The creation and classification of ‘sensitive’ data is on the increase as a result of improved awareness around privacy, growing data regulations, data monetisation, and AI’s role in converting data into valuable insights. Microsoft has recognised this challenge and introduced a new security initiative called Secured-core PCs with the launch of Windows 11.
This innovative approach combines hardware, software, and operational practices to create a highly secure computing environment, fortifying devices against a wide range of cyber threats.
What are Secured-core PCs?
Secured-core PCs are a set of requirements and specifications defined by Microsoft for PC manufacturers. These requirements encompass various hardware, firmware, and software components, ensuring that devices meet stringent security standards. The primary goal of Secured-core PCs is to provide a secure foundation for devices running Windows 11, making them more resilient against sophisticated attacks and data breaches.
Primarily aimed at individuals with access to highly privileged information, such as senior government or finance employees or those dealing with highly sought-after intellectual property, these devices focus on combating a wide range of firmware attacks which can remain on a machine even after the operating system is wiped.
Key Features of Secured-core PCs
When it comes to hardware security features, secured-core PCs boast a specialised chip known as Trusted Platform Module (TPM) 2.0. As well as providing secure storage and processing of cryptographic keys, it also enables features such as BitLocker and Secure Boot (more on that later…). These PCs also benefit from virtualisation-based security (VBS), which isolates critical components from the operating system, protecting against kernel-level vulnerabilities and malware. And finally, Secure Boot ensures that only trusted software and firmware can be loaded during the boot process, preventing malicious code from taking control.
Firmware wise, Static Root of Trust for Measurement (SRTM) establishes a secure chain of trust from the hardware to the operating system, verifying the integrity of each component during the boot process. Moreover, Dynamic Root of Trust for Measurement (DRTM): DRTM extends the hardware-based security protections to the runtime environment, enabling secure code execution and data integrity checks.
That’s the security basics accounted for, but what really sets these machines apart? Well, the Credential Guard feature isolates and protects credentials from potential vulnerabilities in the operating system, making it more difficult for attackers to steal passwords or other sensitive data. Meanwhile, Hypervisor-protected Code Integrity (HVCI) enforces code integrity policies, preventing unsigned or untrusted code from executing in kernel mode.
And to complete the set, Secure Launch ensures that only trusted UEFI (Unified Extensible Firmware Interface) firmware and operating system components are loaded during the boot process.
Benefits of Secured-core PCs
Enhanced Protection Against Cyber Threats
Secured-core PCs provide a robust defense against a wide range of cyber threats, including malware, rootkits, bootkits, and advanced persistent threats (APTs). By leveraging hardware-based security features and secure boot processes, these devices make it significantly more difficult for attackers to gain unauthorised access or execute malicious code.
Data Integrity and Confidentiality
With features such as TPM 2.0, BitLocker, and Credential Guard, Secured-core PCs offer strong data protection and encryption capabilities. This ensures the integrity and confidentiality of sensitive information, even in the event of device theft or unauthorised access attempts.
Compliance and Regulatory Adherence
Organisations operating in regulated industries or handling sensitive data can benefit from the advanced security features of Secured-core PCs. These devices can help companies meet compliance requirements and industry standards related to data protection, privacy, and security.
Future-proofing Security
As cyber threats continue to evolve, Secured-core PCs provide a solid foundation for ongoing security enhancements. Microsoft will likely introduce new security features and updates through firmware and software updates, keeping these devices up-to-date with the latest protection measures.
Implementing Secured-core PCs
To take advantage of the security benefits offered by Secured-core PCs, organisations must first carefully evaluate their hardware requirements and select devices that meet the specifications. It’s important to work closely with trusted hardware vendors and IT professionals – such as our experts at IT Corporation – to ensure proper configuration and deployment of these secure devices. Microsoft has partnered with leading PC manufacturers, such as Dell, HP, and Lenovo, to develop and offer Secured-core PC models. These devices have undergone rigorous testing and validation to ensure compliance.
While Secured-core PCs offer advanced security features, it’s important to note that they are not a panacea for all cyber threats. As such, organisations should still implement a comprehensive security strategy that includes regular software updates, strong access controls, employee training, and ongoing monitoring and incident response capabilities.
On the defensive
In the age of increasingly sophisticated cyber threats, Secured-core PCs represent a significant step forward in hardware-based security for Windows 11 devices. By combining hardware, firmware, and software security features, these devices provide a robust foundation for protecting sensitive data and critical systems. As businesses continue to prioritise cybersecurity, the adoption of Secured-core PCs can play a pivotal role in fortifying their defences and mitigating the risks associated with cyberattacks.
For more information on secured-core PCs or simply choosing the right hardware for your most sensitive data requirements, get in touch with the team at IT Corporation today.