The appeal of  “free” is undeniable. Perhaps that’s why Microsoft decided to offer Windows 10 as a free upgrade. Just as the free version 8.1 enjoyed higher download rates than version 8, it is estimated that Windows 10 will be downloaded to about two-thirds of all personal computers in the first 12 months. It may seem like a win for consumers, but it may create a huge gap between enterprise IT teams and employee devices.

Another factor in the release of Windows 10 is that, for the first time, Microsoft plans to expand Windows 10 to an unlimited number of devices via the “Internet of Things” (IoT). The IoT is becoming an increasing topic of conversation both in and outside of the workplace, in particular in discussions around how to secure these connected devices.

In addition to the IoT, enterprises must also deal with the BYOD (Bring Your Own Device) phenomenon. These two new technology realities present a much larger issue: how do you securely manage the onslaught of virtually invisible devices that are connecting to your corporate network?

An agent has to be running on the device for the IT operations team to be able to detect it – if you’re working with traditional endpoint security management. Since users will be upgrading their personal devices to Windows 10 on a massive scale—and therefore will not have agents—IT administrators need a way to identify, evaluate and secure all the new Windows 10 endpoints that are connecting to their networks. Security through agentless visibility empowers IT to see how many endpoints are accessing the enterprise network and be proactive about only allowing compliant devices to access valuable applications and data.

While BYOD is convenient for employees, it can cause a real nightmare for IT organizations. The truth that can’t be ignored is that BYOD is here to stay, and steps must be taken to safely embrace it. To provide a secure network, enterprises must include:

• Policy-based network access: Organizations should enforce network access based on user, device and security posture so they can implement best-practice network segmentation for guests, contractors, business partners and employees. This allows organizations to onboard Windows 10 devices brought by guests, employees and vendors in a secure manner and provide them access to only the network resources they require to remain productive. If you are somehow able to get your arms around your employee’s personal and company-issued devices, you’d be remiss to ignore the potential threat of visiting vendors, interviewees and delivery personnel.
• Real-time context: Organizations need to ensure that Windows 10 endpoints are compliant with their security policies and can share real-time context about Windows 10 devices with their existing SIEM (Security Information and Event Management), NGFW (Next Generation Firewall), EPP (Endpoint Protection) and patch management systems.
• Visibility into ALL devices: Assigning responsibility to the IT department to handle threats on both managed and unmanaged (agentless) devices isn’t scalable as cybercriminal sophistication increases. Simply throwing people at the problem isn’t fiscally responsible, nor can it guarantee full visibility into all devices.

As the network and the number of things it’s connected to expand, keeping it safe becomes increasingly complex. Most networks today include an accumulation of security products added over time, layered on top of each other vertically and laterally.  Add the challenge of IoT, BYOD and free upgrades—such as the Windows 10 release—and the result is a complicated infrastructure where full protection from cyber attacks is a daunting task.

It’s not realistic to prevent employees from upgrading to Windows 10 just to buy some time.

Upgrades of this nature have become the norm, and it’s better to embrace rather than fight the growing trend. The last two years show that no matter how robust the external defenses, a determined and persistent adversary can find a way to infiltrate a corporate network.

Best practices for IT organizations today include a security strategy with policy-based network access, the ability to share real-time context and visibility into both managed and unmanaged devices. This well-rounded approach will help to bar cyber criminals while granting access to employees, no matter their device or software upgrade. IT security teams will also then be prepared to deal with IoT devices as they make their way onto the network. “Free” is a great word, but when it comes to securing enterprise network environments, “visibility” is an even better one.

About the author:

Rob Greer has served as CMO and SVP of products at ForeScout since June 2015. Prior to joining ForeScout, he served as vice president and general manager of the Network Security division at HP Software, where he was responsible for determining product strategy, delivery, customer success and overall P&L.  Before that, Rob served in numerous leadership roles at Symantec, ClearApp (acquired by Oracle), SonicWALL, and Ignyte Technology, Inc., where he was founder and chief executive officer.  He earned a Bachelor degree in Management Information Systems from San Jose State University.