We’ve known this date is coming for a while, but today marks exactly one year to the end of Windows 7 support, and therefore the deadline date for your transformation to a “Modern Client” platform such as Windows 10.
No doubt you’ve been thinking about this a lot, and many organisations are already progressing their activities to meet this deadline. However there may be some who are taking a different approach, and asking themselves “what exactly is there to worry about” – for example:
- Nothing will actually stop working on January 14 2020 – if we’re still on Windows 7 it will continue to work – wont it?
- Microsoft announced last year that they were extending support for Windows 7 through to 2023 – didn’t they?
- We’ve been told the transition to Windows 10 is the simplest and easiest yet – isn’t it?
All of the above statements are true, to a degree, but I’d like to flip the conversation around. The market has been dominated with the impact of “Windows as a Service” (Evergreen) and the challenges and problems that a regular update cycle will present. The above questions pose more of a “Why do I need to?” rather than a “Why should I?”. Let’s answer both.
Why do I need to move off Windows 7 by January 14th 2020?
- Microsoft will stop providing security and update patches on this date, leaving your devices exposed to security vulnerabilities and your organisation potentially open to compliance issues.
- The “Extended Support Updates” to 2023 are not free – and the price is high for something that’s not moving you forward at all.
- Your organisation and users are using 10 year old technology (Windows 7 was released in 2009). Think about what has changed in the technology world in 10 years and the opportunities you are inevitably missing out on by using old tech
- Your application providers and partners will be modernising their solutions to work on modern technology and keep pace with the market. How long will they support the “legacy?”
So that’s the negative, arguably the “FUD” angle. Now look at this the other way around:
Why should I be running a modern platform such as Windows 10?
- Significant security enhancements within the Operating System, and integrated in the hardware to mitigate security threats of the modern connected world.
- Enhanced mobility with an effective touch interface – meaning your users can work flexibly on the device of their choice in an array of location and circumstances.
- A modern look and feel – more commensurate with what people are used to at home, supporting the ethos of “Digital Workplace”.
- Better user experiences – higher performance, more stable, more functionality, and more regularly updated
There are a range of other benefits, these are just a few examples – but it’s clear there should be a “Pull” to upgrade as well as a “Push”.
Or from another perspective….
So all of this is logical and evolutionary. What about a more radical revolutionary approach?
In the world of consumer choice, cloud services and pervasive mobility there are other options. You don’t need to continually furrow a Windows platform strategy. What about adopting Apple to delight your users? We’re seeing significant growth of Mac in enterprise and it’s viable for all use cases now. What about alternative technology types? Does it need to be a PC – what about a Tablet or Smartphone to help your users mobility to be productive and improve customer service? With some minor tweaks you can radically change your workflows and provide a step change in how you engage your customers and enable your people.
There are various options – the point is you don’t NEED to relentlessly pursue a Windows only option – there are now very viable alternatives.
Either way, it’s going to be a busy 2019 – and its only just begun! So if you need any help to get started or accelerate your activities, feel free to get in touch
Happy New Year and I hope the festive break was “a break”. Some continue to work throughout the festive season (or the global economy would meltdown), but for many back to work for 2019 started in earnest this week. I have so far avoided 2019 “predictions”, “prophecies”, “educated articulation of interesting stuff” to date based on so many of them circulating the social media and email landscape. However, a fair few messages asking for a perspective on the networking and security world for 2019 have stimulated me to scribble a few words.
And here comes the shock, I will be quite boring with my summary of the market and technology impacts for 2019 (well at least the first half) because I will continue to encourage to all who will listen that the most important edict they can institutionalize in their own psyche and the organisational operational IT approach is to ensure the basics are “brilliant”. Modern business should only have a single state, secure business with an unintentionally insecure environment almost unthinkable in the digital age. As the creation, processing, analysis and management of digital data streams continue to underpin and energize both user and business outcomes an intentionally secure by design philosophy is the only way to stem the attack tide.
Security isn’t the task of security professionals alone, but every application or system user with a level of consciousness about the consequence of breach or failure must now acknowledge “intentional security” is the responsibility of all.
