Latest CESG security guidance highlights new strengths in Windows Phone 8.1

Last month CESG issued its latest platform guidance, a concise update on general platform risk management strategies. The guidance evaluates Windows Phone 8.1 on 12 foundational security principles, as part of the end user device security framework. 

CESG’s latest platform study shows Windows Phone 8.1 is on a very strong trajectory of improvement. The new guidance provides a detailed background on the benefits of Windows Phone 8.1. The platform delivers several improvements - compared with rival offerings and Windows Phone 8.0 - which ensure the safe, convenient and rapid transfer of data for public sector staff.

What other changes to the platform do you need to know about? I’ve highlighted a selection of key features below, with the full list available here.

What improvements were made to support the new guidance from CESG?

• Malicious code detection and prevention:  Now users are able to disable developer unlocking of devices - so that Windows Phone 8.1 will only run apps from the Store and authorised enterprise applications. Apps hosted in the Windows Phone Store are scanned for potentially harmful or malicious activity prior to being made available for download. Content based attacks can be filtered by scanning on the email server.

• Security policy enforcement:  Disabling the un-enrolment feature from the MDM service means that settings applied to the device cannot then be modified or removed by the user. The phone can optionally also be configured to prevent the user performing a factory reset.

• External interface protection:  Windows Phone 8.1 now allows Wi­Fi, NFC, Bluetooth, removable storage and USB Sync to be disabled.

• Device update policy:  Windows Store apps automatically download and install updates by default, but installation of device updates relies on user interaction. The enterprise has no control whether updates that are not marked as critical are applied.

Why does this matter to me and my organisation?

Windows Phone 8.1’s improvement make for a much safer, more secure and better controlled device ecosystem for public sector bodies. Updated features now mean that Windows Phone 8.1 offers a safer path for a user’s data to travel. Moreover, apps and software are now automatically patched for rapidly changing security issues and only approved programs can be downloaded and stored on the device. In the case of an incident, the platform is now able to respond much faster to shut compromised devices down and remove sensitive data from unauthorised hands. This controlled environment means that the public sector body can rest assured that in any situation their data, devices and ecosystems are safe from threats and compromises.  

How can I get a copy of the recent CESG guidance?

The updated guidance from the CESG is wholly available on the CESG website and can be downloaded here. This provides ease of access for public sector organisations spanning the UK - so they are able to make informed decisions.

What should I do if I’m interested in Windows Phone 8.1?

Microsoft Windows Phone 8.1 is going from strength to strength. If you want to discuss the platform’s new features or future direction, e-mail ukps@microsoft.com to learn more.