Gajus - Fotolia
Published: 27 Mar 2018
My 2 1/2-year-old daughter loves the song "Let It Go" from the movie Frozen. Desktop and mobile administrators better get used to singing a similar tune.
For most of IT's history, admins had nearly total control over when, why and how they updated their organizations' operating systems. Vendor-related factors such as end-of-support deadlines occasionally forced their hands, but for the most part, IT was in the driver's seat with operating system updates.
That's no longer the case. Operating system vendors and device manufacturers push out updates and patches, and there's not a lot IT can do about it. This issue is most prevalent on smartphones and tablets, but Windows 10 has brought it to the desktop as well.
Apple iOS and Google Android, the two major mobile operating systems, take approaches that are very different yet equally frustrating for IT.
When there's a new iOS version, Apple makes it available to all supported devices -- typically the past several models of iPhone and iPad. Users receive a notification and can decide when to download and install the update. IT is not involved in the process at all and has no ability to control it.
This spring's iOS 11.3 will let IT delay updates for up to 90 days, but only for devices managed through Apple Configurator or the Device Enrollment Program. Neither is common in enterprise BYOD scenarios, so most organizations will still be left powerless to stop operating system updates.
Unlike the iPhone and iPad, Android devices have many different manufacturers. It's up to each of these manufacturers to decide when or if to make Google's security and operating system updates available to their devices. As a result, there's no consistency among devices, which makes it difficult for IT to properly manage and secure them in heterogeneous environments. And enterprise buyers have no guarantees about how long their devices will remain updated and supported.
Google's new Android Enterprise Recommended program aims to address this issue by creating a list of devices guaranteed to receive security updates for at least three years. If a vendor doesn't hold up its end of the bargain, as has happened before, Google will remove it or its devices from the list. That warns potential buyers in the future, but it does nothing to help an organization that bought a certain device expecting regular updates, only to be left holding the bag.
Further, as with Apple, the options for controlling Android updates are pretty limited. The first such product, Samsung E-FOTA, launched a year ago, but it only works with specific Samsung devices.
The whole premise behind Windows 10 comes from the mobile world. Instead of developing an entirely new version of the operating system every few years, Microsoft will continuously update and patch it through monthly releases.
Before Windows 10, if IT leaders didn't want to move to a new version, they didn't have to for a very long time. (Windows XP came out in 2001, and Microsoft supported it until 2014, for example.) Once on Windows 10, that's not an option. With the Semi-Annual Channel, the most common update model for Windows 10 in the enterprise, organizations can only delay feature updates for up to 12 months. Furthermore, Microsoft only supports these updates for 18 months, so organizations that wait the whole 12 months will have just six months before it's time to update again.
Before Windows 10, desktop admins could choose which specific security updates to install and when to do it, giving them plenty of time to test for application compatibility and other issues. Now, Microsoft is taking a cumulative update approach. This month's release not only includes all the new security updates, but also all of those from previous months. IT can only defer these operating system updates for up to 35 days.
Frozen tells the story of Princess Elsa, who struggles to control her magical powers. She eventually realizes that she can't change them, so she accepts and embraces them.
Apple, Microsoft and all the Android device manufacturers now have the power when it comes to operating system updates. IT administrators will have to come to a similar realization as Elsa. There's nothing they can do to take that control back, so they'll have to let it go.