Security enhancements reduce threats to the enterprise
Built upon the security foundations of Windows Vista, the Windows 7 operating system responds to customer feedback to make the system more usable and manageable. Windows 7 contains the right security enhancements to combat the continually evolving threat landscape.
Fundamentally secure platform. Windows 7 builds upon the strong security lineage of Windows Vista and retains all of the development processes and technologies that have made Windows Vista the most secure version of the Windows client to date. Enhanced audit capabilities make it easier for an organization to meet its regulatory and business compliance requirements. Audit enhancements start with a simplified management approach for audit configurations and end by providing even greater visibility into what occurs in your organization.
The widespread use of USB flash drives and other personal storage devices raises user concerns about the security of information on these devices. However, some users do not require the full data encryption features of BitLocker to Go. Windows 7 provides support for password protection and certificate-based authentication for IEEE-1667–compliant USB storage devices. Users can utilize password protection of IEEE 1667 storage devices to help keep data private from casual disclosure.
|
 |
Our existing [third-party] solution costs $100 for each license, plus $20 a year for maintenance. By using BitLocker, we expect to save at least $30,000 a year.  |
Fingerprint scanners are becoming more and more common in standard laptop configurations, and Windows 7 ensures that they work well. It’s easy to set up and begin to use a fingerprint reader, and logging on to Windows using a fingerprint is more reliable across different hardware providers.
Building upon the smart card infrastructure advances made in Windows Vista, Windows 7 eases smart card deployment through support of Plug and Play. Drivers that are required to support smart cards and smart card readers are automatically installed without the need for administrative permissions or user interaction, easing the deployment of strong, two-factor authentication in the enterprise.
Helping secure anywhere access. Windows 7 provides the appropriate security controls so that users can access the information they need to be productive, whenever they need it, whether they are in the office or not. In addition to full support for existing technologies like Network Access Protection, Windows 7 provides a more flexible firewall, DNS security support, and an entirely new paradigm in remote access.
The Domain Name System (DNS) is an essential protocol that supports many everyday Internet activities, including e-mail delivery, web browsing, and instant messaging. However, the DNS system was designed more than three decades ago, without the security concerns we face today. Windows 7 supports DNSSEC as specified in RFCs 4033, 4034, and 4035, giving organizations the confidence that domain name records are not being spoofed and helping them protect against malicious activities.
Windows 7 helps IT professionals support multiple active firewall policies, enabling user PCs to obtain and apply domain firewall profile information regardless of other networks that may be active on the PC. Through such capabilities, which are among the top features requested by enterprise customers, IT professionals can simplify connectivity and security policies by maintaining a single set of rules for both remote clients and clients that are physically connected to the corporate network.
For IT professionals, DirectAccess provides a more secure and flexible corporate network infrastructure to remotely manage and update user PCs. DirectAccess simplifies IT management by providing an “always managed” infrastructure, in which computers both on and off the network can remain healthy, managed, and updated.
Protecting users and infrastructure. Windows 7 provides flexible security protection against malware and intrusions so that users can achieve their desired balance between security, control, and productivity. Windows 7 reenergizes application control policies with AppLocker: a flexible, easy-to-administer mechanism that allows IT to specify exactly what is allowed to run in the desktop infrastructure and gives users the ability to run the applications, installation programs, and scripts that they require to be productive. As a result, IT can enforce application standardization within its organization while providing security, operational, and compliance benefits.
Internet Explorer 8 delivers improved protection against security and privacy threats, including the ability to help identify malicious sites and block the download of malicious software. Privacy is enhanced through the ability to surf the web without leaving a trail on a shared PC, and through increased choice and control over how websites can track user actions.
Protecting data from unauthorized viewing: Each year, hundreds of thousands of computers without appropriate safeguards are lost, stolen, or decommissioned. Windows 7 extends BitLocker Drive Encryption to help protect data stored on these computers and other portable media (for example, USB flash drives, USB portable hard drives) such that only authorized users can read the data. Best of all, BitLocker protection is easy to deploy and intuitive for the end user, all the while leading to improved compliance and data security.
Microsoft Services:
Learn more by downloading the Windows 7 Security Enhancements white paper.
Download the free Security Compliance Management (SCM) Toolkit Solution Accelerator for Windows 7 and meet security and compliance requirements.