After nearly 10 years at the top, this January saw the beginning of the end for Windows 7 — Microsoft’s long-standing, once market-leading, operating system. With exactly one year to go until Microsoft pulls the plug and ends vital security updates and support, many businesses have been left surprised by how quickly this once far away deadline has come around.
According to new research from Kollective, as many as 43% of enterprises still have machines running the outdated OS. While failing to migrate poses a number of security issues, the real concern for businesses is not Windows 7, but Windows 10 — specifically the way in which the new operating system delivers updates.
Microsoft has previously described Windows 10 as the “last ever” Windows operating system. This means that, instead of migrating to a new platform in 3-5 years’ time, businesses will now be expected to deploy and install new OS updates on a perpetual basis.
Despite this impending switch to a ‘Windows as a Service’ update model, 46% of IT professionals said they don’t have a formal plan in place to manage Windows as a Service updates. Even more worryingly, 15% of IT professionals aren’t even aware of Windows 10’s need for continuous updates.
For these professionals, the success of their transition away from Windows 7 and towards Windows 10 will be directly tied to their strategy for handling updates. In short, there’s a major difference between an effective Windows 7 update strategy and an effective Windows-as-a-Service strategy.
So just what should businesses and IT teams expect from Windows 10 updates, and how can they start to build a strategy that matches the new reality of permanent updates?
The new reality
Unlike Windows 7, Windows 10 will feature two major semi-annual feature releases, in addition to 12 Quality Update releases per year for security hygiene. That’s not all, since many Windows 10 enterprise users also run Office 365, this software will also see two semi-annual releases on top of regular Office-specific security updates.
When you add this all up, it becomes increasingly clear that a major new approach is required.
In addition to these updates, many enterprises use third party apps and freeware to improve on the functionality of Office 365. More than ever, hackers are targeting vulnerabilities in these addons as a way to break into an organization’s corporate network.
In order to reduce the risk of such attacks, IT teams should expect to update these additional tools just as regularly as they do Microsoft Office.
As well as managing terminals within the internal corporate network, enterprise IT teams will also increasingly need to think about how they protect works outside of the organization. As the trend for remote, flexible and mobile working grows, this issue is only going to get more complex.
Often, a security risk is introduced, not by a flaw in the majority of machines’ security, but instead by a very small number of remote, unpatched terminals. It is these machines that offer the greatest risk.
Even if one such remote machine doesn’t touch the network frequently, all it takes is one connection to an unpatched and infected machine to trigger a serious data breach. This can be catastrophic for both a brand’s reputation and the safety and wellbeing of its customers and employees.
Finally, an effective update strategy needs to incorporate the need to respond quickly to Zero Day Attacks. Through these attacks, malicious code can be published publicly, meaning that an attack on unpatched machines can be launched by anyone willing to cause harm.
When these exploits become known, Microsoft will work rapidly to release a permanent or at least temporary patch to address the issue of the once-a-month Quality update.
What does this mean for enterprises?
With major updates twice a year, monthly security updates, updates to third party tools and occasional updates with no warning at all, it’s clear that Windows 10 won’t be a walk in the park for IT and enterprise leaders looking to keep their systems secure.
Rather than having the luxury of spending months testing and validating each of these updates against both the core operating system and interoperability with critical business functions, today’s enterprises will have maximum one-month to be fully deployed and considered ‘current’ before the next release cycle comes out. This dramatically increases the potential that enterprises will fall behind and fail to stay up-to-date.
At the same time, enterprises often have highly complex infrastructures containing multiple test environments — all of which will need to be patched and maintained to the same level as the production environment. All of this can leave little time for the actual deployment of updates to the edge of the business’ network.
And that’s before you consider the fact that many large businesses restrict the distribution of updates to outside of normal business hours in order to maximize the network speed. While under Windows 7, this strategy somewhat limited the network and normal business operations from being disrupted, the “always updating” cadence of Windows 10 makes this schedule almost impossible to maintain.
A software-defined solution
The bottom line: Windows 10 updates are going to become more frequent and more data intensive. Therefore, an effective Windows 10 update strategy should seek ways to gain time while reducing bandwidth.
To achieve this, many businesses are now turning to the use of peer-to-peer (P2P) technologies such as SD ECDNs (software-defined enterprise content delivery networks). These virtual networks allow businesses to share large files at high speeds, regardless of whether they are still relying on legacy network infrastructures.
By distributing an update to multiple machines (or peers) and then allowing those machines to share the updates amongst themselves, SD ECDNs exponentially decrease the bandwidth load on an organization’s network. The greater the number of peers across a complex distributed enterprise, the more efficient content delivery becomes compared to legacy hardware-based WAN optimization solutions.
By adopting an ECDN overlay to their existing ConfigMgr infrastructure, enterprise IT teams can leverage the power of a peer-to-peer technology to dramatically reduce the need to deploy distributions points that serve content to the end user. By streamlining the ConfigMgr in this way, businesses not only accelerate the time it takes to deploy updates, but also reduce the amount of update-related data moving through the corporate WAN, by offsetting this to the LAN.
This can allow IT departments to deploy updates during business hours without impacting the network and disturbing critical business functions, buying an additional 10-12 hours a day in which to deploy. This extra time can then be used for testing and validation, reducing the risk of failed deployments.
Without a doubt, Windows 10 requires a change to the way enterprises approach updates. For IT staff who are used to taking their time or putting off updates, Windows 10 is going to come as a shock.
With the right strategy and technology in place, however, enterprises will be able to keep pace with Windows as a Service without compromise.