What Windows-as-a-Service will mean for Australian security

By Sasha Pavlovic, director of cloud and data centre security, Trend Micro Asia Pacific

For long-time Microsoft watchers, we are hearing more talk around the possibility of Windows-as-a-Service becoming a reality in the not too distant future. Recent developments related to support and upgrades from the company seem to indicate that Microsoft would prefer users be on a more consistent platform with relatively little differences in software in use. This platform would also be subject to smaller but more frequent feature updates – something that has already been promised to members of Microsoft’s Windows Insider Program.

The idea of Windows-as-a-Service is also being discussed amongst the IT community. It’s not quite the same as other “as-a-service” concepts used by cloud vendors, but there are broad similarities: the service provider rolls out an update to all their users, which they can easily do as the service lives on their servers. In this case, while Windows doesn’t live on a server, it is still the subject of constant updates from Microsoft.

This approach would offer clear business logic but it is a significant change in how Microsoft has done things until now. It also raises several security and operational changes and challenges of which IT administrators need to be aware.

Security: closing the vulnerability gap

Enterprises can currently control how and when patches are installed onto their machines, with the controls available to Windows 10 more powerful than earlier versions. In terms of security, the concept of Windows-as-a-Service is a clear win. Having automatic downloads and installation updates shrinks the vulnerability gap; the time between when a patch is made available and users are able to download and install a fix.

Consider how Google Chrome silently checks for, downloads, and then installs new versions in the background. This helps ensure that any vulnerabilities in that browser are quickly patched before they become a widespread problem. If moving people on to Windows-as-a-Service is Microsoft’s long term goal, such a situation would be more secure than the current variety of browser versions with varying states of (in)security.

It will be important to keep in mind that, if Windows-as-a-Service does happen, there will be some risks in the short term. Many enterprises are slow to upgrade their software, and inevitably some organisations will be caught out and fall victim to exploits targeting now-unpatched browsers. In the long run, however, the overall security picture will improve as fewer systems run these vulnerable browsers.

Organisational resistance to change

The high speed of change that this future path imposes on Windows may come into conflict with the slower, more measured pace that organisations often prefer.

Many Australian organisations tend to follow the “if it ain’t broke, don’t fix it” rule when it comes to technology. While this approach may have worked in the past, today’s higher-paced environment means that businesses will have to get used to change.

If we take a look back at how businesses across Australia and New Zealand have responded to the uptake of new Windows versions over the years, most would fall into the laggard category. That’s not to say that our IT departments aren’t innovators, they’re just a little more adverse when it comes to change based on previous experiences, with criticism of 2006 Windows Vista as a prime example.

Simply put, many organisations have a slow culture when it comes to technological change. The move to Windows-as-a-Service will push organisations towards adopting a faster culture.

Based on a 2015 study that was conducted across 300+ organisations in Australia and New Zealand by Tech Research Asia, 75% expressed interest to move to Windows 10 within 12 months whilst others were contemplating a mid-term move and some downright refusing it.

Such a transition will not be easy or painless but it is already taking place with somewhat surprising speed: surveys of IT professionals around the world have indicated that Windows 10 is being adopted faster than initially anticipated.

Planning for the future

Windows-as-a-Service presents a very different way of doing things. Ordinary consumers won’t feel much change, if at all; they’ll get their updates automatically and not particularly mind. Enterprises more used to controlling their experiences will have a bigger challenge trying to find the right balance of change and control that works for them.

Getting there will not be an easy task for everyone. It will be important for organisations to plan for the transition by ensuring they have security in place capable of providing protection to various users that cannot be upgraded immediately to Windows 10. This will allow IT administrators to upgrade their users at planned-for intervals, providing the transition additional (and perhaps much-needed) breathing room to carry out the transition in a way that is less disruptive to business.

Once a relatively quick and automated patch cycle is accepted, we will see a significant improvement for security. Exploits found in the wild frequently target old vulnerabilities that have yet to be patched, so more automatic patching in the promise of Windows-as-a-Service will result in a better, more secure future.

Sasha Pavlovic is the director of cloud and data centre security for Trend Micro Asia Pacific www.TrendMicro.com.au



Join the PC World newsletter!

Error: Please check your email address.

Tags Australian securityMicrosoftWindows 10IT SecurityGoogle Chromewindows insider program

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Sasha Pavlovic

CSO Online
Show Comments

Cool Tech

Crucial Ballistix Elite 32GB Kit (4 x 8GB) DDR4-3000 UDIMM

Learn more >

Gadgets & Things

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

Family Friendly

Lexar® JumpDrive® S57 USB 3.0 flash drive 

Learn more >

Stocking Stuffer

Plox Star Wars Death Star Levitating Bluetooth Speaker

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?