CESG provides guidance on Windows 8.1: What does that mean for your organisation?

  • Article

Stuart Aston is the Chief Security Advisor for Microsoft in the UK and runs the Government Security Programme and the Security Co-operation Programme.

Late last week CESG replaced their guidance on the use of Windows 8 with guidance on Windows 8.1, available here. The update is significant, partly because of the changes, but mostly because of how quickly the update was issued. Under previous guidance processes, it was unlikely that an interim release would have been published at all.

The new guidance itself remains in the same crisp, lightweight approach. So what has changed?

  • With Windows 8.1, we can now allow enterprises to push automatic updates to modern applications, removing a significant security risk for government offices and enterprises.
  • Windows users no longer require additional key material from CESG to use BitLocker. This removes the restriction on using MBAM to manage recovery information making for easier deployment at scale for Windows BitLocker.

The new guidance allows customers to evaluate the risks of an operating system in line with the system’s ability to support organisational requirements. The customer can make their own decisions about what risks they care about, in line with the business functionality they want to deliver. So we could say that we have fewer serious risks than other desktop operating systems, with Windows 8.1 Enterprise -- and we do. But that statement on its own is meaningless. Security in the abstract is redundant without an organisational context.

An office’s organisational context is an assessment of the capabilities an office needs to function, balanced against their tolerance for security risks. Out of the box we deliver all the functions needed to run your office securely, letting you run legacy and modern applications with minimal effort. You can also store data securely on your device, communicate with your infrastructure securely and be protected from malware using Secure Boot (requires UEFI compatible hardware) and AppLocker.

We think all of those features make Windows 8.1 the best choice for your organisation’s security. But you don’t have to take our word for it. Check out the guidance, consider your organisation’s application and security needs – and then decide for yourself