The Security Benefits of Windows 10
Transportation Security Administration CIO Russell Roberts has told FedTech that the primary advantage of Windows 10 is the “improved IT security” it offers, and other agency leaders have highlighted its relative speed and stability compared to its operating system predecessors.
While not endorsing Windows 10 specifically, Small Business Administration CISO Beau Houser says the SBA has seen “a lot of benefits from the security features that are now built into Windows 10.” Microsoft’s decision to build security features into the kernel of the operating system is “extremely advantageous from an architecture standpoint.”
Normal computing activity, such as web browsing, can often lead to malware infections, Houser says. Windows 10 offers more secure web browsing, especially via its Edge browser, and Houser says the SBA has seen a decrease in the number of those routine cybersecurity incidents since migrating to Windows 10.
“On top of a secure operating system, customers also need the added defense of endpoint protection and detection, which is why we built Microsoft Defender Advanced Threat Protection into Windows 10,” says Rob Lefferts, corporate vice president of security at Microsoft.
Microsoft Defender ATP is a unified platform for preventative protection, post-breach detection, automated investigation and response, he notes. The platform helps agencies “reduce their overall risk by eliminating threats before they get to users and helping already strained IT departments prioritize and remediate threats.” Defender ATP is also powered by the cloud, so it is constantly updated and exchanging signals with the Microsoft Intelligent Security Graph, and it “shares detection and exploration insights across devices, identities and information to speed up response and recovery,” Lefferts says.
Here’s a more detailed look at the technologies included in Windows Defender that deliver superior protection.
Accelerating the Shift to Windows 10
By now, IT leaders should have conducted an inventory of every machine, every device, every piece of software, every endpoint and every cloud-based app downloaded by a user who skipped telling the IT department. Microsoft has toolkits and other analytics to assist IT teams with this burdensome process.
Following those steps, IT leaders must plan for the deployment. They can use Windows Analytics to assess device and app readiness and contact Microsoft’s Desktop App Assure team or your CDW account team for help with app compatibility.
Another step is to prepare the agency’s network infrastructure and directory services with Azure Active Directory and prep apps for deployment and Office Click-to-Run packaging. Agencies should also sync user files to the cloud and then customize user and device settings, according to Microsoft.
IT security teams need to plan for new security capabilities as part of the deployment. Agencies must plan their deployment strategies to support new hardware, device replacement, upgrade and reimaging, as well as having a rollout plan for phased deployment.
Deployment rings can ease the process; each ring includes workers from a variety of departments so problems limited to one department can be seen more quickly and affect only a few people at a time.
To avoid data loss during migrations, agencies should use the User State Migration Tool’s data store to temporarily hold user data and settings. Group Policy folder redirection and OneDrive for Business Known Folder Migration can guarantee data safety, and data should only be stored in approved locations.
IT leaders should communicate with agency users to prepare them for new capabilities to get the full value of Windows 10. They should also work with their hardware providers to enable Windows Autopilot to customize new devices without the need to reimage. Windows Analytics can be used to monitor the deployment until it’s complete and help make data-driven decisions later for future updates.
Federal agencies are ahead of their state and local government counterparts when it comes to migrating to Windows 10. Now that Windows 7 support has ended, however, those that have not yet made the switch need to get moving to avoid cybersecurity risks.