Peering Into the Future of Enterprise Security
Windows 10 is a leap forward in native Windows security, but it would be naive to think it will make you fully secure. Read on t learn how to ensure security compliance.
Join the DZone community and get the full member experience.Join For Free
How many desktops do you have out there that are still not on Microsoft Windows 10? Given the security vulnerabilities associated with earlier versions of Windows, the simple answer for most executives is too many. With attacks like WannaCry and NotPetya appearing far too frequently, your IT teams are probably hard at work on a migration plan to move your older desktop systems to the more secure Windows 10 OS. In my company’s recent survey of nearly 500 IT professionals, nearly 80 percent of the respondents indicated that the enhanced security features of Windows 10 were the primary reason they were eager to migrate.
Still, migration takes time, and though it is comforting to know that more and more systems may be migrated over to Windows 10 each day, the lingering awareness of how many systems have yet to be migrated is reason for concern. It’s hard to be fully comfortable when you know how much of your organization is missing out on the security improvements of the new OS.
All this gives rise to three critical questions:
1. How can your IT team migrate those older machines to Windows 10 more quickly?
2. How can you best protect those systems that are waiting to be migrated?
3. Finally, how can you best protect your enterprise -- on an ongoing basis -- from future attacks? For, make no mistake, there will be future attacks that will make even the most sophisticated of today’s attacks look relatively simple.
Peering Into the Future of Windows 10 Deployments
The majority of IT managers I’ve talked to are finding that it takes an average of two to four hours to migrate a single system to Windows 10. At that run-rate, it’s not hard to figure out that migrating thousands of systems to Windows 10 is going to take a long time -- particularly if your IT teams also have to concern themselves with the management and upkeep of all the other infrastructure resources in your enterprise. That issue of time turns out to be the number one concern I’m hearing when it comes to migrations.
But the amount of time required for Windows migration need not be viewed serially. It doesn’t even have to be constrained by the number of IT personnel you can dedicate to a migration project at one time. You can accelerate the migration process through the use of an intelligent enterprise peer-to-peer approach to migration. This can amplify the effectiveness of your IT personnel because they take on more of a managerial/monitoring role while desktop PCs throughout the enterprise (rather than standalone distribution servers) facilitate the migration of their peers to Windows 10.
It’s worth taking a moment to note that the kind of peer-to-peer approach to migration that I’m talking about here is distinct from the peer-to-peer data sharing systems you might remember from a decade ago. The peer-to-peer software distribution mechanisms that you might recall from the early days of Napster were never designed with enterprise security, resilience, and resource allocation in mind. Intelligent enterprise peer-to-peer management takes into consideration all these issues and can provide a powerful, secure mechanism that you can use to accelerate the distribution and deployment of data -- including everything from operating system and application updates to virus signature updates and other types of malware-related analytical tools. It enables you to perform serious operations at scale and can help you complete large, even geographically-complex migrations far faster than you could hope to complete them using other migration approaches.
Protecting the Past
Not coincidentally, a similar peer-to-peer approach can be used to make those PCs queued up for migration as secure as they can be until they are migrated.
For many enterprises, one of the great vulnerability issues lies in the inconsistency with which individual PCs comply with corporate best practices. Individual systems often have applications that have not been updated to the latest, most secure version and frequently have various endpoint settings configured incorrectly.
Yes, your IT experts can find and fix those -- if they know where to look. If they have time to look. If they have ready access to the updated applications and drivers, to the proper system configurations, and so on.
Or, you can rely on an intelligent enterprise peer-to-peer systems management solution that facilitates both the analysis and remediation of individual desktop endpoints. By taking such an approach, individual PCs can be actively running endpoint health checks on neighboring PCs (throughout your enterprise) and identifying systems and configurations that are non-compliant with established policies and configuration guidelines. These same PCs can facilitate the patching of out-of-date applications and drivers, initiate port closures, and so on within the environment to ensure that all the systems in the enterprise are compliant with corporate policies -- and do this far faster and more efficiently than your IT teams can. This ensures that your non-Windows 10 systems can be hardened while they are queuing to be migrated, and your IT teams can be freed up from troubleshooting to focus on more pressing business needs.
Positioning for the Future
Windows 10 is a great leap forward in native Windows security. But it would be naive to think it will make all of an enterprise’s endpoints impenetrable or impervious to attacks. Part of the Windows 10 promise from Microsoft is that there will be regular updates. Discovered vulnerabilities will be fixed as quickly as possible, and those patches will be rolled out at a furious pace.
The dynamic of Windows delivered on a SaaS model is one that enterprises are still getting used to. It’s going to challenge your IT team in new ways and force them to allocate time differently than they have allocated it in the past. This brings IT pros right back to the challenge of managing their time while ensuring that all the systems in your enterprise remain compliant and as hardened as possible.
But here’s the thing: good security hygiene is like brushing your teeth. It’s not something you do just once. You have to do it every day to keep your endpoints healthy and clean. Intelligent enterprise peer-to-peer endpoint security and management technologies can help you scale your security hygiene practices. You can monitor all your endpoints on an ongoing basis and discover and fix non-compliant configurations automatically so your IT team can focus on adding value in other areas. With a proper set of intelligent enterprise peer-to-peer-based endpoint management tools, your IT teams can set up their systems to keep an eye on themselves.
Published at DZone with permission of Jim Souders. See the original article here.
Opinions expressed by DZone contributors are their own.