How BYOD visibility can help securely onboard Windows 10 devices

Microsoft’s decision to make Windows 10 a free upgrade means that, according to industry analysts, more than 350 million Windows machines are expected to be on Windows 10 within the next 12 months. This can create a huge gap between enterprise IT teams and employee devices.

While “free” has accelerated the adoption of Windows 10, what truly sets this release apart from others is that Microsoft plans to expand Windows 10 to an unlimited number of devices via the “Internet of Things” (IoT). IoT is becoming an increasing topic of conversation both in and outside of the workplace, in particular in discussions around how to secure these connected devices.

Couple IoT with the growing presence of BYOD (Bring Your Own Devices) and enterprises are facing a much larger issue - how do you securely manage the onslaught of virtually invisible devices that are connecting to your corporate network?

Traditional endpoint security management requires an agent running on the device for the IT operations team to be able to detect it. Since users will be upgrading their personal devices to Windows 10 on a massive scale – and therefore will not have agents – IT administrators need a way to identify, evaluate and secure all the new Windows 10 endpoints that are connecting to their networks. Security through agentless visibility empowers IT to be able to see how many endpoints are accessing the enterprise network and be proactive about only allowing compliant devices to access valuable applications and data.

Windows 10 provides a seamless experience across various device types, and while BYOD is convenient for employees, it can cause a real nightmare for IT organisations. The truth that can’t be ignored is that BYOD is here to stay and steps must be taken to safely embrace it. To provide a secure network, enterprises must include:

  • Agentless visibility: Relying on IT man-power to handle threats on both managed and unmanaged (agentless) devices isn’t scalable as cybercriminal sophistication increases. Simply throwing people at it isn’t fiscally responsible, nor can it guarantee full visibility into all devices.
  • Secure network access: Organisations need to enforce network access based on user, device and security posture so they can implement best-practice network segmentation for guests, contractors, business partners and employees. This allows organisations to onboard Windows 10 devices brought by guests, employees and vendors in a secure manner and provide them access to only the network resources they require to remain productive. If you are somehow able to get your arms around your employee’s personal and company-issued devices, you’d be remiss to ignore the potential threat of visiting vendors, interviewees, and delivery personnel.
  • Shared Information: Organisations need to ensure that Windows 10 endpoints are compliant with their security policies and can share real-time context about Windows 10 devices with their existing SIEM (Security Information and Event Management), NGFW (Next Generation Firewall), EPP (Endpoint Protection) and patch management systems.

Securing an enterprise computing environment is no simple task. Most networks today include an accumulation of security products added over time, layered on top of each other vertically and laterally. Add the challenge of IoT, BYOD and free upgrades, such as the Windows 10 release, and the result is a complicated infrastructure where full protection from cyberattacks is a daunting task.

Attempting to buy time by enforcing a company policy of not allowing employees to upgrade to Windows 10 isn’t a realistic option either. Upgrades of this nature have become the norm and it’s better to embrace than fight the growing trend. The last two years show that no matter how robust the external defences, a determined and persistent adversary can find a way to infiltrate a corporate network.

Investing in a security solution that provides agentless visibility, secure network access and shared information that breaks down security silos is the best approach to keeping adversaries at bay while allowing your employees to keep their devices current with latest and greatest technologies.

In addition, it prepares IT organisations to securely address new types of devices, such as the IoT, that are showing up daily on their corporate networks. Empowering IT teams to see and secure all devices connecting to their networks is the real key to keeping your data safe.

Rob Greer, SVP Products & Marketing, ForeScout Technologies

Photo credit: Stanislaw Mikulski / Shutterstock