Why 2017 is the year that changed Windows management forever

In fact, it may have been the single most significant year yet.


2017 was a truly transformative year in the history of corporate IT. I would even go so far as to say that, in my 25-year history working with Windows in large organizations, I think this has been the single most significant year yet.

The transformation has been the realization that the way we think about every aspect of Windows management, from minor change to full-scale migrations, has to change. It’s worth repeating that the instruments of this collective revelation were WannaCry and NotPetya, which caused some of the worst damage I have seen in my career, so much so that I now think disaster planning must take such attacks into account.

For most CIOs, CTOs and even CFOs, the penny likely dropped in the time it took to discover that a significant proportion of the UK’s National Health Service’s IT infrastructure had been compromised – because of an outdated operating system and the fact that NHS ignored simple security best practices.

I speak with 5-10 companies a week about their Windows strategies, and they all agree with the following statement: there is no point in worrying about expensive alarm systems (in the form of security products), while leaving the front door and windows wide open by not keeping software current.

Staying current has become fashionable, and it’s one trend I can totally subscribe to.

Meanwhile, in Redmond

For those organizations that had already taken the hint and made the large commitment of transitioning to Windows 10, they found themselves in a world that was very distinct from the one they had left behind.

With Windows 10, every six months effectively requires (and compels) a full OS update. Currently, most organizations are used to doing a full Windows upgrade every six or seven years, sometimes even longer. While CIOs might not like the new rapid pace of updates, this is a change for the better.

For far too long, Windows has been an insecure operating system (sometimes ridiculously so), with hackers able to rely on the very simple mechanism of monitoring common vulnerabilities. All they have to do is look at security research, which points out vulnerabilities. Some even provide code examples, so the hacker just needs to repackage the code into a delivery mechanism.

Unless you’re tending to the underlying operating system as well, patches are just a bandage. In Windows 10, Microsoft added 17 major security enhancements and the list of common vulnerabilities is significantly lower. The faster update cycle for Windows 10 – assuming organizations keep up with those updates – will help ensure that they are never as vulnerable as they were in the past.

What this means

The way we used to work – with one massive migration project every few years – is out the window (as it were). Organizations are likely to stay current once they move to Windows 10.

The fly in the ointment is that Microsoft hasn’t given sufficient attention to how third-party applications fit in with this vision. Given that we use Windows to run applications, it is essential we take them into consideration.

Microsoft’s present answer is, “Just upgrade all your applications to the latest Windows Store version.” But that’s an impossible exercise as they are not always available in the Windows store. On average, an organization is using 1,800 applications. These will all act to slow a migration to Windows 10.

New Year’s resolutions

I would advise that organizations do two main things in the new year.

The first is to sort out automation for all the key scenarios in how you build Windows itself and migrate it. Microsoft has shown that they are beginning to realize this is a problem with Autopilot, but this solution is really basic right now. It does not address most common scenarios such as wipe-and-load, PC replace, break/fix rebuilds and in-place upgrades.

As for the application issue: first and foremost, you’ve got to know what you’re running. You’ve got to have a system that enables you to have some knowledge of your applications and then automation which helps migrate them to the right versions.

Solutions do exist that can address both these issues. The bottom line, though, is that the biggest security fixes are coming in the OS and the application versions themselves; the patches are only bandages. 2018 is going to be about moving forward in the light of this realization.


Copyright © 2017 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon