It’s official: Microsoft is no longer supporting Windows® Embedded handheld devices. And though some Windows Embedded Compact device users have been granted extended support through 2021 and 2023, depending on the operating system (OS) version, those devices are also nearing their end of life quite quickly.
What does that mean if you (or your workers) are still using Windows mobile computers in your store, warehouse, manufacturing plant or at other job sites in the field? We asked our in-house expert Bruce Willins to break it down:
Your Edge Blog Team: First off, let’s answer the question on everyone’s minds…will Windows mobile computers stop working the day that Microsoft support ends for their OS?
Bruce: No. Devices will continue to operate as they have, but enterprise customers should be aware that there will be no Microsoft support. Zebra has deep domain knowledge in these operating systems and will continue to do its best to support customers. There will, however, be no further bug fixes or security updates.
Your Edge Blog Team: Are security updates that important?
Bruce: Yes. If you’re an IT administrator, you’re likely to be held accountable if your company is hacked while using an OS out of security support. To quote a U.S. Department of Homeland Security report on enterprise mobile security best practices:
- "The most important defense against mobile device security threats is to ensure devices are patched against the publicly known security vulnerabilities.”
- “When making procurement decisions, enterprises should seek clear commitment from device vendors or mobile carriers that security updates will be provided in a timely manner.”
- When a device model is no longer supported with updates, enterprises should decommission those devices.”
Your Edge Blog Team: Do organizations still have to worry if workers are not storing any sensitive data on their devices?
Bruce: Yes, you need to think beyond just the data on the devices. Think of the device as a potential tool for a hacker. There are numerous vulnerabilities that compromise a device and allow it to be used as a gateway to get into back-end server. All the while, the device may appear to be operating normally. Of course, there are still other vulnerabilities such as KRACK that can compromise the confidentiality and integrity of the data by going after the Wi-Fi network.
Remember, the Windows CE OS is over 20 years old. It was not designed to fend off modern day attacks.
Your Edge Blog Team: So, would you say the biggest risk to using Windows mobile computers without Microsoft’s support are these potential security vulnerabilities?
Bruce: There are security risks and operational risks. Operational risks typically relate to support, new applications, programming resources and bugs. Independent software vendors (ISVs) are not developing new applications for these operating systems and are continually dropping support for legacy apps. CE and Windows Mobile .net developers are a dying breed.
Finally, as we discussed earlier, Zebra can provide guidance on issues that arise and may be able recommend a means to remediate the issue, but we cannot make significant changes to the CE or Windows Mobile OS itself.
Your Edge Blog Team: Can you elaborate more on how an unsupported OS contributes to operational risk?
Bruce: With an unsupported OS, it will become challenging to build and run newer version of applications, troubleshoot bugs and provide fixes. That can lead to applications and workers slowing down, which creates operational challenges. Plus, new applications may not be built for unsupported operating systems, so you may not be able to take advantage of the benefits of the faster modern applications that would be most suitable for your business, and that can impact your operational competitiveness.
When this happens – and it will happen if you attempt to use Windows mobile computers past their designated end of life date – you really only have one option: migrate to a mobility solution that runs a different OS. If you’re in an industrial or enterprise setting, that means that you’ll be migrating to an Android Enterprise solution.
But this migration isn’t going to happen in an hour or even a day since you may have to create new custom applications, re-configure existing workflow software and replace all Windows mobile computing devices with the new Android devices. In the meantime, your operations are at an increased risk of being severely disrupted since you have workers whose mobile devices may no longer work, forcing them to revert to much slower, more error-prone manual processes.
Your Edge Blog Team: Are there workarounds? Could a warehouse operator who has newer Windows mobile computers – devices that they bought in the last year or two – find a way to manage data and device security without Microsoft’s intervention?
Bruce: They could try, I’m sure, but the risks and outcomes are ultimately going to remain the same, in my opinion.
