Security is a non-negotiable requirement for IT organizations. Systems managers must deploy all available tools to protect their desktop systems, after all they may have thousands or tens of thousands of desktops in their organizations with each one being a potential attack point.
Windows 10 introduces advanced technology to prevent malware, rootkits, key loggers and much more from infecting those desktops. The security measures start with Secure Boot and include Device Guard (which only allow trusted code to execute), Credential Guard (to prevent malware capturing and re-using admin rights) and biometric authentication (e.g. face recognition or fingerprint scanning), as well as other new security capabilities.
Proper implementation of all the above requires a combination of Windows 10 and modern hardware, with UEFI used to bridge the two. Most hardware delivered in the last few years has been ready for UEFI, but was running in BIOS emulation mode since the OS wasn’t ready to use UEFI features. That is, until Windows 10.
The Migration Challenge
The challenge is that enabling UEFI (and, therefore, the new advanced security features) requires a conversion from BIOS mode to UEFI.
This is a potentially destructive process: besides complex configuration (which varies from one vendor to another), the system’s hard disk needs to be re-partitioned and re-formatted. This is the process known as “wipe and load” as the disk is wiped and Windows 10 is installed. The alternative, an in-place upgrade, enables some security features but cannot deliver full protection.
Because of this destructive process and lack of tools, companies looking to automate the process have either delayed their Windows 10 deployments or opted to use an in-place upgrade to install Windows 10. Delays or choices that leave systems vulnerable to attack.
Wipe and load has benefits beyond security. It also means systems can be cleansed of old, unnecessary drivers and out of date applications. Also, it means the organization has a good OS deployment image to use for new hardware and a refresh of existing systems as needed.
The Right Way to Deploy Windows 10
Unless there’s a pressing reason for an in-place upgrade, the best way to deploy Windows 10 is using the “wipe and load” process.
The other options don’t deliver what the business needs: waiting for hardware to be replaced leaves systems vulnerable; using in-place upgrade does not meet the need to enable high security.
The challenge is to automate the wipe and load process so that it can scale to thousands of systems, wherever they are, and remove the need for manual intervention.
The 1E Windows 10 deployment engine provides the only tools that can automate this entire process. From enabling the end-user to start the process, backing up user data and settings to local peers, and converting BIOS to UEFI for all the most common enterprise systems, installing Windows 10 and applications, the entire process is zero touch.
It’s a win-win: the ease of use of an in-place upgrade with the peace of mind of a wipe and load installation that’s ready for Windows 10 security.
The 1E Promise to you
1E will deliver you a migration engine that fully automates the wipe-and-load process, giving you all the benefits of an in-place upgrade – speed, flexibility and minimum disruption – but with no compromises on Windows 10 security.
Your IT staff can focus on the software that is important for your business, rather than focussing on the imminent threat of breaches in your security.