Hardware and Platform Security: Mastering the Balancing Act


You want to allow users to be their most productive. So, you introduce manageability measures to easily deploy tools and enforce security standards that prevent threats without disrupting the flow of productivity.

Nonetheless, your users will always  take some steps to improve their own productivity (via apps and cloud services)  that also hampers manageability and leaves your data and services vulnerable to threats.

Respond with too many security features, however, and usability suffers – slowing down machines and interrupting end users with prompts.

This is the “Great Balancing Act” of modern mobile computing. The successful solution strikes a delicate balance between three critical priorities:

  • Security
  • Manageability
  • Productivity

Our recent webinar explores how Windows 10 Pro and Intel 7th Gen Core processors combine platform and hardware features that help you achieve this balance in your environment.


Threats to data security are a critical concern for the modern enterprise. Most intruders gain access unnoticed. Many aren’t discovered until well after they’ve left. Many stick around for a while before leaving. So, what are the implications of the threat?

  • The average time to detect a data breach is 230 days (Gartner)
  • 52% of attacks come from malicious insiders (Break Level Index)
  • Web browser is the most common point-of-attack at 36% (McAfee Labs)
  • The average cost of a breach is $3.5 million. (McKinsey)
  • This cost has risen 15% YoY. (McKinsey)

The threat evolves as hackers find new, more advanced ways to gain unauthorized access to your data. But, in response, enterprises often try to fight present-day threats with tools from the past. In a recent example, the WannaCry ransomware bug affected 230,000 PCs worldwide. Most of these were still running Windows 7 (or another version) and hadn’t received updates via the appropriate patches.

Security with Windows 10 Pro 

Microsoft estimates 85% of enterprises will have begun Windows 10 deployments by the end of 2017. Almost 49% of these cite security improvements to Windows as the deciding factor.  In fact, Microsoft invests over $1 billion per year in cybersecurity research and development (R&D). This makes them the world’s largest cybersecurity firm, although you may not have thought of them this way. A great deal of this investment has gone into the Windows 10 Defense Stack.

The five-pillared security strategy protects Windows 10 devices from before and after a potential breach. The new version’s post-breach detection, investigation and response features are the real flagship security improvements in the release.

Features like Conditional Access enable control over who accesses your environment, when, and for how long. Device Guard “hardens” Windows 10 devices against malware and prevents malicious code from running. Credential Guard virtualizes authentication credentials. This, in turn, neutralizes the “rinse-and-repeat” aspect of common Pass-the-Hash (PTH) attacks.

Meanwhile, Windows Advanced Threat Protection (ATP) plays a role to an airplane’s black box, while adding the intelligence to mitigate or remediate threats. Its design uses machine-learning and cloud-based security analytics to detect and contain the most sophisticated attacks.

Security with Intel 7th Gen Core 

Some measures that boost user productivity don’t help as much in the security department.  When it comes to protecting devices, password authentication is one area where the user sometimes creates problems. Many of us may recycle passwords or PINs, if only to avoid having to remember too many. This leads to unfortunate situations where an intruder deriving one password could access a full range of services or devices.

With its 7th generation of Core processors, Intel re-introduces Intel Authenticate, its solution for “hardened,” or hardware-enhanced, security. Authenticate applies “multi-factor authentication” mechanisms to verify a user’s identity through two or more factors.  The result is a better overall security posture without the need for multiple passwords per user.

Intel Authenticate provides further enhanced security via “hardening” or hardware-based security. This places security factors, credentials, policies and decisions below the operating system (OS) layer and beyond the reach of software-based attacks. Intel’s hardware security offering also includes other intelligent features such as Bluetooth-powered walk-away locking and AMT-based environment detection.

Deployment & Manageability 

The workplace has evolved. The modern employee takes it for granted that they’ll use multiple devices for work each day. At the same time, the ongoing consumerization of IT has put a new emphasis on the user experience design.

The old workplace slowed under the weight of complexity, cost and compatibility issues. But, modern security threats put a new importance on the ability to deploy new functionality fast.

The process of deploying and managing devices in your environment must change to meet these new demands. Decades-old policies need to give way to reduce costs and increase agility. Applications and services must adapt to new expectations.

Deployment & Manageability with Windows 10 Pro

Microsoft has created Windows 10 Pro for the world of “modern IT.” With a focus on simplified deployment and dynamic management, the platform allows organizations to adapt to the cloud as fast or as slow as they need to. Enhanced features like Windows-as-a-Service and Windows Auto Pilot ensure deployments aren’t year-long projects that cause major disruption for users.

Dynamic management functionality for mobile apps and devices reduce the burden on IT departments and device managers. At the same time, proactive insights from Windows Analytics Update Compliance and Windows Analytics Upgrade Readiness lower time spent on validation and deployment efforts.

Deployment & Manageability with  Intel 7th Gen Core 

Intel Active Management Technology enables several key manageability enhancements, including Intel Secure Remote Erase. This feature, exclusive to 7th Gen Core processors, allows your IT department to remote-wipe SSD media and encryption keys in seconds.  This is doable from any location worldwide. And, it frees up valuable time otherwise spent on manual deletion of data from retired or re-purposed computers.

Other enhanced management features supported by Active Management include remote, high-resolution reimaging and desktop diagnosis. Together, these serve to reduce your total cost of ownership (TCO) for an IT service by as much as half (Gardner).


In the modern workplace, what constitutes “the office” is often in flux. Users demand uptime with software and devices wherever they are, whether inside or outside the corporate environment. Sixty-two percent of workers say they’re more productive outside the office.

At the same time, many organizations push their device refresh cycles to three years and beyond. But, workers now expect powerful, flexible and responsive user experiences whether working with desktop or mobile devices.

Productivity with Windows 10 Pro

For end-users, Windows 10 Pro enables software and device uptime in- and out-of-office with solutions like Azure AD user state roaming and Windows One Drive for Business and Office 365. Newer features such as digital ink and intelligent assistants like Cortana support more powerful ways to interact with work devices.

Windows 10 Pro also enhances productivity for IT departments, offering streamlined processes dynamic provisioning, and managed roll-outs that harness the cloud.

Productivity with Intel 7th Gen Core 

Intel’s newest “Kaby Lake” generation of Core processors also offer a productivity boost through sheer performance. Although the difference isn’t as noticeable over 6th generation models, the 7th Gen core processors provide a significant improvement over devices aged three-to-four years or more.

The new line of Intel processors also bridges the gap between tablet and laptop/desktop performance. A new breed of “all-in-one” and “2-in-1” hybrid devices from manufacturers like Dell, HP and Lenovo have the power and connectivity to complement or even replace traditional laptops in some use cases.

A Balanced Approach

We’ve seen that many organizations approach the steps of the hardware lifecycle as three distinct parts: select, acquire and manage. Sadly, when different individuals or groups are making decisions, setting standards and managing purchases, the results are internal gaps and delays in the procurement process.  Find out how a holistic approach to managing your device lifecycle and roadmap will help enhance security, manageability, and productivity in your environment.

Infographic: You’re connecting to your employees in brand new ways, unfortunately the hackers are too

Learn how to adapt to more targeted and advanced persistent threats with our latest infographic created in partnership with Cisco.

[Read more…]