Enterprise Mobility and Security Blog

RSS

What’s new:

In this demo, I showed the data separation and data loss prevention features in Windows 10.

Specifically, I looked at a handful of new data protection scenarios:

  • How to interact with personal and protected business data without having to switch apps, modes, or move into special folders.
  • I showed how a file can’t be copied to non-business locations or apps (like Twitter, for example) because there is a policy in place that lets IT decide to block data leakage completely or allow it to leak after issuing a warning and audit.
  • There is also the ability to show how a sensitive file can be copied between business documents and managed business apps.
  • I showed a feature that lets end-users save content as “corporate” using Windows common controls – this means the apps don’t have to be wrapped or updated for non-egress scenarios.
  • Finally, we showed how a user can go to the file system (if IT wants to grant this kind of control) and switch data to and from “business protected.”

How this helps:

All of this is fully integrated into Windows 10; the completeness of these solutions are pretty amazing. This is a big win for IT, and end-users benefit because their usage behavior doesn’t have to change since all of this is integrated into the experience they already know. That means no more need to switch to secure apps, locations, or profiles while using a device.

Unlike data protection solutions (particularly on mobile devices where multiple personas or containers are used to protect data), we’ve come up with a solution that doesn’t get in the way of the user experience.

I can boil it down to four ways this really helps you keep your organization’s data secure – it addresses problems with:

  1. Data leakage through copy and paste
  2. Data leakage through file copies to removable storage devices
  3. Control of which apps have access to business data
  4. Control of which apps have access to business VPN

Another thing I really like about the DLP capabilities in Windows 10 are how they guide and help users to protect their organization’s data. It is both empowering and secure.

Why you need this in your life:

  • Windows Data Separation and Data Loss Prevention features are a brand new feature set for Windows 10 and they provide file-level data protection (encryption), separation of personal and business data, and app control (i.e. defining which apps have access to business data and VPN).
  • This makes your network stronger in some really specific ways:
    • It gives you the ability to automatically identify personal vs. corporate data.
    • You can keep data protected while it’s at rest on local or removable storage.
    • Now you can define which apps have access to corporate data (and under which circumstances).
    • You can define which apps have access to a VPN connection.
    • Now it’s simple to keep data from being copied from corporate to non-corporate sources.
  • This feature provides you with a dramatically higher level of DLP assurance for your organization.

What you’ll need to get started:

  • Windows 10 Pro
  • A means to provision policy (SCCM or Intune)
  • If you’re using RMS with Windows Data Separation and Data Loss Prevention via Azure RMS and Azure AAD, this will enable IT to cover a broader set of DLP scenarios.

Get to work!

  • Windows 10’s data separation and containment features will be coming soon to members of the Windows Insider Program.
  • Join the program now so you can start testing these Windows 10 features as soon as they become available.

 

To read the recaps for the other ten demos, visit aka.ms/BradIgniteRecap.