Why Should You Lock Down Windows 10 IoT?

Avoid the blue screen

Aslan Kukunyants, Software Development Architect

Do your IoT devices need to be locked down? Certain Windows IoT features, including Windows 10 IoT Enterprise, include the potential for lock down, but not everyone needs or wants to use this. In this article, we discuss what it means to lock down a Windows IoT device, why certain organizations choose to do so, and how Bsquare can help your company get started.

What is lockdown for a Windows IoT device?

Lockdown technology isn’t a single product. It’s a set of tools that allows you to lock down an operating system so end users won’t see the underlying system when they use the device (essentially the look and feel of an appliance). These tools allow you to customize what the result of a lockdown will be, from protecting physical storage with Unified Write Filter (UWF) to encrypting the entire drive with BitLocker.

Many industries benefit from locking down their devices. For instance, customer-facing devices like ATMs are often locked down to provide a simple, uniform UI to users. This also helps avoid potential pitfalls with Windows operating system errors. Utilizing Shell Launcher allows the device to boot into a single application, known as kiosk mode. Medical devices also rely on lockdown features to remain within strict FDA regulations and avoid Windows updates that could break the system.

With over a dozen tools at your disposal, these configurations only begin to scratch the surface of what is possible with lockdown.

What are the benefits of lockdown?

Unlike other aspects of creating and maintaining an IoT system, lockdown is generally something you can do once and then forget about until you’re upgrading your entire device. This means you don’t need to worry about having a tech expert on hand to help you maintain it. Locking down a device also doesn’t just benefit the end user; it can help you save money while keeping your devices safer.

For example, the Unified Write Filter (UWF) allows you to prevent all writes to the device disk. Essentially, it protects your physical storage media from the write operation by rerouting write operations to the virtual overlay. By pushing everything to RAM, rather than the hard drive itself, you will get faster performance and a reduced risk of corruption. This helps preserve the lifespan of physical devices.

Lockdown can also serve as an additional layer of security, preventing malicious attacks based on the original Windows operating system.

How to get started with lockdown

At Bsquare, we’re prepared to help you figure out a lockdown configuration that best suits the unique needs of your device and customers. From understanding your goals for end-use to gaining an awareness of your ratio of mechanical failures and corruptions, we can help you use over a dozen tools in Windows IoT to create a lockdown solution.

To learn more about Windows IoT lockdown or our other services, contact Bsquare today.