Ensuring the basics are brilliant, with security controls mapped to business activity, outcome and consequence, with auditing and automation leveraged to optimize operations will increase the level of certainly of a user or organisations security posture.
· Privileged account security
· Multi factor authentication
· Managed encryption.
· Vulnerability management PLUS
· Identity management PLUS
· Enterprise anti phishing with associated user education
· Intelligent endpoint security (user or things)
Can you embrace how boring the list above may seem – hopefully that’s the case. The list above are subset of the “Brilliant Basics” that MUST underpin the secure defences of all. You are possibly about to click away from this screen buoyed by the view “we have got all of those” and that may be the case. But even with great guidance from Cyber Essentials, CIS, NIST, etc many organisations I meet are a snippet of “luck” away from a comprehensive breach due to absence, failure or poor execution of the controls above with the negative consequence avoidable.
If there is no auditable and actively managed operational state of the items mentioned above integrated together to ensure security is seamless, intentional, proactive why consider the wealth of advanced and esoteric new products showcased daily – get the basics right.
So my 2019 ask so early in the year is to be brutal and rigorously appraise the brilliance of your “basic” security controls. Are they operational consistent, audited, integrated, holistic, bidirectional from an information and threat exchange, automated where possible – score your current state.
Why make it easier to be breached when organisations highly engineered, often very expensive, operational complex defences fail due to the failure to control the controllables or optimise the known basic elements.
Until next time.
LOB CTO – Networking and Security Computacenter UK
Note: This perspective is the viewpoint of Colin Williams and does not constitute an opinion of Computacenter Group.
This must be the “strangest” of strange states as our consumer society evolves from zero “Black Fridays” to two – and gives my original article a second lease of life. The early bird resellers launched Black Friday part one last week attempting to steal a march on the masses, but the real frenzy and furore starts now with the default Black Friday fast approaching followed by Cyber Monday just around the corner.
These two shopping days were absent from my childhood as I lived a world of window shopping that on the odd occasions evolved to in store browsing when I sought to interact and engage with the myriad of products I hoped I could one day afford to buy. Click and collect didn’t exist but via a very thick paper based catalogue “click and deliver” was a highly rewarding activity with the click of buttons on the home phone followed by that feeling of Christmas when the catalogue item was delivered via the postal service (nothing ever fitted or looked as amazing as the catalogue pictures).
But as we fast forward to the present day with frequent announcements of the demise of the high street, much of our in store browsing is online (and frequently from a mobile device), click and collect / deliver an essential way of life and our approach to product selection and purchasing is now unrecognisable from a decade ago. Our immersion in social networks, digital procurement platforms and financial systems have helped to make many of us digital by default when we shift into product buying mode because the sheer breadth of offerings and convenience is unmatched.
But it comes with a health risk. The “digital me (or you)” and our always on entity existing on both known and unknown public platforms, ensures we become valid targets for attackers seeking to emulate our digital personas for financial gain. Black Friday signals the start of one of the busiest and most frenzied trading weekends of the year. The mix of in store and online price reductions results in both “want and need” based purchasing to ensure “too good to be true” deals are not missed, culminating on Cyber Monday with an online price war second to none.
Secure business, secure purchasing, secure user experience are often assumed by customers without a second thought of the cyber threat spectre waiting in the wings. This leaves many combing the net for deals, offers, codes or any other digital token to make “cheap” even “cheaper”, blissfully unware that many of those “benefits” are fake, malware ridden or designed to harvest personal credentials for future use.
Cyber Monday 2017 surpassed $6.7bn of sales which for both retailers and cyber treat actors is a prize too lucrative to ignore (stat CNBC). For retailers, getting the security basics right will be essential to ensure successful and secure consumer trading outcomes. DDOS mitigation, enhanced phishing protection, web application security, anti-malware, access review and least privilege are essential controls that must be tested and optimised in advance of the starting gun for Black Friday.
For consumers / users, education and heightened levels of cyber vigilance plus a realisation that too good to be true – “is too good to be true” when interacting with online systems prior to and beyond the Black Friday / Cyber Monday weekend. This is the time of year where spam and phishing Email volumes reach unprecedented levels with social engineering used to make those “offers” too compelling to ignore. DONT CLICK emails for “amazing deals and offers” – pure and simple as a moment of weakness may result in malware, ransomware or other forms of compromise taking hold of your digital persona and potentially that of your company. Its safer to visit the website of the vendor in question “directly”, no need to click a link that may not be from the company in question.
