Move to Modern. Windows 10 IoT—Safer, Smarter, Cloud-Ready

The following has been excerpted from microsoft.com.

Windows has long been a leader in powering dedicated devices. Many of the ATMs, cash registers, and airport kiosks around the world run Windows Embedded 7. That operating system is based on Windows 7 (support for it ended January 14, 2020) and, similarly, Windows Embedded 7 extended support will end soon.

Microsoft offers Windows 10 IoT as the modern migration path for these devices, which includes the same security improvements, excellent application compatibility, and management flexibility as the rest of the Windows 10 family. It also has many advanced features like machine learning along with built-in cloud readiness. In addition, the latest Windows 10 IoT releases from October 2018 will be supported for 10 years, until 2028.

The affected devices range from the previously mentioned types to devices in industries such as healthcare, manufacturing, digital signage, and many more. Windows 10 IoT lets users leverage their existing skills in software development and management. Similarly, most current applications and peripherals can also continue to be used.

There have been many changes since Windows 7 was released almost 10 years ago. Some of the most significant for dedicated devices include information security and privacy, manageability, artificial intelligence (AI)/machine learning, and cloud computing. Windows 10 has countless advances in these areas. Here are a few highlights*:

Security—Trusted Boot, device encryption, and Device Health Attestation
Manageability—Azure IoT Hub, Microsoft Intune, and Device Update Center**
Deployment—Azure IoT Hub Device Provisioning Service and Windows Autopilot
AI/machine learning—Windows machine learning and cognitive services
Cloud computing—Azure IoT Edge support

In September Microsoft announced that they will offer paid Windows 7 Extended Security Updates (ESU) through January 2023. This also applies to the Windows Embedded 7 family of products. These updates are sold through our embedded partners, so interested customers should contact their device manufacturer.

Now is the time to migrate to Windows 10 IoT and move to modern.

Contact YYTECH if you are using this Microsoft product version – we can help you evaluate and upgrade your systems as painlessly as possible.

*Some of these services require an additional subscription.
**Device Update Center only applies to Windows 10 IoT Core.

Information excerpted from <https://www.microsoft.com/en-us/microsoft-365/blog/2019/01/14/move-to-modern-windows-10-iot-safer-smarter-cloud-ready/>

Yeo & Yeo Technology is proud to announce its achievement of Fortinet Gold Partner status. Fortinet is a leading network and cybersecurity provider.

Fortinet Gold Partner“Our partnership with Fortinet reflects our shared values, providing high-quality security solutions,” says Jeff McCulloch, President. “Achieving Gold Partner status allows us to continue to grow our partnership and offer a broad range of services for new and current clients.”

YYTECH partnered with Fortinet in 2010, offering next-generation firewalls, endpoint protection, network security, and secure access switching and wireless networks. To become a Gold Partner, YYTECH had to achieve proven success with Fortinet solutions and demonstrate commitment to the continued adoption of future Fortinet technologies. YYTECH technical and sales staff had to complete additional training and certification as part of the Gold Partner requirement.

Fortinet Gold Partners deliver the full spectrum of Fortinet’s solution set and retain certified staff to assist with any variety of implementation needs. They are recognized for their superior customer service and support capabilities.

“We are proud to have Fortinet as a strategic partner, offering some of the best-performing security devices on the market for our clients,” said McCulloch. “Fortinet’s solutions are a complement to our other strategic partners in offering complete security solutions.”

Scaling up a corporate security department can be an exercise in futility. These organizations need to cover multiple areas of expertise, from classic IT security to physical security, compliance, regulations, secure coding, incident handling and legal/privacy, all while facing the need to run lean.

The reality is that security is becoming more than an engineering exercise. Culture and education of security is a necessity in a modern organization. Without it, we are bound to fail. Over the past year, I have focused on keeping a small and lean security organization, all the while evangelizing a security champion program to spread and, most importantly, live the mission.

Through this program, we channel our champions into “front-line support” on everything related to security. These advocates know their businesses better than any of my security engineers could, and they are deeply embedded in their organization’s culture. And, as a result, they can provide the best context for security decisions. Our role is to equip them with our services and security expertise.

I’ve been on the front lines running (and also challenging) security organizations for years. During this time, I’ve experienced firsthand how the push and pull of scaling a security team manifests itself. Pull toward one side (try to focus your resources on an “emerging” or “critical” issue), and you end up exposing the other (less pertinent issues or technologies). Hiring more security staff doesn’t scale, as the areas that need coverage will almost always be exponentially larger.

