Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

5/15/2019
10:30 AM
Kevin Alexandra
Kevin Alexandra
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Windows 10 Migration: Getting It Right

The transition to Windows 10 doesn't need to be a sprint. Organizations can still take advantage of the security in Windows 7 while gaining added management flexibility from the newer OS.

Organizations worldwide are still coming to grips with the migration from Windows 7 to Windows 10. Although many are already capitalizing on the transition as a chance to strengthen their overall IT and better protect endpoints for individual users, others are stalling.

Earlier this year, Microsoft announced that 184 million commercial PCs are still running Windows 7 across the world — and that's excluding the People's Republic of China. But as the deadline for Windows 7 extended support draws to a close in 2020, it's important for IT professionals to prepare and become better informed on the implications of the migration for their business today.

With this in mind, we've identified some of the key things that organizations should consider when transitioning to Windows 10.

Recognize Modern Security Challenges
Windows 10 is considered the most robust Windows operating system so far; therefore, it's little surprise that countless organizations trust in Microsoft's cloud-based modern management approach to facilitate heightened security and agile IT capabilities.

But mobile device management solutions mean that employees must have administrator rights to do their jobs on a daily basis — a potential security risk. So, while Microsoft is enabling organizations to deploy Windows 10 support and adopt modern management more easily, it's important that businesses understand that the operating system alone is unable to protect businesses from evolving threats.

To protect their organizations, CSOs, CISOs, and other IT security professionals need to think more strategically when migrating to Windows 10.

For example, in a survey of 500 global IT and cybersecurity professionals last year, vulnerable endpoints were the top security concern of migrating from Windows 7 to Windows 10 for 40% of respondents. Meanwhile, all regions except the United Arab Emirates claimed that the biggest challenge for securing remote workers and employees that use their own devices on Windows 10 was ensuring that endpoints are secure.

These concerns are not misplaced, with many breaches arising due to employees working remotely and enjoying access to data from their own devices. To help mitigate this threat, CISOs should remove admin rights wherever possible and implement a thorough training program to ensure that employees understand why this is happening, along with the correct steps that must be taken to continually mitigate the threat of exposed endpoints.

Privilege or No Privilege?
There have been two main types of account — administrator and standard user — in every version of Windows to date, and Windows 10 is no exception. But with the knowledge that removing admin rights could mitigate 80% of all critical Microsoft vulnerabilities reported in 2017, the specific security threat that overprivileged admin users pose to their businesses is clear.

Fortunately, the removal of admin privileges from employees is relatively simple on Windows 10. However, although this process does result in improved security, it can present some usability challenges. Because many day-to-day tasks and applications require admin rights, their loss can hamper a workforce's efficiency in carrying out their responsibilities.

This is a conundrum for businesses, which must aim for maximum security but also avoid locking too many users out of the systems they need. IT and security leaders must weigh this balancing act on a case-by-case basis and, if they do remove admin rights, ask which of their existing practices should be tweaked to avoid the challenges associated with them.

Getting the User Experience Right
Although Microsoft rolls out updates to its operating system twice yearly, its modern management still doesn't allow for a distributed set of employees to install key applications in a secure, user-friendly way. For example, when admin rights are taken away, IT staff can have difficulties in accessing the network and helping users to install software — ultimately detracting from the overall user experience.

But IT leaders should note that the transition to Windows 10 doesn't need to be a sprint. For example, by evaluating which devices require an upgrade, they can use previous operating systems for some areas of the business while simultaneously implementing Windows 10 for others. This will enable organizations to benefit from the security in Windows 7, for example, while also benefiting from the flexibility of newer systems.

Conclusion
The migration to Windows 10 is an opportunity for organizations worldwide to upgrade their Windows management. But it's vital that the flexibility that the new operating system offers is balanced with measures to maintain an organization's security against evolving threats. By thinking carefully about the points outlined in this post, IT leaders can plan a smooth transition to Windows 10.

Related Content:

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Kevin Alexandra is an experienced Technical Consultant who has been working in the IT industry since he was 13. Kevin combines his passions of technology, learning, and sharing to help BeyondTrust customers globally navigate the ever-changing space so they can make informed, ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
5/15/2019 | 12:13:33 PM
Comparison - XP to 7
That was a major headache as you could not "migrate" per se, but new instlall all the way and it took some time for our good friend XP to be banished to the hills.  About 2 or 3 years after it was dead, still running in many places and I would imagine so today.  Microsoft learned the lesson about Migration and the free option about 18 months ago was a smart idea.  I have a ghost image of my home sys saved whenever i want to rebuild to current status, which would take some work but not much.   So it is not as demanding as XP to 7 was by virtue of the software itself.  That said there are radical desktop differences between 7 and 10 so you have to train staff and make adjustments.  It is not an easy switch on this level.  So, it will proceed but at a slow pace. 

User adjustment will be the big issue.  Training would help alot.  
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
Unreasonable Security Best Practices vs. Good Risk Management
Jack Freund, Director, Risk Science at RiskLens,  11/13/2019
Breaches Are Inevitable, So Embrace the Chaos
Ariel Zeitlin, Chief Technology Officer & Co-Founder, Guardicore,  11/13/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19010
PUBLISHED: 2019-11-16
Eval injection in the Math plugin of Limnoria (before 2019.11.09) and Supybot (through 2018-05-09) allows remote unprivileged attackers to disclose information or possibly have unspecified other impact via the calc and icalc IRC commands.
CVE-2019-16761
PUBLISHED: 2019-11-15
A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the [email protected] npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. All versions >1.0...
CVE-2019-16762
PUBLISHED: 2019-11-15
A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slpjs npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. Affected users can upgrade to any...
CVE-2019-13581
PUBLISHED: 2019-11-15
An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A heap-based buffer overflow allows remote attackers to cause a denial of service or execute arbitrary ...
CVE-2019-13582
PUBLISHED: 2019-11-15
An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A stack overflow could lead to denial of service or arbitrary code execution.