Why Your Windows as a Service Updates Need a Strategy

So it begins. After years of warning, we are now officially less than one year away from the end of Windows 7 as a viable enterprise operating system. On January 14th, 2020, support for the operating system will end. When it comes to making a switch, it’s no longer a matter of if; it’s now a matter of when.

According to our Death of Windows 7 survey, 15% of IT professionals aren’t aware of Windows 10’s need for continuous updates. Another 43% of enterprises still have machines running Windows 7, so even those who are aware of its update schedule might not have a full understanding of what it will entail, and ultimately the impact and risk this introduces to their businesses and how this will affect their underlying strategy. Meanwhile, 46% of IT professionals said they don’t have a formal plan in place to manage Windows as a Service updates.

For these professionals, the success of their transition to Windows 10 will be directly tied to their strategy for handling updates. To make a long story short, there’s a significant difference between an effective Windows 7 update strategy and an effective Windows-as-a-Service strategy. In this article, I want to share what to expect from Windows 10 updates so you can start to build a strategy that matches reality and adopt new processes that meet the demands of today’s WaaS model.

The Endless Updates of Windows 10

Unlike Windows 7, Windows 10 will feature two major semi-annual feature releases, in addition to 12 Quality Update releases per year for security hygiene. That’s not all, since many Windows 10 enterprise users also run Office 365, that productivity software will also see two semi-annual  releases on top of regular Office-specific security updates. When you add this all up, I hope you can begin to realize a new approach is needed.

Many enterprises utilize 3rd party freeware tools and applications to improve the functionality of Office 365. Increasingly, hackers are targeting these products’ vulnerabilities as a way to break into the network. Expect to update these tools just as regularly as Office to ensure that your enterprise minimizes its overall attack surface.

In addition to managing machines inside the internal corporate network boundary, enterprises need to think about protecting remote workers outside the network as the trend for mobile working grows. Often, a security risk is determined by the small number of unpatched machines that pose the greatest risk. Even if these remote endpoints don’t touch the network frequently, all it takes is one connection from an unpatched and infected machine to cause a security event and that could lead to a serious data breach, compromising not just the intellectual property of the organization and its customers, but potentially their reputations as well.

Finally, an effective update strategy needs to incorporate the need to respond quickly to Zero Day Attacks. With these attacks vectors, malicious code has been published publicly, which means an attack on unpatched machines can be conducted by anyone willing to cause harm. When these exploits become known, Microsoft will work rapidly to release a permanent or at least temporary patch to address the issue (known as out of band) of the once-a-month Quality update.

The Impact on Enterprises

To recap, that’s twice a year major updates, monthly updates, updates to 3rd party tools, and updates with no warning whatsoever. As you can see, the volume, frequency and  size of Windows 10 updates far outstrips managing any OS which has gone before it.

Rather than spending months testing and validating an update against both the core operating system and interoperability with critical Line of Business applications and functions, enterprises will have one month tops to be fully deployed and considered current before the next release cycle comes out, causing the enterprise to fall behind. Enterprises often have complex infrastructures containing multiple dev/test pre-production environments, and all these environments will also need to be patched and maintained to the same level as the production environment. All of this can leave little time for the actual deployment of updates to the edge of the business network.

And that’s before you consider the fact that many enterprises often restrict the distribution of updates to outside of normal business hours or prevent deployments during change freezes at peak times of the year critical to their specific industry sector. While under Windows 7, this strategy somewhat limited the network and normal business operations from being disrupted, the “always updating” cadence of Windows 10 makes this schedule is a non-starter.

With Windows 10, updates are bundled and non-elective. While they can be delayed, they can’t be declined. That means an enterprise running Windows 10 will also see a dramatic increase in network traffic due to the larger size of updates, which existing network architectures using distribution points aren’t always designed to handle.

Power Your Windows 10 Update Strategy With Software

The bottom line: Windows 10 updates are going to become more frequent and more data intensive. Therefore, an effective Windows 10 update strategy should seek ways to gain time while reducing bandwidth. That’s where a Software-Defined Enterprise Content Delivery Network (SD ECDN) like Kollective can help.

By adopting an ECDN overlay to your existing ConfigMgr infrastructure, you can leverage the power of a peer to peer technology to dramatically reduce the need to deploy distributions points that serve content to your end user computing estate. By streamlining your ConfigMgr, you’ll not only significantly accelerate the time it takes to deploy updates, but also reduce the amount of update-related data moving through the corporate WAN, by offsetting this to the LAN.

This will allow you to deploy updates during business hours without impacting the network and disturbing critical business functions, buying you an additional 10-12 hours a day in which to deploy. You can then use the extra time you gain during deployment for testing and validation, reducing the risk of failed deployments.

Without a doubt, Windows 10 requires a change to the way you approach updates. For IT staff who are used to taking their time or putting off updates, Windows 10 is going to feel like going from a walk in the park to a never-ending sprint. But with the right strategy and technology in place, enterprises will be able to keep pace with Windows as a Service without compromise.


Don’t let Windows become your next big security risk

Microsoft will end included support for Windows 7 on January 14, 2020, yet almost one-fifth (18%) of large enterprises still haven’t completed their migration to Windows 10. Learn what options IT teams have to prepare for the end of Windows 7 and to manage the regular cadence of Windows as a Service updates.









Related Blog Posts

Share This