For example, Windows has historically been handled in one particular way, while iOS and Android have to be managed in a completely different manner. This is because the underlying architectures of the operating systems have been so different.
However, with implementation of Windows 10 in the enterprise, all modern PCs, tablets, and mobiles can now be unified under one enterprise mobility management (EMM) system.
There is no denying that mobile is now firmly a part of the IT landscape. Many enterprises are at least now managing a fleet of managed devices for employees, or alternatively operating a Bring Your Own Device (BYOD) policy, or sometimes both, as the workforce requires greater flexibility in their professional lives.
But for enterprise IT, where managing a range of devices gets more and more complex, systems administrators often find themselves juggling multiple solutions and processes as they try to balance disparate security and management tasks.
The adoption of Windows 10 in businesses provides a golden opportunity for mobile IT to combine endpoints under a unified EMM platform that can dramatically reduce the time and effort spent on managing devices and securing corporate data.
How far we’ve come
For more than 20 years, the traditional IT architecture in the enterprise centred around the Windows desktop model, which included an open file system and OS kernel that was vulnerable to modifications by other apps.
Essentially, this model could only work by giving IT the ability to lock down the PC to a corporate system image, which is then governed by a set of Group Policy Objectives (GPOs) for system configuration and enforcement that defined what users were and were not allowed to do, from viewing certain websites to accessing certain files.
However, this system is now far too complicated and restrictive for the modern enterprise. The traditional set up provides no end-user choice, is untenable in a BYOD setting, and, perhaps most importantly, was built for a Windows-only world, not the multi-OS mobile world of today where workers could be accessing and transferring corporate data from their Windows PC to an iPhone or an Android tablet.
With Windows 10, that all changes. Businesses will be able to shift away from this legacy architecture and move to a more flexible, user-centric system. The key to this transformation will be the shift from GPOs to EMM as the primary means to secure and manage enterprise devices.
Unifying desktop, tablet and mobile
EMM is becoming the core security platform in the modern enterprise because it enables business users to securely access data from any device on any network, without compromising user privacy. This evolution has been enabled by ditching the previous model through fundamental changes in the underlying architecture of the operating system that better suits the modern IT landscape.
The new model for Windows 10 uses sandboxed app and a protected OS kernel. This type of architecture was actually first introduced by the iOS back in 2007, and helps to greatly mitigate the risk of being compromised.
Sandboxing means each app has its own storage and memory, which ensures the data of each app is protected from the actions of other apps on the device, while a protected OS kernel means apps cannot take system-level actions or modify the kernel as they can in traditional Windows systems.
This modern model protects against traditional malware threats, which therefore minimises the need for anti-virus software on mobile devices.
Windows 10 has also introduced enterprise security primitives into the operating system. Again, this was something that was first introduced by iOS, this time in 2010.
These primitives take system-level actions such as installing or deleting an app, wiping data, storing a certificate for authentication or configuring connectivity and ensures that all control over these is via the IT department only, and can only be accessed by a trusted platform.
Essentially, this centralisation of control means that individual apps will not be able change privileges or access or delete data off a device, and allows for the OS kernel to remain secure, while providing the enterprise with appropriate controls.
By adopting these approaches, Windows 10 is now much more secure and manageable than either Windows XP or 7.
This is also where EMM comes in. By providing a centralised – and, more importantly, trusted – platform, IT is able to control device protocols across either a fleet of managed devices or through BYOD.
A secure and seamless user experience
In the end, it’s all about the user. If the security model prevents the user from doing work effectively, then it fails. Desktop security relied on lockdown, while modern security focuses on enablement.
Mobile security and management has evolved around the needs of both IT and the end user. As this model moves to Windows 10, it is not only IT but also the end user who will get a consistent and seamless experience across devices. That is not to say that the apps and services available on all those devices will be the same, but rather that security will be present but invisible and focused on enabling as broad a range of services as possible.
The opportunity is now here for enterprises to evolve to a modern architecture. The combination of Windows 10 and EMM will give businesses the ability to not only meet mobile first goals, but to also increase the flexibility of the workforce while ensuring data is kept secure.