County gives staff secure remote access with Windows to Go
- By Stephanie Kanowitz
- Jun 10, 2014
The director of the Platform Technology Division in Fairfax County, Va., is working to make 70 percent of his workforce mobile. To do it, Jeffrey Porter looking beyond just assigning laptops, tablets and smartphones and enabling bring-your-own-device policies. He’s finding success with Windows to Go, a bootable, certified USB drive from Microsoft that lets employees take their work computers anywhere while still being controlled and maintained by the information technology department.
“We’re promoting new hardware devices,” Porter said during a presentation titled, “Secure Mobile Workspaces – Next Generation Desktops Empowering Agile Government,” at the FOSE trade show last month. “Whatever works for your workforce, we have to be more adaptable in IT to really meet that demand.”
Windows to Go, a new feature of Windows 8.1 Enterprise, is an image installed on a flash drive that – when booted on a host machine – transforms it into a Windows 8.1 desktop, fully controlled and managed via an agency’s existing tools. Windows to Go runs natively on the machine it’s being booted from and adapts to it, Porter said. It works on PCs, laptops, tablets and Apple Mac products, although it’s not certified for use on the latter.
Like most government IT managers, security is a top priority for Porter. So his Windows to Go users must answer myriad security questions to access the operating system.
To activate the program, users are first asked for their BitLocker password, he said, referring to a Microsoft drive encryption feature. “These devices being this small – this is your actual machine now – they’re going to get lost. But if someone picks it up, they need to know your BitLocker password to get into it.”
When users get to the boot screen, they are asked for their user name and password. After clearing that, users can surf the Internet. To get access to agency applications, they still have to submit two-factor authentication, which gives them network access through a secure virtual-private network tunnel that uses Microsoft Direct Access.
Previously, Porter’s departmental users tapped into office systems through Citrix Systems’ remote access products, but that meant having two machines running simultaneously and differently.
“This way, the desktop looks the same whether at home, in the hotel or wherever,” he said. It transforms the user’s Windows XP or Windows Vista or Windows 7 machine into a Windows 8 corporate image.
Similarly, Porter once let contractors connect to county machines or loan out devices. Now he distributes Windows to Go, eliminating the risk of having contractors load unwanted applications onto a county device. And when a user no longer needs access through Windows to Go, Porter’s team can shut down the device.
There are other advantages. After the image is on the flash drive, corporate updates will be automatically applied to the stick, he added. “Anti-virus is on there as well. This is a full-fledged machine, fully secure.”
Windows to Go effectively replaces the hard drive of the host machine with the USB, giving IT departments more control over teleworkers and mobile workers because they can manage the drive and the policies and applications on it, said Larry Hamid, chief architect at IronKey, which is part of Imation Corp., a data storage and information security company that sells Windows to Go. Think of it as the next step in the BYOD movement, he said, except instead of bringing personal devices to the workplace, you bring the workplace to your home computer.
“Every brand has its own type of video card, sound capabilities, keyboard, mouse, microphone – things that are very useful for your users’ experience,” Hamid said at the FOSE presentation. “If you didn’t adapt to these machines – and you just ran a regular operating system without caring about the hardware – you’d get a rather poor experience. You might not get a high resolution on your graphics, you might not get sound working, you may not get some of the input devices like microphones working. And that could be a problem.”
Still, the push for small mobile devices will get workers only so far, he said.
“At the end of the day, if you have to actually produce a document or edit a spreadsheet, you need something with a big screen and a keyboard,” Hamid said. Because of that, “some analysts predict that maybe in two years, half of enterprise customers will actually have a policy where they want their employees to use their own computers.”