Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Windows 7: A New Approach to Securing Today’s Enterpris

20 Apr 2009   #1

Windows 7: A New Approach to Securing Today’s Enterpris

RSA is here again, and presents a great opportunity to discuss the security in Windows 7: specifically how certain features in the OS address key security-related enterprise scenarios. In today’s economic times, businesses and their shareholders need to know that when they make an investment in a product, they are doing so responsibly and securely, and the investment is sound. Windows 7 is this sound investment: it includes features that allow workers to work anywhere, while leaving IT Pros confident that business-related data and content are secure.

The world has changed a great deal in the last decade. Information workers interact with their computers in new ways and have incorporated technology into everything they do, as a result the security landscape has greatly evolved. For example, in 2001, mobile and wireless workers weren’t impacting IT decision making; today, they make up more than a quarter of the workforce. In 2008, laptops made up more than half of all devices purchased in the enterprise. With Windows Vista, we made significant investments to address many of these security concerns and developed the most secure OS to date. With Windows 7, we are carrying forward that investment.

When we began developing for Windows 7, we decided to approach our security feature enhancements in terms of user type and scenarios. We looked at a few types of workers - the mobile worker on the go, the remote worker in a branch office, the IT Pro and the security expert. All have unique needs, pain points, and styles of work - and we’re addressing each in Windows 7.

Consider being a mobile worker. The challenge for you is connectivity and access. Meanwhile, your IT Pro at the office is worried about balancing those with data protection and network security. With Windows 7, we focused on a few key features to address this scenario, and to build confidence in enterprises trying to get the most out of a mobile workforce.

  • DirectAccess lets mobile workers connect quickly and securely to a corporate network over any Internet connection, without having to manually access their virtual private network. IT can leverage DirectAccess to manage the Group Policy settings and deliver updates to mobile computers, even if the user is not logged on.
  • BitLocker, introduced in Windows Vista, now allows end users to right-click on a drive to quickly enable it, making it more intuitive and easier to use.
  • BitLocker To Go now extends support of BitLocker drive encryption to USB removable storage devices – like our mobile worker’s flash drive (see this Springboard Series Video). Theft and loss of proprietary data from mobile devices is a great expense for businesses. However, the loss of integrity is even harder to recover.
The remote worker scenario has similar challenges to the mobile worker, but requires ease of access on a more regular basis. According to a recent study, 91% of employees work away from the corporate headquarters, with the bulk of these working in branch offices. These workers often face difficulties and long wait times accessing information off the corporate drive. With this pain point in mind, we introduced BranchCache, which lets users access information more quickly. For IT Pros, this means the assurance that branch machines maintain the same security protocols as the home office.

For home-use scenarios, employees expect the same level of connectivity and access they would have in the office. In Windows Vista, the firewall policy was based on the type of network connection established – such as Home or Work. This created an obstacle when workers logged on at home, using a Home connection and virtual private networking (VPN), because firewall settings were not set up appropriately for this scenario. So we made changes. With Windows 7, enterprises will be able to simplify their connectivity and security policies by maintaining a single set of rules for both remote clients and clients physically connected to the corporate network.

And businesses will have confidence that all remote users – whether branch office or mobile - will benefit from key improvements in IE8, including protection against XSS threats, identity theft, and new types of phishing attacks like Clickjacking. I think the work we did in IE 8 really helps put people in control of their online safety and privacy.

Finally, let’s take a look at issues people face when trying to manage these environments. Not surprisingly, IT Pros and security expertshavedaunting missions: they enable secure access to data for mobile, remote and local users; keep systems up to date; and track accessed data– all while attempting to drive new value for the business - it’s enough to cause IT Pro insomnia. As such, we continue to develop a range of security solutions to address evolving IT needs.

Some key examples of user scenarios empowering technology:

  • AppLocker: We received feedback that workers today put software from home on their PCS, download applications from the Internet, and access programs through email. As a result, there’s a higher difficulty ensuring PCs in the enterprise environment are running only approved, licensed software. AppLocker solves this issue; it’s an administered mechanism that allows a business’ security expert to specify what is allowed to run on each user’s PC.
  • Network Access Protection: Thisallows IT Pros to create solutions to validate computers that connect to their network and limit the access or communication of noncompliant computers.
  • Microsoft Asset Inventory Service: Part of Microsoft Desktop Optimization, complements the OS security and compliance technologies by allowing our IT Pro a comprehensive view of the enterprise desktop software environment.
  • User Account Control: We heard loud and clear that end-users wanted fewer UAC prompts and more control over what items they are prompted for, but we know IT Pros still need control over what’s installed or run on a machine. As a result, in Windows 7, we made specific changes to enhance the user experience, while still ensuring the same level of security.
The enterprise security features we’re discussing today are the product of hard engineering work coupled with an understanding of our customers and the security landscape. It’s important to keep in mind that some of these features only work when partnered with Windows Server; for an optimal experience, we recommend businesses use Windows 7 and Windows Server 2008 R2 together upon their availability.

We recognize the enterprise customer for Windows has evolved dramatically over the years and we’ve created solutions to address the needs of varying enterprise scenarios. It’s important to note our work is never finished! We are constantly hearing from our customers about ways to make their machines more secure and productive in their environments. We continue to listen to this feedback and apply it to our technologies. It’s our goal to build technology that lets businesses prosper in a consistently changing security landscape.


My System SpecsSystem Spec

 Windows 7: A New Approach to Securing Today’s Enterpris

Thread Tools

Similar help and support threads
Thread Forum
repair windows 7 pro the best approach - Given scenario
my Pc is windows 7 pro 64bit, I need to do either a repair or a complete reinstall of the OS due to a trojan that just eradicated the system however i have 3 other drives with software installed on those drives and i do not want to touch those drives and also bring back the software once windows 7...
Backup and Restore
Best Approach for Upgrading Motherboard With OEM Windows?
I'm sorry if there is a better section to put this in, but it seemed to be the best option for my question. I currently have an HP Pavilion p7-1102 Specs: Windows 7 Home Premium 64-bit SP1 Pegatron 2ACD AMD A8-3800 1 TB Hitachi SATA 512 MB ATI AMD 6550 (integrated)
Installation & Setup
securing windows 7 32/64 bit in a domain environment
Hey I need your guys' sugguestions on what to do to secure windows 7 in a domain environment what we've done so far is set most people to a standard user, set UAC to the second notch from the top, have DEP enabled for third party programs, have the default policy set in windows firewall advanced...
System Security
My Approach to Windows Updates
Over the years dealing with updates for various Windows OS's, I have adopted the following approach. My question to the experts here is this approach still valid. I learned from bitter experience that Windows updates can sometimes cause more trouble that what they are trying to fix. My...
Windows Updates & Activation
Windows 7 -- Approach to System Performance More...

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 08:04.
Twitter Facebook Google+