Dec 12 2023

Windows 11 Offers a New Cybersecurity Approach for Businesses

The OS update better protects IT environments and organizations’ data from evolving cyberthreats.

Wherever there is innovation, those looking to exploit it aren’t far behind. IBM released its version of the personal computer in 1981. While it wasn’t the first PC, the IBM 5150 (which ran on the Microsoft-developed operating system DOS) helped establish the modern computer market. In 1986, Brain, the first “full stealth” computer virus, targeted IBM PCs.

It’s been 40 years since the term “computer virus” was coined at the University of Southern California, and cyberattacks are now so common that words like worm, malware, phishing and ransomware are a part of everyday vocabulary.

To address the ever-present and evolving threat of cyberattacks, Microsoft released Windows 11.

“We’ve had upgrades, such as Windows XP, Windows 7 and Windows 10. Windows 11 isn’t an upgrade so much as it is a complete redesign of the entire platform,” says Jason Brown, senior field solution architect at CDW. “In earlier versions of Windows, hardware was just hardware. It was there to power the system and Windows ran on top of that. The hardware and software were completely separate.”

Windows 11 takes a different approach. The hardware and software are integrated, meaning they can recognize each other and communicate as one ecosystem rather than existing as separate layers.

Click the banner to learn how experts can help your organization migrate to Windows 11 seamlessly.

In the early days of the PC, an IT professional could replace components on the motherboard and the OS would use them without flagging that anything had changed. Today, the software and hardware are constantly validating each other. Windows 11 would recognize that something had changed because the original known part would no longer respond. As a result, Secure Boot would flag the issue.

“This adds to Windows’ security because you can no longer bypass the Windows layer and boot into a DOS prompt to make changes to the system,” Brown says. “If someone tries to insert malicious code into the computer, Secure Boot will alert you to an unexpected change and restore to a known state, blocking the change.”

Cybersecurity has changed radically since the advent of the PC, and Windows 11 is a response to the pervasive nature of cyberthreats today. The final version of Windows 10, 22H2, will reach the end of support on Oct. 14, 2025. While the OS will still function, there will be no more version updates unless the date is extended by Microsoft.

To ensure that IT systems remain secure, organizations should consider migrating to Windows 11 now, Brown says. The latest Microsoft OS delivers many security benefits, but IT leaders must understand that migration to Windows 11 is a journey that requires preparation.

READ MORE: Discover tips to prepare your organization for Windows 11.

Windows 11 Includes Layers of Security Features to Protect Data

While OSs have become much more secure over the years thanks to firewalls, anti-virus software and malware scans, Brown says, nothing was blocking the worst hole in the entire infrastructure: an end user clicking on a link to launch something they thought was benign. In fact, human errors was a factor in 74 percent of total breaches, according to Verizon’s 2023 Data Breach Investigations Report. Windows 11 could change that.

“Windows is now constantly scanning every internet site that you visit, every document that you open, and running processes to make sure they are legitimate and safe to continue,” Brown says.

Windows 11 does this using a feature called Microsoft Defender SmartScreen, one of several new tools rolled out with the operating system update. Here are security features of note that businesses should be aware of when considering a migration to Windows 11:

  • BitLocker: While this feature was included on Windows 10, it was optional. Now, device and drive encryption are built into the OS by default to protect patient data from unauthorized access, Brown says.
  • Credential Guard: This feature uses virtualization-based security (VBS) to defend systems from credential theft and malware attacks, even if they are running with administrative privileges, according to a Microsoft blog.
  • Config Lock: Using mobile device management policies, this feature monitors registry keys to detect changes in a healthcare organization’s device ecosystem and reverts changed systems to an IT-desired state. Microsoft notes that the feature also prevents users from altering security settings.
  • Hypervisor-Protected Code Integrity: Also known as memory integrity, HVCI is another VBS feature integral to ensuring that all drivers plugged into the OS are safe and trustworthy.
  • Microsoft Defender SmartScreen: This program addresses the vulnerability created by end users by protecting against phishing, malware and malicious files. SmartScreen is constantly watching the sites a user browses, no matter which browser is used, Brown says. It will compare each site visited against Microsoft’s known secure databases and alerts a user if a site could be malicious. “Before you even move your mouse, that website, link or attachment has been checked and validated,” he adds.
  • Microsoft Pluton: This security processor was built on the principle of zero trust. It is integrated into the CPU and OS to protect personal information, credentials and encryption keys, according to Microsoft. Instead of requiring IT teams to manually update the processor, it can be done via Windows Update, adding another level of security.
  • Smart App Control: According to Microsoft, this feature blocks malicious and untrustworthy apps as well as unwanted apps that can slow down devices or that come with unexpected or unwanted properties such as ads or extra software.
Jason Brown
You’re now walking into this with an understanding of what you need to do, the budget you have to build this and the process of how that’s going to happen.”

