Today let’s have a look into Windows RT/Windows Phone 8 security options.
Hard Facts “Enterprise Features Windows RT / Windows Phone 8″
- Device encryption: To help keep everything from documents to passwords safe, Windows Phone 8 includes built-in technology to encrypt the entire device, including the operating system and data files.
- Better security: Windows Phone 8 supports the United Extensible Firmware Interface (UEFI) secure boot protocol and features improved app “sandboxing,” so the phone is better protected from malware with multiple layers of security.
- Remote management: With Windows Phone 8, IT departments can manage apps and phones remotely, with tools similar to ones they now employ for Windows PCs.
- Company Hub and apps: Companies can create their own Windows Phone 8 Hub for custom employee apps and other critical business info.
Lets have a look to some of the ”Facts”:
“Secure boot is” a UEFI-based feature to “prevent unauthorized firmware, operating systems, or UEFI drivers from running at boot time”. So it ´prevents installing malware on your phone.
Secure Boot implementation is provided by SoC (System-on-a-Chip).
- Platform secure boot helps ensures integrity of pre-UEFI boot loaders
- UEFI secure boot helps ensure integrity of UEFI applications and Windows OS
(http://blogs NULL.tieto NULL.com/mobileworld/files/2012/07/secureboot3 NULL.png)
All Windows Phone 8 binaries must have digital signatures by Mircrosoft to run. That’s different from Windows Phone 7 where only Microsoft and marketplace apps had digitial signatures. Let’s have a look to the Windows Phone 7 and Windows Phone 8 security model:
(http://blogs NULL.tieto NULL.com/mobileworld/files/2012/07/win7secmodel2 NULL.png)
(http://blogs NULL.tieto NULL.com/mobileworld/files/2012/07/win8secmodel NULL.png)
- WP8 uses Windows disk encryption technology for device encryption
- for disk encryption secure boot is required
- Encryption is available on all phones and tuned on during first boot.
- All internal storage is encrypted, but SD card not encrypted!
Here some other interesting slides which can be very useful for you:
(http://blogs NULL.tieto NULL.com/mobileworld/files/2012/07/security NULL.png)
(http://blogs NULL.tieto NULL.com/mobileworld/files/2012/07/MDM NULL.png)
(http://blogs NULL.tieto NULL.com/mobileworld/files/2012/07/information NULL.png)
(http://blogs NULL.tieto NULL.com/mobileworld/files/2012/07/remediate NULL.png)
Well, there are a lot of security features. I hope all features are really availiable after launching the devices that we really could say “Secure Mobile Device”. Here’s the TechEd 2012 link with the video and the slides (http://channel9 NULL.msdn NULL.com/events/TechEd/Europe/2012/WPH304).
My new nice gimmick – it works really very well!
(http://blogs NULL.tieto NULL.com/mobileworld/files/2012/07/552561_2930216754655_676454324_n2 NULL.jpg)
In my next post let’s have a look at Marketplace and the Enterprise APP Enrollment and then let’s start coding…