This content is part of the Essential Guide: Enterprise mobile security smackdown: iOS vs. Android vs. Windows
Manage Learn to apply best practices and optimize your operations.

Windows 8 SkyDrive integration muddies the desktop management waters

Users' Microsoft accounts link Windows 8 and SkyDrive. It's a great feature for users, but connecting desktops and the cloud is a problem for admins.

The new integration between Windows 8 and SkyDrive raises data security concerns and blurs the lines between the desktop and the cloud.

Windows 8 users can log in to their desktop and Microsoft's cloud services with one sign-on, through their Microsoft account. The newness of Web authentication for desktops is a potential problem for IT, and the fact that Windows 8 is linked so closely with SkyDrive definitely doesn't lessen security concerns. Microsoft accounts and SkyDrive are geared toward end users, but admins are going to have to deal with them in the workplace.

How Windows 8 SkyDrive integration works

Windows 8 SkyDrive integration begins with the end user's Microsoft account, a single sign-on Web service that combines and rebrands various other Microsoft accounts, such as Hotmail and Windows Live. End users can log on to Windows 8 computers with their Microsoft accounts, which allows for seamless integration between the desktop and Microsoft's cloud services.

More on this topic

Once logged in to a computer with a Microsoft account, users can easily access SkyDrive's storage and multidevice synchronization features without having to log in to any other services. Syncing desktop settings with other computers is a snap; plus, users can remotely access files on their own PCs via SkyDrive's website, an action known as fetching. The Windows Store lets users download applications or view applications already installed on their PCs.

A Microsoft account on a Windows 8 computer is treated as a local user account. By default, the account is added to the local administrators group, which means the Microsoft account has full control over the system's hardware and software. Like any local user account, the Microsoft account cannot access Active Directory resources. Such a setup means that a Windows 8 computer essentially supports two authentication models: the Web-based model that relies on the Microsoft account and the Active Directory model that permits the computer to participate in the Windows domain.

The challenges of cloud integration

This seamless integration promises to simplify desktop, cloud and multidevice experiences, making end users more productive and efficient. But IT pros are no doubt wondering what it means for the enterprise.

The Microsoft account has local administrative privileges to a Windows 8 computer, which means the account can access any files on the machine, including those in other users' directories. The account even has access to offline Active Directory accounts stored as hashes in the machine's cache. Of course, this is not new to Windows 8, but the question remains whether a Web-based account adds another level of risk, especially given the support for fetching.

Data leakage also remains a concern as companies move into the era of cloud integration. When desktops are synchronized, the settings saved to the cloud include browser favorites and histories, as well as spell-check dictionaries. Could these histories point to confidential data? Could the dictionaries include names or other data that might violate privacy and security policies?

Then there's the issue of corporate documents. With a quick drag-and-drop, a user can save just about any file to the cloud. Yet the cloud's track record when it comes to protecting against hackers is hardly perfect: In the past year, Dropbox, Yahoo and LinkedIn have all had security issues, and user account data was compromised. If Hotmail accounts are hacked, users could lose access to their SkyDrive folders and be locked out of their own computers. Plus, cybercriminals could gain access to confidential information.

Finally, if Microsoft decides that the content users have in SkyDrive folders violates the terms of the user agreement, then the company can lock users out of their accounts. Because Microsoft has the right to police all content in its data centers, the company has full access to anything stored in the data centers -- even private folders in SkyDrive.

Moving into the cloud

Undoubtedly, the cloud offers many advantages to individual users and to the enterprise at large. It's not likely we'll be turning back from the cloud anytime soon. Administrators have no choice but to face the challenges that cloud integration presents.

Yet admins must still balance these advantages against issues such as compliance, confidentiality, data leakage and document management. They must also consider what it means to support both Web and Active Directory authentication models. The industry is still catching up with Web-based authentication despite the fact that Google's Chromebook and Apple's Mac OS computers use it. The question remains whether IT has the tools it needs to safely adopt this authentication model in the enterprise.

Many questions about the Windows 8 SkyDrive integration strategy persist, and until they've been properly answered administrators should give serious consideration regarding whether they'll permit Microsoft account logins on their Windows 8 machines. If a company decides to allow Microsoft account logins, IT must make sure that the necessary policies to govern usage are in place. A lot more is at stake than Microsoft's strategy for a cloud-centric universe.

Dig Deeper on Microsoft Windows phones and tablets

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.