Security Experts:

Windows Information Protection to Address Data Leaks in Windows 10

One of the features that Microsoft will debut in the upcoming Windows 10 Anniversary Update, is Windows Information Protection (WIP), a feature meant to keep user’s information safe even when data leaks occur.

Previously referred to as enterprise data protection (EDP), WIP provides Windows with the ability to identify personal and business information, as well as to determine which applications have access to it, Microsoft says. Moreover, it also ensures that Windows can offer the basic controls necessary to determine what users can do with business data.

Microsoft LogoWIP has been designed specifically to work with Office365 ProPlus and Azure Rights Management, which can keep business data protected when it leaves the device or when it’s shared with others. With WIP, some of the basic data protection features available in Office365 and Azure Rights Management are coming to Windows itself, Microsoft’s Chris Hallum and Nathan Mercer explain in a blog post.

Windows already has data protection mechanisms in place, such as BitLocker, which Microsoft touts as a great solution when it comes to lost or stolen devices. When data is accidentally or intentionally leaked, however, BitLocker is ineffective, and this is where WIP comes into play. What’s more, it can help protect data without affecting the overall user experience, Microsoft says.

“Just turn on a few policies in your MDM (e.g.: Microsoft Intune) or System Center Configuration Manager and WIP is ready to go. WIP’s capability is fully integrated within the experience your users are already familiar with, and they can continue to use the apps that they, or IT, choose to access protected content. WIP doesn’t require users to use special folders, change modes, use alternate apps, move into secure zones or partitions, etc,” Hallum and Mercer say.

The solution has been designed to work completely behind the scene to keep data secure regardless of where on the device it is located. Moreover, the protection continues even when the data is copied to removable storage devices such as USB drives.

Windows Information Protection is integrated in the platform, thus ensuring compatibility with most of the existing applications, something that not all third-party solutions can deliver. However, there will be applications that will require various changes to support WIP, namely those who can work on personal and business data in parallel, or have the ability to egress data outside of the corporate boundary.

WIP also ensures that only authorized users and applications can access business data, thus protecting data from leaks, even on devices with multiple user profiles. Moreover, the solution was designed to prevent certain operations involving the content of business documents, such as copy and paste, further preventing leaks.

According to Microsoft, WIP won’t prevent users from copying content between business applications and documents, but it will prevent them from leaking the data to personal or public domains, unless the IT department sets a policy that allow them to do so. In such cases, auditing will occur in the background, while users will be encouraged to act in a responsible manner, compliant with the corporate policy.

The goal with WIP, Hallum and Mercer explain, was to create a solution that every customer would be willing to deploy, one that would work with existing apps and would require little user interaction. The resulting product is suitable for both SMBs and enterprises and can provide “the fundamentals of information protection” right out of the box, while also designed to work with Azure Rights Management and Office365 to ensure maximum data leak prevention.

Over the past several months, Microsoft has announced a variety of updates and enhancements meant to improve the security of its Windows 10 users, such as the Windows 10 compatibility in Enhanced Mitigation Experience Toolkit (EMET) 5.5. In March, the company announced Windows Defender Advanced Threat Protection, a service designed to improve the protection it offers to enterprise customers.

Just last week, Microsoft detailed the various changes that Windows Hello, its end to end multi-factor authentication solution, will go through as soon as Windows 10 Anniversary Update arrives in early August. It already included biometric authentication capabilities, but it will soon take over Microsoft Passport’s functions, and will also add support for companion devices, Microsoft said.

Related: Office 365 Users Need Better Care of Sensitive Data: Report

Related: Broadly Shared Files a High Risk for Enterprise Data: Report

view counter