Equip Your Teams

However, what if more of that “uncovered” area had appropriate security expertise in it? What if you could lower the attack surface in a systematic manner across the organization — not through buying more tools and products, but through going deeper into the root cause of those problems and addressing them by creating champions out of the resources and people at your disposal?

Let’s consider Verizon’s “2019 Data Breach Investigations Report (DBIR),” which analyzed 41,686 security incidents (among them, 2,013 were confirmed data breaches). The report shows that web applications are the top breach target for hackers. This means that addressing vulnerabilities and exposure in web applications brings a significant return on investment compared to other areas of focus.

Equipping development teams with the knowledge and skills to identify and address security issues through the application development life cycle has been around for decades — secure software development life cycle (SDLC) methodologies. Yet, it is still a major investment.

Consider Your Code Quality

I’ve yet to see an SDLC implementation that was simply taken “off the shelf” and applied to an organization. It takes time, an understanding of how development works in your organization and collaboration from the development teams. However, more than anything, it’s about code quality, not just a pure security play. Less breakable code, no matter if it is security-focused or performance-focused, is better code. Period.

In every implementation of an SDLC that I’ve had a chance to work through, I’ve always partnered with development stakeholders to ensure that, at the end of the day, developers get more tools and knowledge to improve their code. And they end up more receptive to those efforts because it’s about the work they do, and not a security measure forced down their throats. Take a hard look at how your development outputs affect your attack surface and the impact that a code improvement can make to your risk exposure.

Before throwing expensive “it was on the best-practice list of tools to deploy” products into your budget or hiring another couple of security engineers, consider how a strong security champions program and a reframing of the problem at hand can deliver the most return on investment.

Article provided by Partner On and Frobes.com.

As you compile your organization’s IT budget for 2020, a familiar concern will likely top the list: security. According to a survey by TechRepublic, security and cloud services are the two top priorities heading into the new year, but other priorities are gaining in importance. 

While priorities have changed, IT budgets still comprise an average of 10% of total budget spending heading into 2020. We have identified some considerations for planning your organization’s IT budget for the coming year.

Software and Hardware Updates
Making room in your budget for software security upgrades is critical. While some, such as Microsoft Office 365, automatically push out updates and patches, it’s important to stay on top of third-party patching for your Windows devices. Third-party patches from Adobe, Google Chrome or Flash should be easy but can be a hassle. Investing in patch management software will help keep you secure while saving time and resources.

Going into each new year, it’s important to consider the state of your hardware to ensure efficiency, effectiveness and security. Consider the following:

  • Do your PCs and servers still have enough storage space?
  • How old is your current hardware?
  • Are your devices running slow?
  • Is your network running slow?

Consider investing in a Managed Services package to cover all hardware and software management.

Cybersecurity Monitoring and Training
Ransomware and malware continue to be major threats for business owners and IT professionals. Incorporating a 24/7/365 cybersecurity monitoring solution allows trained professionals to act on threats to your network in real time. This keeps your organization safe from cybercrime while staying compliant at the same time.

Education is a key factor in prevention and Security Awareness Training is a cost-effective way to train employees to notice warning signs and stop an attack before it strikes. Data shows employees who are tested show a drop in phish-prone percentage from an average of 15.9 % to 1.2 % in just 12 months.

Microsoft End-of-Support Applications
Several of Microsoft’s applications, including Windows 7  will no longer be supported. Any applications that are being used after their end-of-support date immediately become a threat to your network since they will no longer be patched for vulnerabilities. Additional Microsoft products reaching end-of-support in 2020 include:

  • Hyper-V Server 2008 (January 14, 2020)
  • Windows Server 2008 (January 14, 2020)
  • Internet Explorer 10 (January 31, 2020)
  • Office 2010 – Including Outlook, Word, Excel, and PowerPoint (October 13, 2020)
  • SharePoint 2010 (October 13, 2020)

Additionally, Windows 10, versions 1809, 1903 and Systems Center, version 1807, will move into retirement in 2020. Upon retirement and end-of-support, these products will no longer receive new security updates, non-security updates, free or paid assisted support options or online technical content updates.

If you would like to learn more about planning your IT budget or YYTECH’s suite of services, contact us today.

Sources

TechRepublic Premium: 2020 IT Budget Research Report

ZDNet: 2020 IT Budgets Increase as Priorities Grow

Ask yourself: What is the point of the efficiency and mobility advantages technology has provided us if they can be canceled out by burdensome security required to battle the constant threat of attack?

At Yeo & Yeo Technology, we know we can do better. That’s why we believe in Microsoft 365 E5. The versatile, holistic security it provides is the key to making technology work for us, not cybercriminals.

Learn how Microsoft 365 simplifies user access.