Your Edge Blog Team: What about migrating to Windows rugged tablets? Those are still fully supported by Microsoft since they run the same Professional OS versions as laptop and desktop computers. Couldn’t a warehouse operator who wanted to maintain Windows back-office systems just replace the legacy handheld devices with tablets?
Bruce: They could, but that’s not recommended in most cases. First and foremost, the “big” Windows OS running on these modern rugged tablets is very different from the legacy Windows Mobile operating system running on rugged handhelds. So, legacy applications would need to be optimized for a much larger screen and, most likely, rewritten all together. And then there’s the consideration of matching device form factors to front-line workflows.
There’s a reason why certain front-line workers have been given handheld mobile computers versus tablets for decades now. It’s not because enterprise-grade rugged tablets weren’t available. They’ve been around for over 20 years and used by many workers in the utility, government and field service sectors. Rather, handheld mobile computers have been the device form factor of choice for several front-line use cases because they are the easiest to use for intensive scanning, picking, packing and inventory management workflows within the warehouse and other environments. Therefore, I expect that the vast majority of Windows handheld mobile computers will be replaced with Android handheld mobile computers – and not tablets, regardless of the OS.
At the same time, I expect rugged tablet adoption to continue to increase in the market, but that growth will most likely happen in parallel with the handheld device migration to Android versus benefitting directly from that migration. The software applications and the workflows are just so different.
Your Edge Blog Team: That makes perfect sense. To be clear, are you recommending that Zebra’s customers simply replace their legacy Windows mobile computers with the newer Android versions of those same models?
Bruce: That may be the best path forward for many customers. However, there are several enterprise-grade Android handheld mobile computers now available for warehousing, manufacturing and distribution-related workflows which have completely new capabilities that were never available in past generations of devices running Windows Mobile. Take, for example, the quickly evolving wearable category or even new innovative approaches to a traditional “industrial gun” or “brick on a stick” form factor. Even decisions about whether you deploy hybrid devices with keys and a touch screen versus devices that only have a touch screen can impact how easy (or how hard) a migration from legacy devices can be for your front-line workforce and your IT team. This is a good time for customers to look at all available options and decide which form factors or specific device models are going to be best for each of their workers and workflows, based on what new capabilities they need to empower their workers to deliver for the business rather than past requirements.
As my colleague Darren Koffer has said before, there isn’t going to be a single Android mobile computer that’s going to be right for all mobile workers – just as there wasn’t a single Windows mobile computer right for all workers. I highly recommend that organizations work with a technology solution provider with a broad enterprise-grade Android portfolio, a demonstrated track record of delivering on its roadmap commitments and a strong understanding of the nuances of the Windows-to-Android migration path in their respective industries to ensure they can confidently make the right decisions for their businesses now that support for Windows Mobile has officially ended.
This guide can help you determine which mobile devices can best support each of your warehousing applications, and this website is a good resource for understanding the Windows-to-Android migration process.
Your Edge Blog Team: If customers were to just migrate from a Windows-powered MC9X00 device to a newer Android-powered MC9300, for example, would they be able to use the same applications they used before? Or would some software reconfiguring or replacement be required?
Bruce: It depends on the application. Zebra's All-Touch Terminal Emulation can run on new Android devices in green-screen mode right out of the box. Unfortunately, though, some level of migration is going to be inevitable for most other applications.
Your Edge Blog Team: What would you tell customers who are wary of standardizing on Android due to security concerns? There are technically other OS options they could consider. Why is Android the best choice for businesses that need modern, yet highly secure enterprise mobility solutions?
Bruce: The Android devices we’re talking about here are Android devices from Zebra, meaning they have been purpose built and configured for use by organizations that have strict security standards. They have a well-demonstrated history of incremental security enhancements, such as NSA “Security Enhanced” (SELinux) features, per-user VPNs, Address Space Layout Randomization (ASLR) and more. Android OS is also meeting regulatory security certifications in multiple verticals, including retail via PCI DSS, healthcare’s HIPAA and government’s FIPS 140-2.
