The future of Windows-as-a-Service

Moving to a cloud- and stream-based service could do amazing things to our security exposure and remove much of the pain of patching.

hand at keyboard with Windows logo
Thinkstock/Microsoft

We are undergoing a lot of technology changes at the moment.  3D printers, autonomous cars, package- and even people-carrying drones, industrial and personal robots, and mixed reality which promises to blur the lines between what is real and what is digital are all coming at warp speeds.

One of the more interesting moves is being made by Microsoft [Disclosure: Microsoft is a client of the author], as they shift to a cloud model for both application and operating system delivery and access.  We knew this was coming when Satya Nadella took over for Steve Ballmer as CEO. As the champion for the cloud at Microsoft, he was all-in. 

The firm’s initial move last year was to step away from the traditional upgrade cycle and deliver product updates with new features several times a year, rather than semi-annually or later. This month they announced that, for enterprises, they would still provide extended support the old way for firms that couldn’t be on that aggressive cycle, and a blending of their Software-as-a-Service offerings, which now includes Office 365, Windows 10, Security and Enterprise Mobility

But I think this, too, is a milestone, and that the eventual goal is to provide the Microsoft desktop from the cloud. Or, effectively, to return to the appliance part of the old Terminal experience. 

Let us talk about how we might get there. 

The problem

Right now, regardless of a major effort to address our desktop security exposure, we are all exposed.  We have state-level players in the game now, and the rapidity that exploits are being disclosed makes the old way of having a stable desktop for any length of time way too risky.

Microsoft’s move to more aggressively patch highlights a critical problem – many companies just cannot accept patches that quickly, because they can cause failures. To partially address this problem and lower support costs on apps, enterprises have been steadily shifting from desktop applications to cloud applications. That lowers the exposure, but the dated OS update policies often remain.

On top of this, when updates do come, they often require extensive time to apply. Unless tightly controlled, the update process can disrupt the employees or any system using the Windows OS. The answer is to fully rotate and give Microsoft the service – initially as an even more-advanced hybrid offering, and eventually as a full cloud service. 

[Funny side story: around a decade ago, in front of a huge audience, a Microsoft VP ran into a bit of a problem. Right in the middle of his pitch, Microsoft IT took over his PC and applied a critical patch. The audience saw the notice come up, and the update stopped his presentation, as his machine went into a lengthy download and update process. And he hadn’t memorized his slides. I don’t recall the audience feeling any need to stop laughing. The presenter was not amused. And, when he returned to Microsoft, I’m pretty sure the CIO got an earful.]

One final issue is that when an employee receives a new PC from inventory, it can often take hours for it to download all the updates and patches.  Employees often have the same choice we individuals do when getting a new PC: sit and wait for all the updates, or hold off and take what may be an unacceptable risk as we try to get work done instead.

The eventual solution: Microsoft-as-a-Service

The eventual solution I expect we will get to will be to put the entire desktop image up in the cloud, and only bring down what is needed to run the system. The core operating system becomes vastly slimmer – approaching a thin client operating system over time. This would have a small, permanent footprint, so that updating and patching it takes seconds, not minutes, with other components either cached on the system or run remotely depending on bandwidth and frequency of use. The full image is maintained in its approved form in the cloud. There, it can be analyzed for malware and introduced exploits and, if found, revert the desktop system instantly to a more secure and safe image.

As 5G rolls out, even our mobile bandwidth should reach a point where this is doable on anything. The system could cache critical parts of the OS for travel on laptops and update the cache next time it connected to a fast-enough network. (Trying to do streaming on airplane WiFi would be a nightmare right now, but that too will get better).  

This would also allow the PC OEMs to better coordinate PC images with Microsoft, who would supply those images directly. To keep those OEMs happy, options where they could introduce unique value would be supplied. Even though Microsoft would undoubtedly provide the service, the OEMs could sell it and also potentially brand their version.

Wrapping up: end game

What I find fascinating is that ever since we moved from terminals, we’ve been trying to get back to the appliance part of that experience. Terminals just worked, and the boot up time was the time it took the TV tube to warm up. With Always Connected PCs, including desktops (which I expect are also coming), the machines never power down and will turn on instantly. Taking the image to the cloud, wrapping the image with AI and pumping it down as a stream could do amazing things to our security exposure and remove much of the pain of patching.

Microsoft is on that path and, if you’re like me, I expect you can hardly wait to get there. 

This article is published as part of the IDG Contributor Network. Want to Join?

Related:
Enterprise mobility 2018: UEM is the next step
  
Shop Tech Products at Amazon