If you want to be “online smart” a few simple things can deliver HUGE security enhancements to your Black Friday shopping experience. Ensure you turn on the two-factor (or multi) authentication and notification options on your various online email services and accounts with further security improvements gained by using a password manager to ensure different passwords are applied to various services you use.
Building the walls higher just won’t do, both vendors and consumers must work in tandem to ensure the most secure possible online and digital trading experience is realised by all reducing the potential for data breach or subsequent misuse.
Safe and happy shopping during Black Friday and Cyber Monday 2018 (and beyond).
Until next time.
LOB CTO UK: Networking and Security – Computacenter UK
I am fresh back from the biggest ever VMworld Europe, buoyed by the numerous announcements and developments in their end-user capabilities. On the back of our strengthening strategic partnership I thought it was time to address that age-old question; which is best Citrix or VMware?
It’s not easy being a consultant. It’s even harder when you don’t work for a vendor and so aren’t invested in a specific technology stack. Yes, I get it, there are worse things in life, but all things are relative. For me, nothing represents that better than organisations asking whether they should choose VMware or Citrix? The response ‘it depends’ is often met with exasperation, but it’s key to everything we do, by focusing on the value to a business and the requirements they are trying to meet.
Back in 2014, VMware bought AirWatch for $1.54 billion; a staggering fifteen times it’s reputed worth. We had already seen the explosion of mobile devices into organisations and the realisation of how much more productive they could make people, but it was also evident that managing mobile devices was a different proposition to managing static PCs.
Pretty soon that was looking like a smart move. However, roll forward to 2018 and the benefits of Mobile Device Management are being exploited across the wider estate. Making the purchase look like a fabulous move. The development of Unified Endpoint Management (UEM) has allowed VMware to talk not just about virtual desktops, not just about mobile devices but the whole end-user estate. With this the focus has shifted just from competing with Citrix to move directly with Microsoft. With virtual desktops constant at around 10% for most customers the bigger opportunity remains the physical world hence the development of Workspace ONE. The prize now is looking beyond the Microsoft ecosystem at how the workplace is becoming more disparate, driven by consumer/colleague choice. This strategic, holistic, vision is now more often what drives solution choice.
In August 2017, VMware bought Apteligent, nine months later they bought E8 Security and delivered Workspace ONE Intelligence to improve user experience, optimise resources and strengthen security and compliance. In May of this year, they announced their strategic partnership with Okta which increased their capabilities to deliver a compelling identity story. I said above that the focus has shifted from Citrix to Microsoft, with these acquisitions and the capabilities they bring, in truth VMware is battling against their partnership.
The decision to remain on a certain virtual platform should be considered alongside how devices will be managed, how identity will be handled, what cloud investment strategy has been decided, which endpoint security requirements you have. Most organisations have existing investments in technology that come up for renewal at different times so changes need to be modular and fit an end vision. They must interact and exist alongside other products until the time is right to retire them. So where do you start? In Workspace ONE I see four opportunities.
Device diversity – organisations are increasingly looking beyond Microsoft Windows to support greater user choice. The drive from Apple and Google into Enterprise organisations is, so far, better supported and has more focus from VMware
Consumerisation of IT – as the consumer world now leads the Enterprise world there is an expectation of a certain user experience and ease of use. Workspace ONE delivers a consistent consumer-like experience across multiple OS platforms and form-factors.
Existing AirWatch investment – where mobile devices are already being managed via AirWatch the ability to extend that management to the primary device estate through a ‘single pane of glass’ can make a strong case for retaining and strategically developing investment in VMware.
Existing virtual desktop and app investment – where VMware Horizon has been deployed the built-in integration into Workspace ONE and potential licence benefits could make the case for deploying the wider portfolio of products. Publishing applications through the Workspace ONE app can be a key driver to greater end-point diversity.
