The following is a guest article from Jon Rolls, vice president of product management at Ivanti.
Microsoft’s dramatic shift from Windows 7 to Windows 10’s new era of somewhat manic updates is certainly causing a few headaches with CIOs.
In just a few months, Windows 10 will mark its second anniversary and although one might be hard pressed to find a CIO over the moon about transitioning to the Windows 10 OS, the reality is Windows 7 is on its way out. Microsoft is winding down support, and CIOs and the IT community are facing the reality that Windows 7 simply isn’t equipped to handle today’s seemingly endless forms of cyberattacks.
Windows 10 does have a list of security features to thwart malware, ransomware and hackers, noting that it has changed the OS architecture to essentially make it more attack-proof, rather than adding on defenses to a previous OS.
The message is that your best bet to protect against cybercriminals is to move to Windows 10. By adopting it you’ll benefit from Windows Defender, which is built into the OS, and automatically scans for threats whenever a user account control request is made.
You’ll also receive 'virtualization-based security' protection to isolate sensitive Windows functions and data in the event the kernel mode of the host OS is compromised.
Windows 10 is more complex, more critical in terms of correctly deploying the new security features, and, in a sense, more frantic in the number of patches and branches it has already promulgated in less than two years.
CIO’s, at this relatively early stage of adoption, would be best served by taking an active role in working with IT to get better control over Windows 10, including its updates and patches. The most complete security offense requires timely patch management in addition to the architectural improvements Microsoft has made.
In addition to security improvements, IT would like to find ways to avoid this constant state of migration that has been Microsoft’s Windows dynamic for some time. To help alleviate migration headaches, consider these best practices:
1. Start with the user
Enterprises most likely are running more than one OS version, creating a transition nightmare for IT staff transitioning workers from, for example, Windows 7 to Windows 10.
To stop this constant turmoil, consider decoupling the user from the underlying system. A user environment management (UEM) approach gives IT the ability to migrate a user’s profile and data to new devices or a new OS.
This eliminates the typical tedious migration, which likely has led to user frustration, and non-productive downtime in the past. From the first moment a user logs in they are presented with a familiar desktop environment, resulting in a better experience and less helpdesk calls.
2. Simplify user file data management
Further support users by enabling simple, secure, access, sync and sharing of enterprise files, regardless of where they live. Whether stored in file servers or Microsoft SharePoint, user files can be in sync at all times, from any device, providing a productive user experience.
3. Put efficiency on top
Users are less resistant to a migration when they know what’s coming and can have input into the scheduling of changes to their machine.
Automating the migration process enables IT to schedule migration events and communicate with end users about upcoming changes. If the end user wants to change a migration date, automation can handle that with no impact on IT time. Automation can also be used to send links to the user about more training available, and create an audit trail for approvals.
4. Set priorities for migration
IT teams need to understand what’s happening on their endpoints before migration. IT can identify and preserve applications, utilities, websites, favorites, virtualized apps, printer and drive mapping and other tools that support what workers need to do their job.
At the same time, this ensures users are not waiting around for applications to load that are irrelevant to their work. Also think about creating pilot environments to test and measure application performance to identify deployment issues before migration.
5. Think consistency
Further ease migration by providing a consistent user experience between physical, virtual and cloud-delivered desktops. Think about end-to-end UEM technology solutions that enable IT to more effectively manage application privilege control, white listing and other policies across all desktops and devices.
6. Further tighten security
Windows 10 patches must be managed in a timely, efficient manner to reap more security benefits. The first order of business is for IT to put into action a process for identifying, evaluating, deploying and managing the patches for the most critical systems and applications.
Establishing and automating consistent policies for patching the enterprise’s assets — even those that are mobile, remote or asleep — gives IT a fighting chance against cybercriminals and protecting the investment in the enterprise-wide migration to Windows 10.
Another means of strengthening security is enforcing access controls at the endpoint. The least privilege principle achieves this by applying just the right level of granular administrative rights without negatively impacting the user experience or workflow.
These best practices need to be combined with constant vigilance on new security and update information coming from Microsoft, and creating the best alliance possible with IT to fight cyberattacks. Fortunately, technology exists to avoid being stuck in a constant state of migration, while improving the productivity and performance of your users.