Upgrading operating systems to the latest version sounds like it should be a simple step given that system updates are at the core of the most basic cybersecurity hygiene. However, with Microsoft’s Windows 7 going out of support by the tech giant in a month, one agency in the midst of upgrading to Windows 10 has learned that it is not that easy to update.
“Most folks have moved over to Windows 10, but moving them off Windows 7 to Windows 10 was a feat of itself because there were some significant changes in the use of Windows 10 versus Windows 7,” said Nagesh Rao, the Small Business Administration’s director of business technology solutions, speaking at the Advanced Technology Academic Research Center Dec. 11.
Rao said that cabinet agency IT officials had to “make the compelling case” to SBA employees that the agency was upgrading because continuing to operate on Window 7 after January posed a significant cybersecurity risk. But the agency still received some push back from employees despite that justification because "you had a lot of people that were so comfortable in their ways,” Rao said.
“It was not taken well, I’ll be honest,” Rao said.
Some federal agencies with older operating systems still have a way to go to mitigate potential risk exposure.
In August, SBA told Federal Times that they were “actively rolling out” Windows 10 and about halfway done with the migration 4,350 computers. At the time, SBA planned to finish the upgrade at the end of October.
SBA took an enterprise approach to the migration to be efficient, reduce cost and “ensure there was a logical, secure flow of information.” Rao also praised SBA CIO Maria Roat and Deputy CIO Guy Cavallo, saying that they’ve done a great job “cleaning up” the IT infrastructure at SBA, especially since the pair joined SBA “inheriting 10 years of [IT] delinquency.”
Rao joined SBA well before Roat or Cavallo, adding that before they arrived, SBA IT environment and its accompanying culture was poor. The enterprisewide strategy taken by the the CIO’s office to migrating to Windows 10 demonstrates the new approach to IT modernization at SBA.
“It really did require a firm, steady hand from the CIO leadership to say ‘Look, we’re doing this collectively, we’re doing this as a group,’” Rao said, later adding, "It doesn’t just happen overnight. It requires a consistent, steady long-term plan.”