WI N D OWS 11 S E CU R ITY
Solution Providers: Windows 11 Security Is ‘Job No. 1’ Prioritizing security in Windows 11 is the smart thing to do in today’s landscape of increasing cyberattacks, solution providers tell CRN.
By Kyle Alspach
T
HE ROLLOUT OF of Windows 11 is
highlighting a major shift in Microsoft’s strategy for the Windows operating system, with the company putting a higher priority on improving security than on enabling the most PC upgrades possible, solution providers and industry analysts told CRN. For Windows 11, which will be generally available Oct. 5, Microsoft has issued hardware requirements that are far more stringent than users have been accustomed to in the past. Along with requiring a TPM 2.0 security chip, Windows 11 is only compatible with CPUs released in the past four years. This is also widely seen as a security measure since it ensures that most PCs running Windows 11 will have hardware protections against the Spectre and Meltdown vulnerabilities discovered in 2018. The requirements for newer CPUs and TPM 2.0 are expected to exclude a significant number of PCs from installing Windows 11, however. That’s a stark departure from Microsoft’s approach with past releases of Windows—especially Windows 10— but is ultimately a worthwhile trade-off, solution providers told CRN. “I would say that they are prioritizing security first. And I’d say that’s the prudent thing to do, given what’s going on in this environment,” said Matthew Bookspan, CEO of Altamonte Springs, Fla.-based Blacktip. “It’s a smart play.” The six years since the launch of Windows 10 have seen Microsoft ensnared in a series of massive cyberattacks, even as troubling new hardware-level vulnerabilities such as the Spectre and Meltdown processor flaws have emerged. While security was a focus for past Windows releases as well, the emphasis on tightening hardware security is a greater focus with Windows 11, analysts told CRN. “What I think is new is the recognition that it’s not just about fixing the OS, but rather looking at the entire stack from the hardware up through the applications and the user experience and trying to make the entire stack work better and more securely,” said Stephen Kleynhans, research vice president at Gartner. “There are some things you need to do that you can’t do solely in the operating system, which needs the newer hardware.”
44
OCTOBER 2021
The CPU requirements for upgrading to Windows 11 include—with just a few exceptions—having a processor from Intel’s eighth generation and newer, or AMD’s Zen 2 series and up. Those CPU requirements appear to be aligned with mitigations against Spectre and Meltdown side-channel vulnerabilities, analysts told CRN. However, Microsoft has not specifically confirmed this, and some Windows 11-compatible chips did come out before hardware protections for Spectre and Meltdown arrived. Microsoft did not make an executive available to comment for this article. In an interview with CRNtv in August, Microsoft Channel Chief Rodney Clark said that the Windows 11 chip and security requirements are in part a response to the new places, such as edge devices, where cyberattacks are now originating. “When you think about the security landscape that we are in today, it’s changed quite a bit,” said Clark, Microsoft’s corporate vice president of global channel sales. “Yesterday’s PC doesn’t necessarily address today’s security concern and tomorrow’s security concern.” Along with protecting against existing cyberthreats, Microsoft does appear to be trying to set up a stronger security baseline for the future with its Windows 11 security requirements, analysts said. “I think Microsoft is looking at the things that we know we need to do for security in the future that we simply can’t do on some of the really old hardware,” Kleynhans said. “At some point they knew that they’d have to make a tough call. This is an opportunity to make that tough call.”
‘Security Is Job No. 1’ While Apple has taken a similar approach with macOS, this approach by Microsoft has come as a shock to some Windows users. In past releases, Windows has tended to support a “long legacy of hardware,” said Tom Mainelli, group vice president for device and consumer research at IDC. “There are certainly challenges with supporting older hardware, particularly on the security side,” Mainelli said. “I think that Microsoft’s decisions around what will be supported are
