Microsoft is looking to enable practical Zero-Trust security with Windows 11

Organizations aiming to bolster their security with zero-trust initiatives received help from Microsoft this week, when the IT giant announced that a host of zero-trust features are now available in its operating system. Windows 11.

The zero-trust approach to security aims to secure worker access to sensitive systems, networks, and data using additional context, analytics, and security controls. The goal is to give “the right people the right access at the right time,” Microsoft said in the Windows 11 Security Book, a 74-page report on Windows 11 security architecture.

The pattern verifies a user’s identity and location, as well as the security status of their device, and only allows access to appropriate resources, according to the Windows 11 Security Book. Additionally, zero-trust capabilities include continuous visibility and analysis to detect threats and improve defenses.

The latest operating system and software platform release adds a variety of features, from support for the Pluto Security Processor and Trusted Platform Modules (TPMs) to full functionality around security certificates. secure boot, cryptography and code signing, said David Weston, vice president of enterprise security and operating systems at Microsoft.

“Organizations around the world are adopting a zero-trust security model based on the principle that no person or device, anywhere, can gain access to it until security and integrity are proven,” said he declared. “We know our customers need modern security solutions with tightly integrated hardware and software that protect against entire classes of attacks.”

The Zero-Trust buzz gets a boost

The concept of zero trust has been prevalent for years, with technologists and government agencies discussing security first with the dawning realization that network perimeters were rapidly disappearing. Then the work-from-home surge caused by the coronavirus pandemic injected more urgency into the movement. Now, three-quarters of security decision makers (75%) believe that the increase in hybrid working is creating vulnerabilities in their organization, leaving them more vulnerable to attack.

“When employees are given the freedom to choose their workplace, device, tools, and/or software, it becomes difficult to establish trust based on static attributes,” says Ben Herzberg, chief scientist at Satori. “As competitive pressure pushes companies to democratize data and unlock new customer value faster, employees will benefit from greater flexibility, and zero trust will be the ideal approach to enable this flexibility while ensuring the security.”

That said, implementing zero trust is a complex undertaking, as evidenced by the list of aspects that Microsoft has now incorporated:

Windows 11 security architecture from Microsoft. Source: Microsoft Windows 11 Security Book.

New Windows 11 features include Smart App Control, which uses machine learning, AI modeling and Microsoft’s vast telemetry network of 43 trillion daily signals to determine if an app is safe. Other features also determine whether driver code and virtual machine code show signs of maliciousness. Additional enhancements include credential verification in Windows Defender, passwordless support with Windows Hello for Business, and protection against credential harvesting websites, the company said.

Complexity has hampered zero-trust deployments, but adding these features directly into Windows 11 makes it more likely that enterprises can easily deploy zero-trust capabilities, Microsoft’s Weston says.

“Integration instead of consolidation makes deploying and managing zero-trust capabilities much simpler and more efficient,” he said. “Besides, having these [features] Built directly into the operating system allows Windows to deliver key metrics in hardware, increasing the confidence and validity of metrics.”

He adds, “The minute zero-trust capabilities are integrated into enterprise infrastructure, they become accessible to many businesses that would otherwise struggle to access this technology. … An integrated customer environment for zero trust will make the transition for employees much smoother and internal change management simpler.”

Microsoft, which places considerable weight on zero trust, is indeed expected to drive adoption and overall security forward: Microsoft sees 2.5 billion endpoint queries and 80 million password attacks daily, said the company in a blog post published this week.

Zero Trust is always hard

Even with Windows 11 updates, companies should expect that implementing zero trust will be a process. Building a zero-trust framework requires deep technical integrations, and the organizations that do it best are the most likely to be successful in their implementation, says Satori’s Herzberg.

To start, companies need to identify a group of users, devices, apps, and workflows that could benefit from zero trust; create a zero-trust architecture to protect these components; then choose and implement the appropriate technologies, he says.

A phased rollout works, given that zero trust is more of a journey than a destination, says Jason Floyd, chief technology officer at Ascent Solutions.

“Zero trust was never about solving a technology problem – it’s a strategic tool that shows how to use technology that’s already in place,” he says. “Building additional zero-trust features into Windows encourages businesses to adopt a healthy security mindset, but not the one-size-fits-all solution some executives might expect.”

Overall, Windows 11 adds “security from the chip to the cloud,” establishing trusted processes starting with firmware and reaching workloads running in the cloud, Microsoft’s post says. This support facilitates zero-trust architectures by minimizing the work required to prove a user’s identity and verify system integrity, says Microsoft’s Weston.

“It reverses the previous systems security paradigm where a user or device was assumed to be healthy until proven otherwise,” he says. “Microsoft’s view is that the Zero Trust philosophy and architecture addresses many current and future security challenges for customers and therefore Microsoft and most of our customers believe this will be the approach. dominant in terms of safety.”

Comments are closed.