From Dark Reading:
The transition to Windows 10 doesn’t need to be a sprint. Organizations can still take advantage of the security in Windows 7 while gaining added management flexibility from the newer OS.
Organizations worldwide are still coming to grips with the migration from Windows 7 to Windows 10. Although many are already capitalizing on the transition as a chance to strengthen their overall IT and better protect endpoints for individual users, others are stalling.
Earlier this year, Microsoft announced that 184 million commercial PCs are still running Windows 7 across the world — and that’s excluding the People’s Republic of China. But as the deadline for Windows 7 extended support draws to a close in 2020, it’s important for IT professionals to prepare and become better informed on the implications of the migration for their business today.
With this in mind, we’ve identified some of the key things that organizations should consider when transitioning to Windows 10.
Recognize Modern Security Challenges
Windows 10 is considered the most robust Windows operating system so far; therefore, it’s little surprise that countless organizations trust in Microsoft’s cloud-based modern management approach to facilitate heightened security and agile IT capabilities.
But mobile device management solutions mean that employees must have administrator rights to do their jobs on a daily basis — a potential security risk. So, while Microsoft is enabling organizations to deploy Windows 10 support and adopt modern management more easily, it’s important that businesses understand that the operating system alone is unable to protect businesses from evolving threats.
To protect their organizations, CSOs, CISOs, and other IT security professionals need to think more strategically when migrating to Windows 10.
For example, in a survey of 500 global IT and cybersecurity professionals last year, vulnerable endpoints were the top security concern of migrating from Windows 7 to Windows 10 for 40% of respondents. Meanwhile, all regions except the United Arab Emirates claimed that the biggest challenge for securing remote workers and employees that use their own devices on Windows 10 was ensuring that endpoints are secure.
These concerns are not misplaced, with many breaches arising due to employees working remotely and enjoying access to data from their own devices. To help mitigate this threat, CISOs should remove admin rights wherever possible and implement a thorough training program to ensure that employees understand why this is happening, along with the correct steps that must be taken to continually mitigate the threat of exposed endpoints.
Privilege or No Privilege?
There have been two main types of account — administrator and standard user — in every version of Windows to date, and Windows 10 is no exception. But with the knowledge that removing admin rights could mitigate 80% of all critical Microsoft vulnerabilities reported in 2017, the specific security threat that overprivileged admin users pose to their businesses is clear.
Fortunately, the removal of admin privileges from employees is relatively simple on Windows 10. However, although this process does result in improved security, it can present some usability challenges. Because many day-to-day tasks and applications require admin rights, their loss can hamper a workforce’s efficiency in carrying out their responsibilities.
This is a conundrum for businesses, which must aim for maximum security but also avoid locking too many users out of the systems they need. IT and security leaders must weigh this balancing act on a case-by-case basis and, if they do remove admin rights, ask which of their existing practices should be tweaked to avoid the challenges associated with them.
Getting the User Experience Right
Although Microsoft rolls out updates to its operating system twice yearly, its modern management still doesn’t allow for a distributed set of employees to install key applications in a secure, user-friendly way. For example, when admin rights are taken away, IT staff can have difficulties in accessing the network and helping users to install software — ultimately detracting from the overall user experience.
But IT leaders should note that the transition to Windows 10 doesn’t need to be a sprint. For example, by evaluating which devices require an upgrade, they can use previous operating systems for some areas of the business while simultaneously implementing Windows 10 for others. This will enable organizations to benefit from the security in Windows 7, for example, while also benefiting from the flexibility of newer systems.
The migration to Windows 10 is an opportunity for organizations worldwide to upgrade their Windows management. But it’s vital that the flexibility that the new operating system offers is balanced with measures to maintain an organization’s security against evolving threats. By thinking carefully about the points outlined in this post, IT leaders can plan a smooth transition to Windows 10.
Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry’s most knowledgeable IT security experts. Check out the Interop agenda here.
Kevin Alexandra is an experienced Technical Consultant who has been working in the IT industry since he was 13. Kevin combines his passions of technology, learning, and sharing to help BeyondTrust customers globally navigate the ever-changing space so they can make informed, … View Full Bio
The original content can be found here: Windows 10 Migration: Getting It Right