Moving towards a Vista world

This morning's briefing with BeyondTrust, a privilege management vendor with UAC features, reminded me of the some of the security issues facing IT with Vista migration programs. I have talked with a number of banking organizations claiming they'll worry about Vista in 2010, but that is not practical. IT should start detailed planning now, because Vista is here and will enter their lives a lot sooner than they think. Anyone that recently bought a Windows PC for their home is running Vista. Employees accessing corporate applications from home will be using Vista, which means support and security issues have arrived now! IT typically gets 4 or 5 years out of endpoint hardware before upgrading employee devices. Unless the company has a really big hammer, Microsoft will force a migration to Vista. This means for at least the next 5 years IT has to plan on a mixed environment of XP and Vista endpoints. Three steps IT should consider are: Train IT, security, and business teams on Vista and Longhorn features. Part of their assignment should be identifying how features introduced in Vista can co-exist with an XP user community. Some Vista features will have no XP counterpart whereas other XP features will not be needed in a Vista world. This also helps IT evaluate the future value (and end-of-life assessment) of a vendor offering that helped XP users. Make sure every vendor has a plan for a mixed platform environment. Vendors touting Vista-based approaches are forward-thinking, but perhaps early to market. Make sure they can also help secure XP users before rushing to deployment. A vendor that is strong in XP better have a compelling case as to how they add value when Vista hits the corporate scene. For example, how are UAC-oriented features supported for a predominantly XP user base, or how well is a solution that hooks XP going to work with the Kernel Protection APIs? Look at application delivery technology to implement the business as a service. This can lessen the dependence on the endpoint operating system. Endpoints can be whatever they want, without impacting use of business applications. Citrix is really good at this stuff, and the new Microsoft Terminal Server looks pretty nice if IT can wait for Longhorn. Both also fit a VMware/Cisco datacenter consolidation play where data stays in the protected datacenter.