VMware can co-exist with traditional management systems to manage a wide range of devices and form factors. Using analytics, they now have insight into the user experience, with their open security platform they can take advantage off best of breed vendors and with their partnership with Okta they have an identity solution to integrate any application strategy safely and securely. That gives them the capability to offer a direct comparison to Microsoft’s Enterprise Mobility and Security suite.
Competition provides benefits for the user and drives vendors to be innovative. If you believe that your future desktop strategy extends beyond the Microsoft world, then Workspace ONE is something you need to consider. Let’s have the conversation, just don’t expect a simple answer.
Hands up who has departments that depend on Zoho Invoice, Eclipse Manager or Diagram Painte? Okay I’ve picked some of the more random business applications available in the Microsoft Store for Business, but I’ve not had to leave the home page to do so. Other than the Microsoft applications and a couple of offerings from Citrix there isn’t much there you’d recognise. Because of this the Windows App Store has not so far been a focus for enterprise organisations, but could that be changing?
Microsoft’s attempt to modernise how we install and deliver Windows applications has failed to impress. Continuum was meant to deliver universal applications to run across the entire Microsoft ecosystem, but as good an idea as it was, the developers never came and, so, neither did the apps. That led to the end of Windows phone, while doing nothing to improve the dearth of business content in the Microsoft Store. Terry Myerson, Vice President of Operating Systems at Microsoft in 2015 said “tool kits will allow developers to bring their code for iOS, Android, the Web, .NET, and Win32 to the Windows Store with minimal code modifications. Our goal is to make Windows 10 the most attractive development platform ever”. Apple and Google have their own app stores though and the benefits of moving away from ‘how we’d always done it’ weren’t compelling enough. Windows Desktop Bridge was the last initiative to invigorate the Universal Windows Platform (UWP) and so the Microsoft App Store. This time the focus was on migrating 32-bit MSI (so just Windows) packages to APPX (Universal) ones. However, to gain all the benefits of UWP additional development is required and that is a barrier to organisations adopting it. In 2017 Microsoft released the MSIX package format to replace MSI, APPV and APPX extensions and get around this problem. MSIX has all the features of UWP with more container security options and extra application customisations. To further aid the adoption of the new standard, Microsoft open sourced the entire project on GitHub. MSIX is still in its infancy and has only just gained support in Windows 10 1809. The current format does not support driver installation, Windows service installation or modification, kernel or Explorer modification. Having said that the promise is very much in line with the messaging around Modern Management and the continued consumerisation of the Windows desktop. The abstraction of applications from the OS increases the ease at which feature updates can be deployed and offers the self-service experience users now expect.
The previous lack of a cohesive application strategy has held back the promise of a Windows App Store resulting in the chicken and egg problem: if Microsoft can entice software developers to take up the MSIX format people will use the app store, if people use the app store software developers will develop apps for it. The concept is a seismic shift away from how we Windows applications are delivered. but then Windows 10 demands we consider applications in an entirely different way. As we change the way we manage Windows, so ISVs are having to change the way they develop software to keep up with the moving target that Microsoft is presenting. This ability to distribute software across the globe, through a store, with their latest supported versions immediately available to users as soon as they update Windows is hugely appealing for all concerned.
Whatever platforms and initiatives Microsoft invent they are completely beholden to the developer community and the behaviour of users. A consistent message will go a long way to helping them. The hope is obviously to replicate the consumer experience we take for granted with application update notifications. However, other platforms may not have 30 years of legacy applications to contend with. Business-critical, internally developed applications needing extensive user testing before release, will always be treated differently but ‘Evergreen’ is changing application testing. You aren’t going to test 3,000 apps every six months, so which ones do you really care about? Which will you test proactively and which reactively? The drive to modernise applications continues at pace but plenty of legacy remains that could be adapted to be delivered from a Windows App Store. For now though, we’ll have to wait and see what the uptake of MSIX is, both with the software vendors and internal packagers.
Based on the organisations I speak to, we’ve reached roughly a 50/50 split between SaaS and traditional ones. If we assume that the easy ones get transformed first we’re now into the long Microsoft tail of applications we still have to deploy out to colleagues. To do this we need new solutions and MSIX seems to enable this. Does MSIX spell the end of App-V? Probably. Does this mean the reality of a Business App Store is upon us? Possibly. The demand for, and expectation of, a Windows App Store is certainly there, we just need the applications. Of course, you could be one of the 16 people worldwide who use Zoho Invoice in which case you’re already living the dream.
