Last year Microsoft announced that 184 million commercial PCs around the globe run Windows 7. And that’s not including the untold number of Windows 7 systems in the People's Republic of China. Now that we’re closing in on Microsoft’s January 14, 2020 deadline for Windows 7 support, it’s high time for IT pros to prepare for the migration to Windows 10 in their organizations.
But the Windows 10 migration doesn’t have to be just another bothersome IT chore. It can be a great opportunity for organizations to improve the management of their IT infrastructure, while also strengthening endpoint security.
With that in mind, here are some key points that organizations should consider when transitioning to Windows 10.
Maintaining Security Against Evolving Threats
Windows 10 is widely considered the most robust Windows operating system to date. It’s no surprise that countless organizations trust in Microsoft's cloud-based modern management approach to facilitate heightened security and agile IT capabilities.
With mobile device management (MDM) solutions, employees must have admin rights to do their jobs — and that’s potentially a very serious security risk. BeyondTrust’s recent Microsoft Vulnerability Report discovered that 81% of critical vulnerabilities in 2018 could have been mitigated by simply removing administrator user rights from Windows endpoints.
So, while Microsoft is enabling organizations to deploy Windows 10 and adopt more modern systems management capabilities, it's important to understand that the operating system alone cannot protect businesses from evolving cybersecurity threats. To protect their organizations, CISOs and other IT security professionals need to think strategically when migrating to Windows 10.
For example, a survey of 500 global IT and cybersecurity professionals conducted last year found that vulnerable endpoints were the top security concern when migrating from Windows 7 to Windows 10 for 40% of respondents. Meanwhile, in all regions except the United Arab Emirates, the biggest challenge for securing remote workers and employees using their own devices on Windows 10 was ensuring that endpoints are secure.
These concerns are not misplaced. Many breaches occur due to employees working remotely and enjoying access to data from their own devices. To help mitigate this threat, CISOs should remove admin rights wherever possible and implement a training program to ensure that employees understand why this is happening.
The Privilege Problem
In every version of Windows, there have been two main types of account — administrator and standard user. Windows 10 is no exception. The fact that removing admin rights could mitigate more than 80% of all critical Microsoft vulnerabilities reported last year underscores the security threat that overprivileged admin users pose to their businesses.
Fortunately, the removal of admin privileges is relatively simple on Windows 10. However, while this process does result in improved security, it can present some usability challenges. Many day-to-day tasks and applications require admin rights. Revoking these privileges can potentially hamper a workforce's efficiency.
This is a real challenge for modern businesses, which must simultaneously strive for maximum security, while preventing users from being locked out of the systems they need to access. IT and security leaders should weigh this balancing act on a case-by-case basis. When they do remove admin rights, they should determine which of their existing IT practices should be tweaked to avoid the challenges associated with removing these rights.
A Phased in Approach
Although Microsoft frequently rolls out updates to its operating system, it still does not allow for a distributed set of employees to install key applications in a secure, user-friendly way. For instance, when admin rights are removed, IT staff can have difficulties accessing the network and helping users install software. That detracts from the overall user experience, and hurts productivity.
The migration to Windows 10 does not need to be a sprint. By evaluating which devices require an upgrade, IT leaders can use previous operating systems for some areas of the business while simultaneously implementing Windows 10 for others, and then slowly rolling out the migration to the rest of their machines.
Approach the migration to Windows 10 as an opportunity to upgrade your Windows management while also improving your overall cybersecurity posture. It's vital that the flexibility that the new operating system offers is balanced with measures to maintain your organization's security against modern threats. By strategically considering the points outlined here, you will help set yourself up for a smooth, successful transition to Windows 10.
The Microsoft Vulnerabilities Report (research)
10 Steps to Better Windows Privileged Access Management (blog)
Removing Users from the Local Administrators Group (blog)
Endpoint Privilege Management (solutions page)
Why You Should Reboot Your Windows Machine Every 30 Days (blog)