What Do Windows 11 & The Zero Trust Framework Have In Common? 9 Key Features

 

Usually on Friday mornings, there is one common denominator:  It’s time to a Windows update.  I don’t know how my computer knows it, but this has been the trend since this spring.  I can tell an update is coming by the way the fan is blowing off in my laptop. 

But this update sort of scared me.  It was the one to Windows 11.  To be honest, I am not ready yet to update to Windows 11, and I don’t know if I ever will be.  So as I hit that update button, I was praying that there would be a choice not to.

Fortunately there was, and hopefully that will be the last of it.  But there was just one small update, and that took only a few minutes to install.  It’s not that I am now willing to give Windows 11 a shot, but from what I heard its best to wait.  Also, from what I hear is that this new OS is filled with more security features than ever before.  But is this a good thing or a bad thing?

Who knows.  Every 2^nd  Tuesday of the new month, Microsoft comes out with what is called “Patch Tuesday”. These are the recommended software patches and upgrades for Windows.  Other tech and firmware vendors have followed suit in this fashion, and in all of these cases, it just blows my mind how many vulnerabilities still keep coming out.

But anyways, the newest security features that have been supposedly installed onto Windows 11 deal with what is known as the Zero Trust Framework.  In this methodology, absolutely nobody can be trusted in either your external or internal environments. 

Everybody has to be verified all the time through MFA procedures.  Even the geo-location and the security settings of the wireless device in question are also checked before granting access.

On a technical note, some of the Zero Trust features that have been added include specifically the following:

*More support for the Pluton security processor;

*More   support for the Trusted Platform Modules;

*Implementation of the Trusted Boot,

*Higher levels of Encryption and Cryptography;

*The inclusion of Code Signing Certificates.

*The adoption of the Smart App Control;

*AI and ML to track down any signs of abnormal behavior;

*Checking the integrity of Windows Defender after each hard reboot;

*Getting rid of passwords by making use of the Windows Hello for Business functionality;

*Deep levels of protection for protecting against credential harvesting attempts when an end user visits a website.

A strategic move that Microsoft has made when it comes to deploying these Zero Trust is that there is nothing that the IT Security team has to do.  Everything is already “bolted on”.  The thinking here is that the adoption will be higher if people were forced to use them, and not voluntarily having to deploy them.  The other line of thinking here is that all companies, no matter how large or small, will have access to the Zero Trust Framework technologies, which will also help to level the playing field to a huge degree.

The following illustration is just a sampling of what is included in Windows, from the standpoint of Zero Trust:

(SOURCE:  https://www.darkreading.com/operations/microsoft-practical-zero-trust-security-windows-11)

My Thoughts On This:

In the end, Zero Trust (as it is also called) is going to the be next big movement in Cyber, whether you like it or not.  Part of the reason for this is that for those businesses that have deployed it to some degree or another, have actually reported some success with it.  Hey, that is far better than nothing.  But the one thing that is going to hamper its full adoption is getting the buy in from employees. 

For example, as I have mentioned many times before, people are creatures of habit.  They simply do not want to change unless they are forced to.  So, there could be a fair amount of grumbling for a long to time to come of having to go through three or more layers of authentication versus just using the normal password.  This is where both sides half to meet halfway.

For example, deploying the Zero Trust Framework should not happen all at once.  Rather, it should be phased in gradually, in different stages.  And at each step of the way, any new processes that are going to be introduced should be tested first in a sandbox environment before they are released into the production environment. 

Heck, anticipate that it could be quite a number of months, or even years, until it is fully deployed properly at your place of business.

But slow and steady is the best way to go, because going in a haphazard fashion will simply not only widen the attack surface, but it could also create many other backdoors for the Cyberattacker to penetrate into. 

But apart from this, another key factor to the successful deployment is communications.  Always let your employees know what is going on, and give them the chance to ask any questions or raise any concerns that they may have.

This will not only increase the chances of getting employee buy in, but they will also feel that they been an important part of the process as well, which in turn should increase employee morale and levels of productivity. 

I think Microsoft is also trying to come up with a way of making Zero Trust a two-way street:  Whatever happens On Prem will also by synched up into the Azure Cloud, especially if the Hybrid deployment is being used.

It is also important to keep in mind that the Zero Trust Framework Is not a tool, but rather it is a methodology.  There is no one size fits all strategy here, you have to customize it to meet your security demands and requirements.  It’s about using existing tools and technologies, then procuring newer ones!!!

With 80 million password hacks occurring on a daily basis, the Zero Trust Framework is here to stay, for a very, very long time.