Jason Brown Senior Field Solution Architect, CDW

All of these security layers and more are in constant communication, prepared to isolate suspicious applications and lock down the system so malicious programs can’t take over and propagate onto other devices, Brown says. It’s all part of a zero-trust architecture.

“Even though your device might be managed, if you have certain things turned off, the system will no longer trust that device. If Microsoft Defender anti-virus isn’t running, it will say, ‘I no longer trust you. You cannot come in until that’s fixed.’ If you don’t have the latest Microsoft patches installed, it won’t trust you until Microsoft Intune finishes pushing the update to you,” Brown says, adding that Microsoft Azure cloud tools and Microsoft Intune work together with the OS to protect the business’s IT ecosystem.

DISCOVER: Unlock the full potential of Windows 11 with a device refresh.

As devices proliferate, having integrated, secure hardware and software is crucial, Brown says: “Now you’re encrypting data at the hardware layer as well as at the software layer, which makes it much more difficult to break into systems to access an organization’s data.”

Windows Hello for Business can unlock the encryption by scanning an authorized end user’s face or fingerprint. “Having encryption across the board from all these different tools, rather than just a simple password, is really going to change the game for businesses,” he adds.

For more on the specific security features offered by Windows 11, Brown recommends that IT leaders read Microsoft’s Windows 11 Security Book: Powerful Security by Design.

Windows 11 Migration Requires Partnership and Planning

Migrating to Windows 11 isn’t something that can happen overnight. It requires careful planning and preparation. However, organizations don’t have to do it alone. Brown says that a technology partner such as CDW can offer an assessment tool to help organizations determine whether their applications and hardware are ready to run Windows 11.

Older devices might not be authorized to run the new OS because the hardware may not support the different credentialing tools and zero-trust capabilities in Windows 11. Brown says that some users have found a way around the credential check to install the OS; however, this leaves organizations without the security benefits of the Windows 11 and hardware integration.

Through an assessment, CDW can help organizations determine whether their systems can support Windows 11, and if not, will recommend compatible hardware to meet their business needs.

“We break down why this device will work and why this one won’t. We walk through your applications and note which ones will require talking to your developers to get the latest version,” Brown says. “You’re not walking into this with your eyes closed; you’re now walking into this with an understanding of what you need to do, the budget you have to build this and the process of how that’s going to happen.”

Brown points out that many organizations are already paying for a mobile device management program such as Microsoft Intune without realizing it. That can be brought to light through an assessment.

Some IT leaders may be interested in a Windows 11 migration but feel that they don’t have the budget for such an investment. Brown notes that CDW can help businesses seek additional funding. However, it’s important to connect with a partner early to determine eligibility.

“If we are brought in later in the project, that may change the funding availability,” Brown says. “We can review all the details and help determine what funding is available for your project.”

RELATED: Learn why Windows 11 is worth the upgrade.

Automation Built into Windows 11 Makes Businesses More Productive

Windows 11 security features also enable automation and artificial intelligence to securely manage tasks. Remember Clippy, the original Microsoft Office assistant? Windows 11 now has an AI-powered tool, Copilot. Businesses can use Copilot to manage emails quickly and efficiently, Brown says.

“You can tell Copilot to show you emails that are marked as urgent, and it will bring those up on your screen,” Brown says. “It will complete those types of automated tasks to help you be a little more productive.”

Copilot can also act on the OS layer with secure integration.

“I can walk up to my screen, and after Windows Hello scans my face and unlocks my device, Copilot might say, ‘Welcome, Jason. Here’s your email for the day, and here are the ones that are marked urgent, as you asked. You have three voicemails, and here’s the link to listen to them,’” Brown explains. “Windows 11 will make secure automation much more prevalent in the business world.”

Goodboy Picture Company / Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.