Embracing Windows 10: Proactive OEMs Can Win More Than Improved Security



Syncing hardware, software, and OS life cycles creates advantage for medical systems.

Ready or not, the Windows 7 era is ending. With planning, medical OEMs can protect development resources and reduce long-term costs in the move to Windows 10—even as hardware resources must evolve, and applications may or may not need rewriting and revalidation.

Transforming medical systems from Windows 7 to Windows 10 looms large for medical OEMs, with impact on security, compliance, costs, and overall risk. The transition influences nearly every aspect of design and performance in established systems—yet may be more nuanced than initially apparent, creating both challenge and opportunity for medical system manufacturers. With smart planning, OEMs can avoid unnecessary revalidation and tap into enhanced security features designed to safeguard systems from evolving cyber threats. Important but somewhat less recognized is how the shift to Windows 10 may allow OEMs to better sync hardware and software life cycles over the life of their application, shrinking long-term costs and strengthening product performance.

Figure 1: Medical system OEMs must tap into smart development strategies that consider the regulatory environment, follow guidelines to reduce security risks, help reduce time to market, and extend system deployments. Avoiding unnecessary revalidation of applications is crucial in this environment, and is a key issue driving the discussion about transforming to the Windows 10 operating system.

Consider Hardware Part of Your Software Strategy
Planning for an OS transition is incomplete without considering hardware, although hardware choices are not typically top-of-mind for developers of custom medical applications. Systems generally recognized as proven may never be proactively evaluated for over- or under-provisioning. For example, an existing software application may perform well with lower-end graphics or with a CPU processor with reduced capacity, but a new release may have more diverse needs, particularly as systems become more connected.

It may also be assumed that a Windows 7 deployment could be extended, but this becomes increasingly unlikely as more components discontinue Windows 7 support. Drivers may or may not remain available, and essential last-time buys increase cost and complexity. In contrast, hardware re-evaluation may open the door to new means of system monitoring and updates, simplifying security patching and even creating new streams of ongoing system management revenue for OEMs. This may be a new way of thinking for some OEMs—call it a move from hardware-based life cycle management toward a more strategic solutions-based approach that aims to validate new software releases, hardware, and OS in the same timeframes. The effort is best addressed by sharing information between engineering and software development staff, aligning teams to understand the potential for hardware efficiencies as well as any unexpected barriers that relate to the OS transition.

Move Incrementally Toward Big Picture Changes
Strategic planning is required to minimize validation even if the application stays on Windows 7 for an extended period. Perhaps an OS update can be tied to its next release, and hardware can be successfully supported on Windows 7 in the meantime.

In one real-world example, a healthcare organization needed to transform to a more standard support platform after its acquisition by another medical device manufacturer. The firm had been providing remote desktop support, including manual distribution of applications and system updates to customers, but needed to move off Microsoft Windows XP and enhance security without disrupting end-users. An incremental approach was planned. Microsoft Windows XP users were moved to Microsoft Windows XP Embedded including a remote monitoring agent. Connectivity enabled the organization to collect and evaluate device information and then easily distribute device updates. Devices were then migrated to the latest version of Windows 7 Embedded, with the entire process invisible to the end-user. The OEM in this scenario was able to proactively address security concerns and simultaneously extend time available for planning the organization’s future Windows 10 strategy.

Figure 2: Healthcare organizations typically rely on OEMs for security patches, mandated by FDA regulations throughout product life. Continuous patches are essential to system security yet require much greater attention from OEMs who may create and deploy a software stack but fail in their commitment to ongoing software maintenance. Currently, premarket testing is also defined as a manufacturer responsibility, along with validating safety and effectiveness of off-the-shelf software

The phased approach to improving the OS image protected the overall device life cycle, well-suited to field systems in need of secure updating and added connectivity. The transition process also immediately increased security controls via a software stack that is now protected in compliance with U.S. Department of Defense (DoD) cybersecurity policies for manufacturers. Only whitelisted processes are allowed to run, patch updates are minimized, and the customer can more easily manage configuration changes and block installation of unauthorized applications. Service costs were reduced as well, by using a secure baseline image that served all product lines across the entire organization.

Understand and Respond to the Risk
It’s important for OEMs to understand the shift in thinking about how to handle healthcare system security. Instead of focusing on just prevention, new OS features assume that “determined adversaries will successfully breach any defenses,” according to Microsoft in its published documentation about controlling the health of Windows 10-based devices. This aligns with the FDA’s formal industry guidance, which makes clear the expectation that security is prioritized by OEMs from development through deployment, including reducing risk on systems that are already in the field. While FDA guidance is fueling industry action and a shift to a security-first mindset, progress is slow. Even as Microsoft cited a 3X upsurge in the pace of Windows 10 enterprise deployments after FDA guidance was released, a 2017 Ponemon Institute survey pointed to just 51 percent of device makers and 44 percent of healthcare delivery organizations committed to following these published guidelines on cyber risk reduction.

Solve the Problem with Proactive Planning
Today, FDA guidance is just that—guidance. But given the severity and continued evolution of risk, a mandate may not be far off, particularly if industry data continues to demonstrate a lack of sufficient OEM response. Ideally, OEMs will act ahead of the pressure of any FDA-mandated transition, embracing the end of the Windows 7 era as a window for immediate action as well as a unique opportunity to create competitive value.

OEMs can advance their transformation strategies by asking smart questions and sharing information across their organizations. Is there a software update ahead that provides ideal timing for transformation? Or does it make sense to extend Windows 7 product lines with strategic buys and hardware that handles both OS options? Does a hardware change enable an opportunity to improve field service? Taking the right steps cannot only extend the life cycle of Windows 7-based medical designs, but also lay the groundwork for next generation OS performance. More sophisticated security meets FDA guidance and customer concerns, and more manageable embedded life cycles can put your application in the lead.


Jeff Durst is Director of Product Management and Solutions Architect, Dedicated Computing. Durst ensures that Dedicated Computing’s product roadmap aligns with company vision and converts customer requirements into the architecture and design of the solutions. He taps into more than 30 years of technical and business leadership experience to guide Dedicated’s product strategies in healthcare, communications, military, aerospace, industrial and scientific computing. Connect with Durst via LinkedIn or email.

Share and Enjoy:
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google
  • TwitThis

Tags: