Servers & Systems: The Right Compute

Secure your server operating system with a Windows Server upgrade

Security for your small business starts with a consistent patching program, but it also relies on security innovations in the server operating system. Windows Server 2019 delivers on both fronts.

HPE-Windows Server-security-blog.jpgFew small business IT topics are discussed as frequently, or with as much concern, as cybersecurity. Remaining patched and keeping your security technology up-to-date is critical, especially for your server operating systems. Compromised operating systems can have significant ramifications for your entire business.

However, patching becomes impossible if developer support for a platform ends. Similarly, older systems simply don't have the built-in security tools necessary to protect organizations from modern exploits. The good news is that Windows Server 2019 offers you several advanced security features along with up-to-date Microsoft support, making it an excellent asset to help keep your business safe and secure.

The importance of patching

No code is perfect. No software package ever written or service ever hosted has zero bugs—that's simply impossible. And some of those bugs may have security implications that could damage the hardiness and overall integrity of your system.

Whether it is an operating system bug, an application bug, a mistake in a driver for some hardware on your system, or anything else, bugs are uncovered, repaired, and patched everywhere, all the time. This is part of what a vendor owes you. But when a platform grows old enough, it becomes impractical—let alone unprofitable—for the vendor to dedicate developer resources to research, fix, and deploy patches for bugs, even if they introduce security problems.

Microsoft has announced that support for Windows Server 2008 and R2 will end in 2020. Among other things, they won't be providing any more security patches after that date.

What happens if you don't patch? You run an extremely high risk of getting infected with malware—whether it's ransomware that encrypts all of your files, listening malware that intercepts your keystrokes and transmissions, or basic spammy malware that turns your machine into a bot controlled by overseas actors. This fact applies to desktops and server operating systems alike.

Patching is critical. Therefore, using an operating system and application platform that are regularly patched is also critical. If you're still on Windows Server 2008, it's time to update, or you'll risk being overtaken by malware.

What Windows Server 2019 brings to the table

Windows Server 2019 provides an updated operating platform for your applications, with security support promised through the year 2024. But along with patches, it has several advanced security features. Here are three that are arguably the most important to small businesses.

1. "Just in time, just enough administration"

This concept, informally known as JITJEA, eliminates general administrator accounts that have universal permissions (account types that are frequently targeted in attacks and breaches). Instead, normal user accounts receive tokens that elevate the level of those accounts' privileges just long enough, and with just enough scope, to accomplish whatever privileged task needs to be done.

In Windows Server 2019, all built-in applications and system components support the "just enough access privilege" concept. None of your employees ever need to have keys to the kingdom all the time, so your systems remain secure even if a particular user's credentials are compromised.

2. Windows Defender Advanced Threat Protection

Advanced threat protection, or ATP, is new to Windows Server 2019. It's an active malware monitor that not only scans for traditional viruses, but also monitors secure areas of the operating system for unusual activity or suspicious presences that could indicate a security breach. This feature is unlocked with a subscription to Microsoft Azure and is managed mostly through the new Windows Admin Center, which was discussed in a previous post.

Additionally, Windows Server 2019 offers Windows Defender Exploit Guard, which aims to block the types of behavior that malware uses to infect a system, even if the malware itself has not yet been identified and quarantined. This feature makes your system more secure than ever by monitoring for potential threats and nefarious behavior and blocking it before it does any damage.

3. Shielded virtual machines with Linux support

When an environment is virtualized, it's possible for entire virtual machines to be captured by hackers and siphoned off to another location. Hackers could also steal your virtualization host and transfer your VMs to a computer controlled by bad actors. If that happened, the hacker would have direct access to everything on your VMs.

With shielded VMs, however, your VMs only run on a specific virtualization host, which undergoes regular checks to make sure it hasn't been tampered with. If the host for a VM changes, the shielded VM simply will not boot. Your security profile improves literally overnight with the implementation of a shielded virtual infrastructure. Additionally, the shielded VM feature in Windows Server 2019 supports Linux along with Windows as a guest OS, so you can secure more of your VMs.

The last word: Rely on server operating systems with the security you need

Security starts with a strong, consistent patching program, but it also relies on updated tech that provides the security innovations your small business needs. Windows Server 2019 delivers on both of these fronts.

Interested in upgrading to Windows Server 2019? Discover how Gen10 servers from Hewlett Packard Enterprise can help you get the most from your Windows Server upgrade.

Discover affordable IT solutions for your businessSMB for Dummies.jpg

Ready to take the next step? Check out the SMB Hybrid IT for Dummies Guide. Because there are no “dumb” questions!

Or are you ready to purchase? Visit the HPE Store.




Meet Server Experts blogger Jonathan Hassell, Owner, Salt Rose Marketing LLC. Jonathan Hassell runs Salt Rose Marketing, a technical writing and consulting firm based in Charlotte, N.C. He's also an editor for O'Reilly Media, specializing in content within the data space.


Server Experts
Hewlett Packard Enterprise

twitter.gif @HPE_SMB


0 Kudos
About the Author


Our team of Hewlett Packard Enterprise server experts helps you to dive deep into relevant infrastructure topics.