Dell recommends Windows 8.

Migrating to Security

Curtis Franklin Jr., Executive Editor | 1/3/2013 | 14 comments

Curtis Franklin Jr.
Is learning an open-source activity? It might seem an odd question, but for IT professionals migrating systems in educational institutions, it's far from academic.

Since 1981, the MS-DOS/Windows ecosystem has been relatively open. Sure, Microsoft owns (and jealously guards) the core operating system, but it has always been pretty easy to write new software for MS-DOS and to build new systems around the hardware and software that make up the environment. It has become somewhat more challenging over the years (I remember when you could order an IBM PC with the BIOS listing and patch the BIOS yourself if you needed to do something truly special), but even the last decade has seen Windows occupying a point between the creative chaos of Linux and the tightly controlled realm of MacOS. With Windows 8, the spot that Windows occupies shifts considerably toward the "locked-down" end of the spectrum.

Enterprise IT managers are, in general, happy to see Windows 8 come with a much more restrictive view of the world. Applications for Windows 8 RT, for example, must come from the Windows 8 app store. No more random downloads of mobile applications for your users, for good or for ill. Even when you leave the mobile world for that of the desktop, you'll find that things are much less open than they once were.

Steven J. Vaughan-Nichols has looked at the issue of creating a system that dual-boots Windows 8 and Linux. He focuses on the heart of Windows 8 security -- Secure Boot -- and finds that it does precisely what it's supposed to do, making it impossible to load software that doesn't have all the appropriate certificates and approvals.

Now, it's easy enough to get around this by simply disabling Secure Boot entirely. Of course, doing this leaves your system insecure, and that really represents the basic issue that many IT departments are going to have with the idea of Windows and flexibility. For corporate IT departments, it's a relatively straightforward breakdown that will favor control. For education CIOs, it's considerably more complex.

The complexity of the issue in education arises partially around the grade level involved. It's very easy to say that systems for use by elementary and middle-school students should be highly restricted and kept in a locked-down state. When you get to high school, the question is somewhat more complicated (and highly dependent on the location of and subject matter taught on the system), and by the time you get to university, things get very, very complicated. For the latter group, computers in open-access labs can easily be kept locked down, but how do you deal with the systems that sit in faculty offices? How, to put a fine point on it, do you apply some sort of uniform rule over all the systems in your fleet?

One option, if you're in charge of an infrastructure that runs on Active Directory, is to disable Secure Boot and tie many of its features to permission levels set by AD roles for users and groups. It's something of a pain, but it combines flexibility and security in a system that makes sense. For those looking at Windows 8 RT (and RT Pro), though, the answer is going to be "it's locked" for some time to come. This is one of those situations that requires as much change to mindset as to infrastructure when it comes time to migrate. Now, it's time to prepare your user community for the change.

View Comments: Newest First | Oldest First | Threaded View
Page 1 / 2   >   >>
TJGUK   Migrating to Security   3/5/2013 2:33:27 PM
Re: special-purpose devices
@sohaibmasood: I don''t get what government hacking brings to the individuals either. In fact, the last thing I would want is a nation-state after me after I have compromised one of their sites!
sohaibmasood   Migrating to Security   2/4/2013 11:09:17 AM
Re: special-purpose devices

State sponsored hacking is indeed on the rise. However, I fail to understand what good does it bring to the individuals. Hacking a Governments website and displaying your banners is not the way to tell anyone that you are capable of doing stuff on the internet. 
TJGUK   Migrating to Security   2/1/2013 8:42:56 AM
Re: special-purpose devices
@sohaibmasood: Indeed. In fact the number of state sponsored hacking incidents is starting to increase. While you might not be able to protect yourself fully from a nation-state military cyber attack, at least you can make it difficult for them and impossible for others.
sohaibmasood   Migrating to Security   1/31/2013 12:41:19 AM
Re: Migrating to security
anthony.nima, what I meant was that a laptop with added security is always better than one without security. I wasn't comparing it to other devices. Although extra security uses systems resources and hogs the system down at time but one can be certain that they are protected from external threats. 
anthony.nima   Migrating to Security   1/29/2013 9:37:42 AM
Re: Migrating to security
Sohaib: True. Its always better to be on the safe side but what I cant understand is why ru reffering to laptops been the most safest out of the lot ? Wjhats makes laptops more safer ?
sohaibmasood   Migrating to Security   1/23/2013 7:42:49 AM
Re: Migrating to security
Randomus, I have also used laptops with extra security and although they are slowed down by the added security I still feel that they are better in protecting us from threats. An unprotected laptop is a vulnerable point that many hackers would like to exploit to get into an enterprise. So, I feel it is better to be safe with added security than to be unsafe without it. 
sohaibmasood   Migrating to Security   1/23/2013 7:40:23 AM
Re: special-purpose devices
TJGUK, I agree with you. In order to protect ourselves it is important that all threats pertaining from Internet are accounted for. We can only do this by installing an antivirus and putting in some kind of protection for downloads and emails. 
Susan Fogarty   Migrating to Security   1/12/2013 7:00:31 PM
Re: Migrating to security
Randomus, I definitely understnd that. Sometimes security applications can use all the processing power on a machine. I guess I assumed that because this blog was talking about security that was part of the operating system, that it would run a lot more efficiently. Do you know if that's the case or not?
Randomus   Migrating to Security   1/12/2013 4:16:35 AM
Re: Migrating to security
Susan: The problem I have with IT adding extra layers of security control, however, is that it sometimes feels like bloatware.  I've used laptops with "extra security" that were a complete nightmare to use, despite the hardware being newly released.  Ultimately, I ended up bringing in my own laptop, which opened the network up to potential security threats all over again – and I feel I'm not the only person with this line of reasoning.
TJGUK   Migrating to Security   1/8/2013 5:05:45 PM
Re: special-purpose devices
Locked down devices are fine, but there also needs to be security from the otherside meaning safety from the internet. While preventing the installation of unapproved software is a good start, there has to be sophisticated anti virus and firewall software in the OS as well. There are many doors in the Windows mansion. Users have to be protected whether they are using company devices at work or their own everywhere else.
Page 1 / 2   >   >>

The blogs and comments posted on do not reflect the views of TechWeb,, or its sponsors., TechWeb, and its sponsors do not assume responsibility for any comments, claims, or opinions made by authors and bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.

More Blogs from Curtis Franklin Jr.
Curtis Franklin Jr.   4/22/2013   91 comments
Put 10 IT executives in a room and ask them about Windows 8, and you're likely to get at least a dozen stories about the user interface. Metro is the key to successful migration.
Curtis Franklin Jr.   4/9/2013   33 comments
Are you blue? Oh, so blue? If you're in the process of managing a migration to Windows 8, Blue might just be your color.
Curtis Franklin Jr.   3/26/2013   40 comments
Last week, as I walked the halls of the Enterprise Connect conference in Orlando, Fla., I heard executive after executive talk about migration. The genesis of their discussions was the ...
Curtis Franklin Jr.   3/11/2013   35 comments
Windows 8 is a work in progress. There's no news value to that, but it's important to keep in mind as we think about Microsoft's latest news.
Curtis Franklin Jr.   2/28/2013   54 comments
When it comes time to migrate to a new OS, it's tempting to ask, "Why stop there?" Why, indeed, is the question.
Dell Information Resources
© 2018 UBM TechWeb - Privacy Policy