The recent WannaCry ransomware attacks were a shock to the system for IT departments still relying on legacy software. The scope of the attacks spanned 150 countries and took a number of institutions offline. In the midst of the buzz around this unprecedented attack, it’s important to note one thing: this was not a new threat. This particular strain of malware was known to the NSA. This takes us back to previous worms like Blaster (2003), Welchia “Nachi” (2003), and Conflicker (2008) which spread via well known flaws in Microsoft Windows. And in the past few days, the Petya ransomware is spreading across Europe and crippling airports and government departments. Clearly, business networks remain exposed.
One of the main reasons for the breach was the number of organisations still working on outdated versions of the Windows operating system. A freedom of information request from last December revealed that 90 per cent of NHS trusts were still running Windows XP, for which Microsoft stopped technical support three years ago. Organisations are putting their networks at risk and it has become abundantly clear that it is all too easy for cybercriminals to target them.
Windows 7 is currently the most used desktop operating system, with a market share of nearly 50 per cent. Microsoft is set to end-of-life Windows 7 in 2020, so every company will need to upgrade to Windows 10 to ensure they have access to the latest security updates.
Now is the time to rethink security policies, while IT departments are eager to set the wheels in motion on upgrades. Eventually, enterprises will ditch legacy processes and tools in favour of more efficient, less expensive security technologies built for Windows 10 PCs.
So what are the key considerations for IT departments looking to upgrade?
Survey your landscape
Over the last twenty years, the office has evolved. Today’s employees work on a number of devices, from mobile phones to desktops, and in a variety of environments. Not all of these devices are on the LAN, or even owned by the organisation.
This is by no means a bad thing when it comes to cybersecurity. Heterogeneous environments made up of a variety of systems including Android, iOS, Linux, MacOS, and Windows make it more difficult for malware to spread. No OS is immune but, often, malware that affects one OS is harmless to another. This means that the infected systems can be disconnected from the network, allowing for business continuity while the issue is resolved.
IT has tried to manage this tangle of devices, apps, and networks through a costly and inefficient hybrid model in which PCs are managed by legacy Windows client management tools (CMT) and mobile devices via newer ones like enterprise mobility management (EMM).
Windows 10 presents a new opportunity. The new architecture means greater security and flexibility in the enterprise, enabling IT departments to migrate desktops from CMTs to EMM solutions for desktop management. Leading analyst firms Gartner, IDC and Forrester all hail these platforms as the modern approach to manage PCs and mobile devices with the same software, while dramatically reducing total cost of ownership (TCO).
Drive down cost and complexity
Two challenges with company-wide OS upgrades is that they are complex and expensive. Leveraging EMM for PC management addresses both cases. Most IT teams will already have a system in place to manage mobile devices. As they plan for the upgrades to Windows 10, they can leverage EMM to powerfully and pragmatically dovetail both PC and mobile management, resulting in significant TCO reductions.
Using EMM allows enterprise to eliminate high-touch processes like image management. This provides a one-two punch that benefits both IT and end-users. IT saves time by not having to create, deploy and update a system image for each type of hardware they create. End-users can pick the hardware they want from a variety of vendors and IT can tailor the configurations, from defining settings, to deploying applications, even removing apps, all over the air. End-users can use the right hardware form factor for their job rather than a one-size-fits-all form factor delivered from IT.
EMM, combined with the recently introduced Windows Information Protection, provides segmentation between work data and personal data. While WIP is still new and evolving, it provides the potential to end users to use personal applications on work devices and opens the door for bring your own device (BYOD) PC deployments if the enterprise desires. The reason is that EMM establishes a data boundary between work and personal information on a desktop, so that sensitive corporate data is secured while maintaining the privacy of an employee’s personal data. This means that IT won’t have to fully wipe a BYOD endpoint to remove corporate data.
EMM also provides flexibility for work styles, allowing end users to work anywhere, anytime. That’s because EMM updates policies, apps, and configurations in real-time even when a desktop is on a network outside of the corporate enterprise. This approach is opposite to the traditional CMT approach which requires the desktop to be joined to the domain and may also require user login or VPN activation for policies to be updated.
Finally EMM has a much better user experience across multiple OSs including Android, iOS and Windows 10. Employees gain the control and choice they expect, which makes them more productive and happy.
Windows 10 ushers in modern endpoint security
Eight years ago, when Microsoft released Windows 7, there was a collective groan. IT departments yet again had to update their IT estates and address new but familiar OS vulnerabilities. This was especially frustrating as Microsoft soon stopped supporting XP.
With Windows 10, traditional legacy computing models are rapidly becoming outdated and inadequate, as the WannaCry global disaster has shown. The updates to Windows 10’s architecture means it is the best OS to address the growing demands of the mobile workforce. With its real time policy management, support of BYOD policies and improved user interface IT departments will notice a significant uptake in how they monitor their IT estate.
But more important are the cost savings. Implementing an EMM solution that comprehensively monitors all devices, including desktops, can mean huge savings – as much as 80 per cent - against the TCO of legacy CMT systems.
Sean Ginevan, Senior Director of Strategy, MobileIron
Image Credit: Jeshoots / Pixabay