Microsoft will terminate support for Windows 7 on January 14, 2020. That may seem far off, but the clock is ticking – and security and IT teams have sixteen months to figure out a plan.
Many businesses already have the ball rolling, notes Andrew Hewitt, Forrester analyst serving infrastructure and operations professionals, who says the upcoming end-of-life "is a major point of focus for a lot of organizations I'm working with right now."
Hewitt points to "a massive push toward Windows 10" as organizations prep for Microsoft to terminate Windows 7 support. However, different businesses are approaching the Windows 10 upgrade in different ways, which largely depend on their size and maturity, he says.
Windows 10 readiness varies widely. More than half of respondents in a recent survey by Avecto say they're ready for the migration; however, 44% are unsure about their plans or feel unprepared. Part of the problem is awareness: 30% think the end of life for Windows 7 has already occurred, and only 30% knew the date of Microsoft's planned termination, according to the report, which polled 500 IT and security pros on their preparedness to upgrade to the new OS, as well as the related benefits and risks.
The most surprising finding in the survey was the lack of certainty around the end-of-life for Windows 7, says Kevin Alexandra, principal consultant at Avecto. "It's the default operating system for most businesses – has been for the past few years," he adds. As Microsoft continues to push the Windows 7 end-of-life, companies are reluctant to fix something they don't see as broken.
What's Holding Them Back?
Compounding this reluctance are myriad challenges associated with upgrading an operating system that so many devices and applications rely on, says Hewitt, who says the biggest hurdle will be preparing on-premise legacy applications for the transition.
Organizations with a huge number of legacy apps, especially without a virtualized environment, will have a difficult time testing them for Windows 10 compatibility. "It can take a lot more time to make sure those apps are ready," he adds, especially when focusing on mission-critical tools.
The Windows 10 upgrade is a "very manual process," Hewitt continues, and it slows companies down. Most folks are aiming to complete their transition by 2020 and they're worried they won't make their deadline because of the manual compatibility testing processes. They need to test driver compatibility, create test groups, and make sure everything works.
"That's been a huge source of anxiety," he says. "There's a lot of clients out here who have successfully made the transition, but the majority are trying to figure out how to do this most efficiently with the least impact on their user base."
Companies are also worried about security and have vulnerable endpoints and malware at top of mind, Avecto researchers found. Forty percent say their top security concern is protecting remote workers and other employees who operate off the network. The biggest issue with securing remote workers and employees who BYOD is ensuring their endpoints are secure.
Microsoft Responds, Eases Up
The Windows 10 upgrade poses a tough transition for many. Hewitt points out how Microsoft, which started out aggressively pushing the new OS, has made some changed to ease the process of managing Windows 10 for companies with a long road ahead.
It's a fundamentally different from earlier versions of Windows, he explains. Many companies weren't sure if they were agile enough to handle an OS upgrade every six months, or manage their traditional systems along with the cloud-based Windows 10 model. As an example, Microsoft has offered more options to make it easier to combine cloud and PC management.
In some ways, the transition from Windows 7 to Windows 10 will be easier than past Windows migrations, says Alexandra, pointing to the example of getting new users on board. With its new OS, Microsoft has been pushing consumers to adopt Windows 10 at home; as a result, when it lands on their corporate endpoints, it will already be familiar to them.
"People are finding it significantly easier and a large part of that is user acceptance," he says. Employees are learning nuances like how account control works with underlying architecture.
For Windows 7 Pro and Windows 7 Enterprise customers, Microsoft is offering an option to continue Windows 7 Extended Security Updates (ESUs) for additional charge through January 2023. The Windows 7 ESUs will be available to all Windows 7 Pro and Enterprise customers in Volume Licensing, and they will be sold on a per-device basis with price increasing each year. Microsoft won't be introducing new features as part of the package; this is primarily intended to keep machines secure until a full enterprise upgrade is complete.
How You Can Prepare
If you haven't started to prepare for the Windows 10 migration, Hewitt recommends starting with an inventory of applications to be tested. Understand how important those applications are; figure out whether they're security-related, mission critical, or common among end users, and prioritize your list based on those needs. Survey your employees to figure out which apps they value and consider these when building your testing process.
He also advises joining the Windows Insider program, which lets members test updates ahead of their release. Educate yourself on what an update will, and will not, allow you to do.
"Really areas people need to think about are security testing, mission critical application testing, limiting end user downtime, and having a strong focus on making sure people aren't disrupted as a result of these updates," says Hewitt.
Alexandra advises using the upgrade as an opportunity to take advantage of security tools in Windows 10. Application control and least privilege accounts, for example, are two additions to leverage and improve on users' overall security.
- Abandoned Websites Haunt Corporations
- 8 Threats That Could Sink Your Company
- US Tops Global Malware C2 Distribution
- Google Patch to Block Spectre Slowdown in Windows 10
Black Hat Europe returns to London Dec 3-6 2018 with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.