Author: Kevin Alexandra, principal consultant at BeyondTrust
Organizations worldwide are still coming to grips with the migration from Windows 7 to Windows 10. As we draw closer to the January 2020 deadline, Microsoft is committing to a renewed focus on the enterprise and to unify the Windows experience across devices, from the phone in your pocket to the display in the boardroom. The update also addresses pre-breach threat resistance by removing or defending against the attack vectors used by the malware and hacking industry.
Although many are already capitalizing on the transition as a chance to strengthen their overall IT, and better protect endpoints for individual users, others are stalling.
In fact, earlier this year, Microsoft announced that 184 million commercial PCs are still running Windows 7 across the world — and that's excluding the People's Republic of China. But as the deadline for Windows 7 extended support draws to a close in 2020, it's important for IT professionals to prepare and become better informed on the implications of the migration for their business today.
Addressing Modern Security Challenges
Windows 10 is considered the most robust Windows operating system so far; therefore, it's little surprise that countless organizations trust in Microsoft's cloud-based modern management approach to facilitate heightened security and agile IT capabilities.
But mobile device management solutions mean that employees must have administrator rights to do their jobs on a daily basis — a potential security risk. So, while Microsoft is enabling organizations to deploy Windows 10 support and adopt modern management more easily, it's important that businesses understand that the operating system alone is unable to protect businesses from evolving threats.
To protect their organizations, CSOs, CISOs, and other IT security professionals need to think more strategically when migrating to Windows 10.
For example, in a survey of 500 global IT and cybersecurity professionals last year, vulnerable endpoints were the top security concern of migrating from Windows 7 to Windows 10 for 40% of respondents. Meanwhile, for all regions except the United Arab Emirates (UAE), the biggest challenge for securing remote workers and employees that leverage bring your own device (BYOD) on Windows 10 was ensuring that endpoints were secure. UAE respondents were most concerned with malware attacks.
These concerns are not misplaced, with many breaches arising due to employees working remotely and enjoying access to data from their own devices. To help mitigate this threat, CISOs should remove admin rights wherever possible and implement a thorough training program to ensure that employees understand why this is happening, along with the correct steps that must be taken to continually mitigate the threat of exposed endpoints.
Privilege or No Privilege?
There have been two main types of account — administrator and standard user — in every version of Windows to date, and Windows 10 is no exception. But with the knowledge that removing admin rights could mitigate 80% of all critical Microsoft vulnerabilities reported in 2017, the specific security threat that over privileged admin users pose to their businesses is clear.
Fortunately, the removal of admin privileges from employees is relatively simple on Windows 10. However, although this process does result in improved security, it can present some usability challenges. Because many day-to-day tasks and applications require admin rights, their loss can hamper a workforce's efficiency in carrying out their responsibilities.
This is a conundrum for businesses, which must aim for maximum security but also avoid locking too many users out of the systems they need. IT and security leaders must weigh this balancing act on a case-by-case basis and, if they do remove admin rights, ask which of their existing practices should be tweaked to avoid the challenges associated with them.
Optimizing the User Experience
Although Microsoft rolls out updates to its operating system twice yearly, its modern management still doesn't allow for a distributed set of employees to install key applications in a secure, user-friendly way. For example, when admin rights are taken away, IT staff can have difficulties in accessing the network and helping users to install software — ultimately detracting from the overall user experience.
But IT leaders should note that the transition to Windows 10 doesn't need to be a sprint. For example, by evaluating which devices require an upgrade, they can use previous operating systems for some areas of the business while simultaneously implementing Windows 10 for others. This will enable organizations to benefit from the security in Windows 7, for example, while also benefiting from the flexibility of newer systems.
The migration to Windows 10 is an opportunity for organizations worldwide to upgrade their Windows management. But it's vital that the flexibility that the new operating system offers is balanced with measures to maintain an organization's security against evolving threats.
According to the same research I cited earlier, more than half of the respondents believe their organization is ready for the Windows 10 migration, however, the other 44% are unsure about preparation plans or do not feel prepared. With just about four months to go for Windows 7 end of life, organizations must take proactive steps now. By thinking carefully about the points outlined in this article, IT leaders can plan a smooth transition to Windows 10.