Flying cars, intergalactic travel, and transporters are not the commonplace items in 2014 that were envisioned for the future throughout the twentieth century. Still, when considering the shoe phone from the television series “Get Smart” through to the fairly limited functionality of the Star Trek communicator, mobile phones might be the single best example of technology that has lived up to our science fiction dreams. Not only can we make calls from nearly anywhere, but we now have access at our fingertips to data that enables both productive remote work experiences and for many people, the ability to fully experience the web with no secondary device. Remote workers can now complete tasks that would previously have required extensive travel or access to an office while sipping a latte at their favorite espresso bar. But with reward comes risk.

We are infatuated with the technology, but we are also aware that mobile devices can pose a serious threat if not managed correctly. Mobile commerce, banking, and corporate data can present serious risks if a device is stolen or compromised. To make things even more confusing mobile security is often poorly communicated to the average user and commonly requires a leap of faith for even for the technically savvy. For enterprise administrators who are considering a Bring Your Own Device (BYOD) deployment, much needs to be done to bring their confidence to the level of their internal systems whose deliberate access is typically controlled by strict policies.

Microsoft is working hard to provide a platform that customers can feel confident in and is differentiated in its approach to mobile security and privacy. Last year we talked about the Importance of Smartphone Security on the Microsoft Security blog, and since that time it has become even more relevant. The recent release of the Windows Phone 8.1 Security Overview, a document that defines the strides that Microsoft has made for the Windows Phone platform, articulates the security design, capabilities, and functionality such as.

  • The Microsoft Security Development Lifecycle (SDL) is fully integrated within the mobile operating system’s design, build processes, and ongoing code maintenance, and the security technologies from Windows 8.1 around storage, encryption, authentication, and management provide parity with the desktop operating system.
  • Windows Phone 8.1 leverages over 10 years of experience and innovation to provide a mobile solution with an end to end security strategy that benefits from trustworthy hardware capabilities such as Unified Extensible Firmware Interface (UEFI) and Trusted Platform Module (TPM), which allow devices to leverage Trusted Boot, BitLocker encryption, and virtual smart cards for Information Rights Management (IRM) and multi-factor Authentication.
  • The Windows Phone operating system implements a defense-in-depth approach that also secures apps to prevent their potential use by attackers. The Windows Phone Store app architecture isolates apps to prevent a malicious app from affecting other apps or from directly accessing critical operating system resources to help prevent the installation of malware on devices. Windows Phone further mitigates these risks by providing a secured and controlled mechanism for users to acquire trustworthy apps.
  • Windows Phone benefits from the security model of the cloud based Windows Phone Store, which includes strict assurance and screening process for all apps, as well as the rigorous requirements of Microsoft’s other cloud based services, such as Operational Security Assurance (OSA)
  • Windows Phone 8.1 includes numerous and granular device configuration policies that fully support Device Management Synchronization Markup Language version 1.2, which is the Open Mobile Alliance standard for Mobile Device Management (MDM), so you can leverage Microsoft’s native management tools, like Intune and Microsoft System Center 2012 R2 Configuration Manager or most popular publicly available MDM solutions. For more information on the built-in mobile device management client in Windows Phone you can check out the Windows Phone 8.1 Mobile Device Management Overview.
  • Windows Phone also simplifies device retirement with multiple remote wiping capabilities that allow you to remotely wipe an entire device or granularly target specific information, such as line-of-business side-loaded apps.

The Windows Phone security efforts and commitment have made the platform a superior choice for secured smartphone devices.  Microsoft’s level of investment in securing Windows Phone 8.1 devices against threats, protecting data, and securing access to resources to address the threats of today and tomorrow really is unprecedented. To learn more on Windows Phone security check out the Windows Phone 8.1 Security Overview.

Tim Rains
Trustworthy Computing