Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

5/15/2019
10:30 AM
Kevin Alexandra
Kevin Alexandra
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Windows 10 Migration: Getting It Right

The transition to Windows 10 doesn't need to be a sprint. Organizations can still take advantage of the security in Windows 7 while gaining added management flexibility from the newer OS.

Organizations worldwide are still coming to grips with the migration from Windows 7 to Windows 10. Although many are already capitalizing on the transition as a chance to strengthen their overall IT and better protect endpoints for individual users, others are stalling.

Earlier this year, Microsoft announced that 184 million commercial PCs are still running Windows 7 across the world — and that's excluding the People's Republic of China. But as the deadline for Windows 7 extended support draws to a close in 2020, it's important for IT professionals to prepare and become better informed on the implications of the migration for their business today.

With this in mind, we've identified some of the key things that organizations should consider when transitioning to Windows 10.

Recognize Modern Security Challenges
Windows 10 is considered the most robust Windows operating system so far; therefore, it's little surprise that countless organizations trust in Microsoft's cloud-based modern management approach to facilitate heightened security and agile IT capabilities.

But mobile device management solutions mean that employees must have administrator rights to do their jobs on a daily basis — a potential security risk. So, while Microsoft is enabling organizations to deploy Windows 10 support and adopt modern management more easily, it's important that businesses understand that the operating system alone is unable to protect businesses from evolving threats.

To protect their organizations, CSOs, CISOs, and other IT security professionals need to think more strategically when migrating to Windows 10.

For example, in a survey of 500 global IT and cybersecurity professionals last year, vulnerable endpoints were the top security concern of migrating from Windows 7 to Windows 10 for 40% of respondents. Meanwhile, all regions except the United Arab Emirates claimed that the biggest challenge for securing remote workers and employees that use their own devices on Windows 10 was ensuring that endpoints are secure.

These concerns are not misplaced, with many breaches arising due to employees working remotely and enjoying access to data from their own devices. To help mitigate this threat, CISOs should remove admin rights wherever possible and implement a thorough training program to ensure that employees understand why this is happening, along with the correct steps that must be taken to continually mitigate the threat of exposed endpoints.

Privilege or No Privilege?
There have been two main types of account — administrator and standard user — in every version of Windows to date, and Windows 10 is no exception. But with the knowledge that removing admin rights could mitigate 80% of all critical Microsoft vulnerabilities reported in 2017, the specific security threat that overprivileged admin users pose to their businesses is clear.

Fortunately, the removal of admin privileges from employees is relatively simple on Windows 10. However, although this process does result in improved security, it can present some usability challenges. Because many day-to-day tasks and applications require admin rights, their loss can hamper a workforce's efficiency in carrying out their responsibilities.

This is a conundrum for businesses, which must aim for maximum security but also avoid locking too many users out of the systems they need. IT and security leaders must weigh this balancing act on a case-by-case basis and, if they do remove admin rights, ask which of their existing practices should be tweaked to avoid the challenges associated with them.

Getting the User Experience Right
Although Microsoft rolls out updates to its operating system twice yearly, its modern management still doesn't allow for a distributed set of employees to install key applications in a secure, user-friendly way. For example, when admin rights are taken away, IT staff can have difficulties in accessing the network and helping users to install software — ultimately detracting from the overall user experience.

But IT leaders should note that the transition to Windows 10 doesn't need to be a sprint. For example, by evaluating which devices require an upgrade, they can use previous operating systems for some areas of the business while simultaneously implementing Windows 10 for others. This will enable organizations to benefit from the security in Windows 7, for example, while also benefiting from the flexibility of newer systems.

Conclusion
The migration to Windows 10 is an opportunity for organizations worldwide to upgrade their Windows management. But it's vital that the flexibility that the new operating system offers is balanced with measures to maintain an organization's security against evolving threats. By thinking carefully about the points outlined in this post, IT leaders can plan a smooth transition to Windows 10.

Related Content:

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Kevin Alexandra is an experienced Technical Consultant who has been working in the IT industry since he was 13. Kevin combines his passions of technology, learning, and sharing to help BeyondTrust customers globally navigate the ever-changing space so they can make informed, ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
5/15/2019 | 12:13:33 PM
Comparison - XP to 7
That was a major headache as you could not "migrate" per se, but new instlall all the way and it took some time for our good friend XP to be banished to the hills.  About 2 or 3 years after it was dead, still running in many places and I would imagine so today.  Microsoft learned the lesson about Migration and the free option about 18 months ago was a smart idea.  I have a ghost image of my home sys saved whenever i want to rebuild to current status, which would take some work but not much.   So it is not as demanding as XP to 7 was by virtue of the software itself.  That said there are radical desktop differences between 7 and 10 so you have to train staff and make adjustments.  It is not an easy switch on this level.  So, it will proceed but at a slow pace. 

User adjustment will be the big issue.  Training would help alot.  
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
Sodinokibi Ransomware: Where Attackers' Money Goes
Kelly Sheridan, Staff Editor, Dark Reading,  10/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18214
PUBLISHED: 2019-10-19
The Video_Converter app 0.1.0 for Nextcloud allows denial of service (CPU and memory consumption) via multiple concurrent conversions because many FFmpeg processes may be running at once. (The workload is not queued for serial execution.)
CVE-2019-18202
PUBLISHED: 2019-10-19
Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests.
CVE-2019-18209
PUBLISHED: 2019-10-19
templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer.
CVE-2019-18198
PUBLISHED: 2019-10-18
In the Linux kernel before 5.3.4, a reference count usage error in the fib6_rule_suppress() function in the fib6 suppression feature of net/ipv6/fib6_rules.c, when handling the FIB_LOOKUP_NOREF flag, can be exploited by a local attacker to corrupt memory, aka CID-ca7a03c41753.
CVE-2019-18197
PUBLISHED: 2019-10-18
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclo...