Imagine that your host PC’s hard drive is ignored completely and it runs completely off the thumb drive. This is exactly what happens when using a WTG device, using the host PC’s hardware, minus its internal hard drives. You are essentially getting the full Windows 8 Enterprise OS to run on the external media. As such, it pretty much has the full set of capabilities as a regular Windows 8 system.
This prevents data leakage and not needing to worry of the state of the host machine if it’s virus-free or what-not. Interestingly though, you could still plug in other external drives on the host machine and those are made accessible. Of course, if the Windows To Go system needs to be more secure, corporate group policies can be applied from an IT admin level accordingly to control or restrict access to these drives.
Those deployed by enterprises will undoubtedly be equipped with BitLocker drive encryption technologies for a password key protector before the WTG device is unlocked to commence booting.
Of course, all this is only possible if the host system is configured to support booting from USB drives in the first place. This means, many publicly accessible systems like in a library, hotel and others are out of luck as more likely than not, they would have had those options disabled with a password barrier to even tamper the BIOS. So beware of this simple but important limitation on usability.
One small note on hibernation - this ability is disabled by default on WTG (which means you can manually override this if you choose to do so). The reasoning for this is to prevent a scenario when the WTG device is hibernated and you unplug it without realizing its state and plug it in to another system. This is a recipe for messing up the hibernated file on the device. To prevent this, Microsoft decided to disable hibernation on the WTG device.