The protection of personal data is playing an increasingly
important role in companies. For this reason, there are new features in
every new version of Windows Server, which allow administrators to protect
sensitive data optimally.
With
each new version of Windows Server, Microsoft offers new features that also
protect data on servers. Windows Server 2019 also enables new data to
store data reliably and securely.
Specially Protecting Data in VMs - Shielded VMs
With Windows Server 2016, Microsoft has used the Shielded VM
feature in Hyper-V. This feature allows you to encrypt and protect VMs so
that unauthorized administrators cannot access the data stored in the VM. The
Host Guardian Service ensures that VMs can only be started on the internal
network and that unauthorized persons - including administrators - do not have
access to the data stored in a VM.
The service also prevents malware, such as ransomware,
from accessing data. Protection is provided by a Trusted Platform Module,
which can also be virtualized in Windows Server 2019 (vTPM). The encryption is
based on Bit locker, which is also part of Windows Server 2019. In Windows
Server 2019, not only virtual Windows servers can be secured in this context,
but also Linux servers, which can also be operated as shielded VMs.
Windows Defender Advanced Threat Protection (ATP) in Windows
Server 2019
Microsoft
integrates the Windows Defender Advanced Threat Protection (ATP) cloud service
with Windows Server 2019, which enables servers to detect and eliminate malware
and attackers without identification files or virus definitions. The
service uses features from Microsoft Azure.
Privileged Access Management - foreclose admin registrations
In
order to protect data in an environment particularly, of course, the access
data of users and especially the access data of the administrators must be
protected. This has been done since Windows Server 2016 with Privileged
Access Management (PAM). With this technology, administrators only
gain access to systems as long as they need to. In addition, no
comprehensive rights are assigned, but the system only assigns the rights,
which must necessarily be for an administration task.
In
such an infrastructure, administrator accounts are operated in their own
forest. In the future, admins will no longer work with administrator
accounts in the Active Directory environment, but will receive a so-called Just
Enough Administration (JEA) access. It defines a set of CMDlets in
PowerShell, as well as an exact audience of objects needed for a particular
administrative operation.
Save data to SharePoint 2019 and Exchange 2019
Ideal
is the use of Windows Server 2019 together with the new versions of SharePoint
and Exchange. SharePoint 2019 integrates enterprise search to prevent data
loss. Users can search for sensitive content if they have permissions to
do so. The eDiscovery Center and Content Retention enables you to find
sensitive information in real time. SharePoint 2019 supports templates for
various sensitive information from various industries. These include
credit card numbers, social security numbers, bank account numbers, and others.
Sensitive information types can be identified based on pattern matching and are
easy to set up.
Administrators
can also use DLP policy templates to do this. For this purpose, a template can
be selected during setup and then based on this, a separate, customized DLP
guideline can be created. As part of adjusting DLP policies, rules can be
customized. DLP can also collaborate with other services in this area,
such as DLP in Exchange Online or local installations of Exchange Server 2019.
Container technology for more protection
Microsoft
has expanded its container technology into Windows Server 2019. With
Kubernetes, containers can be managed and offer much more security than
traditional virtual server installations. In addition, new server
services, such as SQL Server 2019, can also be run as containers, providing
more security, especially when storing and processing data. Here, too,
shows the advantage of using Windows Server 2019 and SQL Server 2019 together.
SQL Server 2019 can run on Windows servers and on Linux servers.
In
addition, SQL Server 2019 can also be used as a container via Docker. Here,
of course, Windows Server 2019 is an ideal basis, as here Docker and Kubernetes
can be shared. SQL Server 2019 has transparent data encryption (TDE). This
additionally offers suspend and resume functions. Simply put, running
transactions can be halted if the server is overburdened by encryption, and
then resume. Ideal is the operation on servers with Windows Server 2019.
Storage Migration Service and the Cloud - Using Microsoft Azure
The
Storage Migration Service in Windows Server 2019 makes it easier to migrate
share data to the new server version. The service can migrate shares and
their data as well as the user rights and other settings for the shares. Storage
Migration Service can not only handle local data, but also work in hybrid
environments. This allows data from different file servers, including
servers running Windows Server 2019, to be migrated to Microsoft Azure. Azure
File Sync can be used as target, as well as Azure Files, shares in the cloud
and parallel servers with Windows Server 2019. Storage Migration Service can be
a hub between different servers in all directions.
The
Storage Migration Service can also take over files and shares for which the
administrator has no access rights. It is important that the data is taken
over. Administrators do not need to have rights to view the data to be
transferred.
During
migration, Storage Migration Service can also take over all file attributes. This
includes encryption, compressed files and custom attributes. Also network
settings and the name of the server can be taken over. The next step is to
adjust the migration settings and transfer the data.
