Jan 14 2020

Windows 7's End of Life Is Here

State and local government agencies are exposing themselves to cybersecurity risks if they do not migrate to Windows 10.

After years of warnings, Microsoft will no longer provide regular support for its Windows 7 operating system. Unlike in the federal government, where there has been a concerted push — and in some cases, mandates — to get agencies to upgrade to Windows 10, there is no similar force pushing state and local agencies to do the same. 

State and local government IT leaders face cybersecurity risks every day they continue to run Windows 7. “If you continue to use Windows 7 after support has ended, your PC will still work, but it will become more vulnerable to security risks and viruses,” Microsoft notes. “Your PC will continue to start and run, but you will no longer receive software updates, including security updates, from Microsoft.”

The exception involves Windows 7 users who pay to enroll in Microsoft’s Extended Security Update program. But Microsoft describes that program as a “last resort option” that will only provide updates “if and when available,” and the company plans to offer it for just three years.

Local government’s Windows migration efforts were in good shape as of the middle of last year, Public Technology Institute Executive Director Alan Shark told StateTech at the time

“Many already had a refresh schedule for PCs and laptops and are taking the date very seriously,” Shark said. “Most people have thought it through well in advance of the deadline.”

State and local agencies could face migration challenges if in-house developers do not possess the expertise needed to update legacy applications that agencies sometimes use, or if the vendor that created a particular application no longer exists.

In addition to performing a comprehensive software audit to try to assess potential application issues, counties may also want to consider offering instruction to help employees become comfortable with the features of the newer version of Windows once it’s installed, according to Shark. “People tend to overlook the human factor sometimes — such as people saying, ‘I don't like touch screens.’ Windows 10 gives you that option; it’s more graphic than 7,” Shark said. “You have to allow for training, whether it’s online or in person, because not everybody is a quick adapter.” 

MORE FROM STATETECH: What are the top 2020 priorities for state CIOs? 

The Key Advantages of Windows 10 Over Windows 7

What are the key differences between Windows 7 and Windows 10?

Functionally, both Windows 7 and Windows 10 offer a familiar Microsoft experience. One key difference is the Start Menu: Removed in Windows 8 in favor of a “tile” system, the Start Menu is back in Windows 10, but with a twist. While the Start Menu still offers quick access to applications, it also includes Live Tiles that show relevant, real-time data.

In addition, Windows 10 streamlines search and notification functions with a dedicated search bar at the bottom of the desktop and a notification center in the bottom right corner, making it easier for users to find what they want, schedule upgrades or make system changes.

Windows 10 offers key advantages over Windows 7, including:

  • Virtual desktops: Windows 10 natively includes virtual desktop functionality to streamline business workloads.
  • Improved data security: Using tools such as Windows Defender, BitLocker and Advanced Threat Detection, Windows 10 offers better defense against threat actors.
  • Automatic updates: Instead of cumbersome, time-consuming updates, Windows 10 handles the updating process automatically to minimize downtime.
  • Windows Sandbox: Users can easily test unknown software in a safe and secure environment.
  • Windows Timeline: Using the Task View button or pressing the Windows key + Tab brings up the timeline, which shows recent activity in supported apps. This is a great feature for business users working across multiple devices in the Windows 10 environment.

MORE FROM STATETECH: Discover why cybersecurity planning should be a top priority for local agencies. 

How Windows 10 Enhances Security

Rita Reynolds, CTO of the National Association of Counties, notes that newer operating systems like Windows 10 “are, of course, going to have more security; the manufacturer is going to continue to patch them. It can be costly, for some, to do an upgrade, but in the long run, it will make the county more secure.”

Microsoft’s decision to build security features into the kernel of the operating system is something that appeals to government IT officials looking to boost endpoint security. 

“On top of a secure operating system, customers also need the added defense of endpoint protection and detection, which is why we built Microsoft Defender Advanced Threat Protection into Windows 10,” Rob Lefferts, corporate vice president of security at Microsoft, tells FedTech

Windows Defender offers a suite of cybersecurity protections and is built into Windows 10. It includes several different technologies that deliver superior protection, including System Guard, Credential Guard, Application Control, Application Guard, Exploit Guard and Advanced Threat Protection.

Microsoft Defender ATP is a unified platform for preventative protection, post-breach detection, automated investigation and response, Lefferts notes. The platform helps agencies “reduce their overall risk by eliminating threats before they get to users and helping already strained IT departments prioritize and remediate threats.” Defender ATP is also powered by the cloud, so it is constantly updated and exchanging signals with the Microsoft Intelligent Security Graph, and it “shares detection and exploration insights across devices, identities and information to speed up response and recovery,” Lefferts says.

Here is a more detailed look at the different elements of Windows Defender

MORE FROM STATETECH: Find out how Windows 10 makes cloud backups easier for agencies concerned about ransomware attacks.

Accelerating the Shift to Windows 10

The first and most important migration task for IT leaders is to conduct an inventory of every PC, endpoint and piece of software (including those applications users have downloaded without your knowledge) to determine which pieces of IT equipment need to be migrated to Windows 10. Some PCs can be upgraded to Windows 10, but some will be so old the agency will need to purchase new equipment with Windows 10 already installed. 

IT leaders need to determine how many Windows 7 users they have, how capable they will be of moving to Windows 10 and whether their roles are so critical their work cannot be interrupted by the migration. Microsoft offers toolkits and other analytics to assist IT teams with this task. After that, IT leaders should select and create a pilot group of users who can start testing how Windows 10 performs and how they interact with it.

Once all of the kinks have been ironed out and agency staff feels comfortable using the platform, IT leaders can start plans for actual deployments. The rollouts should be staggered so IT experts and hardcore beta users go first, followed by less experienced users. Crucially, you should avoid deploying Windows 10 to mission-critical staff in the middle of a project. Another best practice Microsoft recommends is the use of deployment rings, which can make the rollout process smoother. Under this methodology, each ring includes users from a variety of departments so that problems limited to one department can be seen more quickly and affect only a few people at a time. 

State and local government agencies have made some progress in migrating to Windows 10. Now that Windows 7 support has ended, though, those that have not yet made the switch need to get moving to avoid cybersecurity risks.

Maurizio Pesce/Wikimedia Commons