5 Ways Windows 10 Provides Enterprise Data Security

Posted by Steven Sanchez on Mar 6, 2017 9:40:20 AM

The Society for Information Management (SIM) recently released its annual CIO survey and to no one’s surprise, cybersecurity tops their list of concerns for 2017.[1] It’s no wonder. According to the Ponemon 2016 Cost of Breach Study, the average cost of a data breach was $7 million and the cost of a single lost record was $221. [2]

The latest release of Microsoft Windows 10 provides a series of new features that addresses the issue of data security and will help CIOs sleep more soundly at night. Here are five of them.


Data breaches are often caused by unwitting users accessing unauthorized HP-Spectre-x360-15inch-Pegasus_Start_Angle1_en-US.jpgprograms. AppLocker allows you to set rules that restrict users to accessing only those applications they need to do their jobs. Not only does this enhance your system security, it also reduces costs by decreasing Help Desk calls from users running unapproved applications.   

Credential Guard

This new feature in Windows 10 allows you to isolate user account and network login credentials on the individual PC so they can only be read by systems software. Using virtualization-based security protocols, Credential Guard blocks unauthorized access to this “secret” information by protecting NTLM password hashes, Kerberos Ticking Granting Tickets, and credentials stored by applications as domain credentials. Malware running in the operating system with administrative privileges are blocked from extracting sensitive data.

Device Guard

Even the power of Credential Guard can’t mitigate every threat. Windows 10 provides another layer of protection with Device Guard. This feature shifts the operating system from a default of trusting any application that isn’t blocked to trusting only apps that have been authorized. Device Guard uses hardware features like Intel VT-x and AMD-V virtualization extensions to protect computers against attack and ensures the running of only approved code.


A common enterprise security threat is exposure from lost, stolen, or inappropriately decommissioned computers. BitLocker Drive Encryption is a data protection feature that minimizes that threat. The feature is most effective when used with a Trusted Platform Module (TPM) version 1.2 or later. The TPM is a hardware component that comes installed in many new computers. It works with BitLocker to ensure that a computer was not tampered with while the system was offline. BitLocker also offers the option of locking down the normal startup process until a user supplies a PIN or inserts a removable device containing a startup key.

Window Hello with Biometric Security to Apps and Edge

This feature adds enterprise-grade security to every device with a simple sign-in. Despite constant warnings to the contrary, most people use the same password across multiple web sites greatly increasing chances of a successful hack. In Windows 10, Windows Hello replaces passwords with strong, two-factor authentication on PC’s and mobile devices. This authentication consists of a new type of user credential that is tied to a device and uses a biometric or PIN. This addresses problems like the use of the same password on multiple sites, server breaches that expose symmetric network credentials, password replay attacks, and users who accidently reveal their passwords to phishing attacks.

For more on data security, check out DynTek’s Windows 10 Proof of Concept and Pilot program, which provides an in-depth look at these and other new Windows 10 features and can help you develop an implementation plan to upgrade.


[1] Top CIO Concerns & Worries for 2017 – IT’s Déjà vu All over Again (Part 2) by Steve Andriole, Forbes, February 14, 2017.

[2] Data Breaches in 2017: No relief in sight, by Robert D. Chesler, Marc D. Schein, Property Casualty 360, February 15, 2017.

All posts
Whitepaper:3 Key Issues for Business Transformation in the Cloud Read Now