How the Windows 10 Image as a Service offering ensures that public sector organisations can benefit from regular updates while meeting their information assurance requirements, by Andy Spurway, Microsoft Services' CTO public sector
Windows is going evergreen, creating the prospect of an operating system (OS) that is never retired and replaced, but comes with a continuing series of upgrades to maximise its capabilities.
It is an attractive prospect for any enterprise, but also raises a new challenge for UK government organisations in needing to ensure that every element stays abreast of the security requirements for protecting sensitive information.
They must comply with the demands of the national technical authority for information assurance, the National Cyber Security Centre (NCSC), in at least meeting the standards for information classified as OFFICIAL, in line with those faced by most large companies that hold valuable data. That means ensuring compliance with every update to the OS.
Microsoft has responded with a new offering for its government customers – the Windows 10 Image as a Service – especially for the UK public sector. It provides support for an organisation in the initial implementation of a Windows 10 'headstart' image, extending to incorporate future Windows feature and security updates, the number of which depends on the package chosen.
The Windows 10 Image as a Service offering includes the provision and application of group policies designed by Microsoft, taking into consideration the NCSC guidance. This ensures that the Microsoft build complies with the requirements for protecting OFFICIAL grade information. It means that public sector customers can enjoy the advantages of the evergreen nature of Windows 10 – with an operating system that provides modern, secure computing and the full potential of cloud services – while being confident that they are meeting all of their obligations in information assurance.
The breakdown of the core build under Windows 10 Image as a Service involves Microsoft providing group policy objects, security patches, feature updates and an image base build. The customer is responsible for user-specific apps and profiles, while they collaborate on the provision of anti-virus and security measures.
Microsoft has also developed driver packs to integrate with the operating system for different hardware environments, including its Surface Book and Surface Pro hybrid computers and selected laptops from other manufacturers, reflecting the choices made by different departments and agencies. In addition, they all use the locally installed Office 2016 or Office 365 Pro Plus productivity suites, security patches and an anti-virus solution – which could be from an alternative supplier.
When Windows 10 features are updated, these are fully assessed before being added to the Microsoft build to ensure the system continues to meet the requirements of the OFFICIAL classification. The key factor is that the headstart base image, provided with the initial implementation, includes group policy objects developed in line with current NCSC guidance.
While the images initially developed will not match every organisation’s hardware environment straight away, under the Image as a Service programme Microsoft will invest the time in working with the customer's IT team to ensure its images are compliant on one customer-chosen device.
Microsoft provides driver packs – the collection of files used to install a drive – maintains a centralised copy of the build and will touch base monthly to support the implementation. The build updates include assistance with taking on new material and a regular call with an aligned Microsoft consultant to confirm the current guidance status.
The crucial factor is that the consultant does not just deliver then leave; the process is all about transferring the necessary knowledge to the customer to help them maintain the system, including the security requirements.
Specific options within the Windows 10 Image as a Service offering include: the Public Sector Windows 10 Enterprise Client Image accreditable to OFFICIAL; security guidance for end user devices with technical documentation; and initial on-site consultancy to accelerate and de-risk the deployment, along with equipping the customer’s team with the relevant skills.
Another key point is that this is a rapidly implemented, low cost solution. The implementation of the base headstart image can be completed within two weeks, and each of the build updates carried out in two days, at a time in the quarter suitable for the customer.
Different price packages are available, going from simply the provision of the base headstart image to a 12-month option with three updates or 24 months with seven updates – all competitively priced.
This means that organisations do not need to wait for their existing installations of Windows 7 or 8 to reach retirement date; they can find it cost-effective to switch to Windows 10 and begin to exploit its capabilities much earlier.
Along with the Microsoft platforms stack – including Office 365, Dynamics 365, Azure and Power BI – it offers an outstanding capability to raise the performance of a government organisation’s digital estate. And this can be done to the level of information assurance that most organisations require. It is time to get on with the implementation.
To learn more about the offering, watch this on-demand webinar today.