and April, then sell them to criminals or loose them themselves on unprotected PCs after the deadline.

Adapted from: http://www.computerworld.com/s/article/9241585/XP_s_retirement_will_be_hacker_heaven?taxonomyId=85&pageNumber=1