IT Knowledge Made Simple

Stay on top of strategic IT infrastructure trends with our special IT StrategyCenter, powered by StudioOne Networks.

Regulatory Resource

Threat Intelligence

Resilient IT

Boardroom Strategies

Threat Intelligence / Preparedness

Preparing for Windows Vista

By Tom Schmidt

It's shaping up to be one of the most closely watched operating-system rollouts ever.

Earlier this month, Microsoft announced it would extend testing for Vista, its long-delayed Windows update, to more than 5 million people. The company said it was broadening its Vista customer preview program, which lets developers and other business users obtain prerelease code. Microsoft also recently issued Release Candidate 1 of Windows Vista, a near-final test version of the operating system. As for the actual launch date, Microsoft officials have said they aim to ship Vista to large companies in November 2006 with a consumer launch to follow in January 2007.

Microsoft has stated that Windows Vista will provide enhanced reliability, manageability, and an improved foundation for security. Nevertheless, enterprises need to know that Windows Vista is not a security solution in itself. True, Microsoft is taking care of the basics by improving the security of its newest operating system. But because Windows is one important element in enterprises' multi-platform environments, it is essential that these organizations demand the most complete protection available against risks to security, availability, performance, and compliance.

This article looks at what enterprises need to consider to protect their data, systems, and applications as they test pre-release Vista builds and prepare to implement Vista in their environments.

Increasingly complex threats
As the Windows Vista availability date approaches, Microsoft is focused on fixing problems and hardening the OS. While this is welcome news, it is not the end of the security discussion. That's because today's enterprises require protection beyond the operating system. They must also address broad security management requirements, including policy compliance, network access, remediation, and IT security infrastructure management.

For example, take today's increasingly complex blended threats. These threats silently attack multiple vectors, looking to exploit any means possible to gain access to sensitive information. To combat these new threats, companies need multiple layers of protection at the gateway, server, and desktop levels. Defense in depth continues to be the best offense.

At the same time, organizations often fail to recognize the vulnerabilities in Windows-based systems that place them at risk. Each day, organizations face such challenges as backing up and recovering mission-critical data in the event of hardware failure or human error, protecting users from viruses and other "malware," and keeping their customer information and other intellectual property from falling into the wrong hands. These challenges will continue to be present after Vista ships.

Conclusion
Windows Vista's out-of-the-box security is a significant improvement over previous versions of Windows. However, it is likely that the security community will aggressively probe and seek to undermine Vista's security improvements once it is released.

Security researchers have examined the operating system core and found some vulnerabilities. At the same time, Vista includes several barriers designed to prevent malicious code from gaining access to the operating system core or kernel. These enhancements are substantial and result in a dramatic reduction of the overall attack surface of the operating system, a security researcher, researchers say.

Microsoft has put a strong emphasis on security in Vista and is promoting it as its most secure version of Windows yet. Even so, enterprises considering implementing Windows Vista in their environments must understand that it does not provide the full protection they need. To truly protect the Windows environment, it is necessary to look at the IT infrastructure holistically to ensure that all data, systems, and application processes are aligned to support the end goal: keeping the business up and running while ensuring the security and integrity of the information that the business and its customers depend on.

Tom Schmidt writes frequently about information security topics. He has more than 15 years' experience as a writer and editor in high-tech publishing.

IT Strategy Center is a daily editorial resource offering innovative insights and strategies for building an integrated, secure and resilient IT infrastructure.