In fact, many of our customers were starting to migrate to Android before they technically had to because of Zebra’s capabilities in securing the Android operating system.
Your Edge Blog Team: Yet, no mobile device can be guaranteed secure, right?
Bruce: That’s correct. However, companies that are proactive in setting up extra defenses find that they can more successfully fend off threats. That’s one of the reasons why Zebra is going above and beyond Android’s standard security offerings to help customers lock down their devices and protect their data.
Much of what we do on our Android devices is focused on driving two key security paradigms: “Principle of Least Privilege” (PoLP) and “Defense in Depth” (DiD). Using Zebra’s Mobility DNA and either a managed services or enterprise mobility management (EMM) solution, IT administrators can lock down workers’ devices so that only those necessary features and functionality are exposed (i.e. PoLP). Furthermore, Zebra’s Mobility DNA provides multiple levels of defense, should an attacker manage to get through the first line of defensive measures (i.e. DiD).
Your Edge Blog Team: So, it sounds like security is as much of a priority for Zebra as it is for customers. Would you agree with that?
Bruce: First off, security is never an afterthought at Zebra. Our Android mobile computing solutions are always designed with security in mind, with one of the first things we prioritize being flexibility and configurability specific to security. We always ask ourselves, “is it easy to adjust security settings or patch our equipment when new updates become available, especially for device users who work remotely, without compromising productivity?”
I know our Chief Security Officer Mike Zachman recently spoke about the many other ways that Zebra is working with customers to lock down their connected devices, monitor for threats and adjust their strategies and settings accordingly. I highly recommend that every person reading this right now listen to what Mike had to say in that podcast discussion and then pass the link along to their IT teams, bosses and technology buyers to do the same.
Your Edge Blog Team: Shifting gears a bit: we know that Android’s device support doesn’t last forever. If the Android Enterprise mobile computers that Zebra sells are anything like Zebra’s Windows mobile computers, they will last for several years beyond the standard support cycle defined for each Android OS. Is it possible that, in a few years, customers who migrate to Android will find themselves in the same position they’re in now, needing to migrate to a new device (or OS) in order to maintain an acceptable level of enterprise-grade device security and control?
Bruce: Great question. As we explain on our website, vendors who sell consumer-grade Android devices typically end security support for those devices after just three years, which is well short of the five+ years of service that Zebra’s customers require given the average 5-7-year lifespan of our rugged Android mobile computers. That is why we offer customers who sign up for Zebra’s OneCare service up to 10 years of extended security support for their Zebra devices via the LifeGuard for Android solution.
Through our Security Steering Committee and Threat and Vulnerability Management, we also provide proactive and ongoing evaluation to potential security vulnerabilities, and our incident response procedures ensure rapid and effective responses to mitigate reported vulnerabilities. These include continuous updates and firmware enhancements as well as ongoing communication with customers to help increase awareness about emerging threats and offer advice on how to defend against them. We also partner with customers’ internal security organizations to assess vulnerabilities and troubleshoot in specific areas of need.
Your Edge Blog Team: To be clear, LifeGuard a Zebra-exclusive offering, correct?
Bruce: Yes. We wanted an easy way to give customers predictable and periodic security updates as well as legacy OS security support when they decide to transition to a newer OS, which is something that could happen a couple of times in the course of a single Zebra device’s lifecycle. We also wanted to be able to provide a secure method by which customers could maintain both local and remote control of workers’ Android devices. That’s why we built LifeGuard. Customers really appreciate this added feature since it makes it easy to install these frequent security updates at their discretion. It gives them peace of mind that their mobile technology investments, workers and data are all protected.
To learn more about the state of enterprise security or how Zebra can help you reduce the vulnerability of your data and devices, check out this recent commentary from Zebra’s Chief Security Officer Mike Zachman.