October is Black History month and celebrated as such in the UK, USA, Canada, Irish Republic and the Netherlands to name a few nations. It reflects on the history of the African, African American, Afro Caribbean community and its experiences both negative and positive within the world as we know it. I have been torn for many years on my viewpoint of the use of a single month in the year to celebrate the achievements of Black people – we are no different from every other race with experiences and achievements illuminated daily through the course of normal life, so why the focus on a single month.
However my stance has softened somewhat in recent years in the midst of the lack of focus and importance placed on reflecting on historical experiences in the many forms irrespective of race, or colour as constant digital recalibration of the past becomes the historical signpost for our future. We live in an information rich world with access greater than ever before to the amazing historical insight available and via the magic of AI & ML now have a platform to “what if” the future. The film “Hidden Figures” told the story of three Black women mathematicians who were fundamental the success of early NASA Apollo space programmes. If the “Black History Month” moniker results in more positive historical stories of a similar nature to be told and heard, it will help so many unwind public domain, lazy stereotypes that may exist.
But our absorption of those knowledge nuggets can be somewhat compromised by the harsh realisation that “written doesn’t mean real” with fake news at times impossible to discern from real news (and who validates real as real). With all of the above guiding our historical lenses, it’s essential an underrepresented community at times from a “good historical news” standpoint is granted a stage or a spotlight to expose past and showcase current good news stories for the present generation to reflect on and learn from.
This post isn’t the forum to chronicle the achievements of black people and how they have positively affected humanity, many are well documented elsewhere. But it is to radiate a digital smile that for at least one month in the year children, adults, all people of all races within the countries that celebrate black History month can be informed, stimulated and educated based on valuable historical information that without focus they may have no imperative to seek out and consume.
Black History Month October 2018
Until Next Time.
LOB CTO UK – Networking and Security
Things just became really interesting.
The recent news is awash with worrying claims from a credible source of “hidden” spying chips embedded within the motherboard of a leading server manufacturer. As yet, no manufacturer has released a statement confirming their existence but the information illuminating the potential is compelling. Surely it forces us all to consider our own personal, personal and professional “digital state” in this heavily connected world. Do we technically appraise every computer based device we use at design and component level to determine the source, use and security impact of all of the minute elements that make the device work. Of course we don’t, not only would the majority of us struggle to find out how to even open the device (have you tried to open a modern mobile phone with the myriad of specialist tools and hidden pressure points to make things pop open), we no way of actually understanding the function and outcome delivered by the components (when they work in harmony).
Can we be sure the most innocuous of household device has no secret and potentially malicious embedded elements that whilst not explicitly installed to be utilized in a nefarious way in the right hands can’t be leveraged to invoke a surveillance, recording or tracking function? It is this total ambivalence to the likelihood of it, until possibly today that means the potential may be more likely that we ever dreamed.
The days of hardcoded firmware delivering static intelligence to all but the most expensive and programmable devices is from a bygone era. Even the simplest digital device consists of user or system driven remotely programmable aspects that in some cases are core to the function of the device. Whether it’s used from software updates, device troubleshooting or in the case of some advanced modern vehicles to deliver totally new functionality, device or system programmability is a fundamental aspect of modern IT that enhances the consumer or user experience by making it “personal”.
Could we be shifting to a position of worry so great that we “sweep for bugs” when entering a room or prior to switching a device on in true James Bond mode – highly unlikely. But I suggest the recent announcements will ensure many IT leaders and operational teams increase the priority of network based security visibility platforms, AI or machine learning systems that examine and re-examine the most granular elements of telemetry and security aware behavioral analytics platforms that understand things we can’t comprehend.
Ask yourself when considering the IT platforms that underpin your business (or social existence), what can you really see, are you sure you know how they work and do you really understand the security heart that beats within?
Who would have thought, we are not even close to the iconic year 2020 and already we may be worrying about the moral intent in the digital soul of our machines. The future ahead is likely to be way more interesting than we have ever previously dreamed.
Until next time.
LOB CTO UK – Computacenter Networking and Security