Ha Ha, Ho Ho, Windows XP Has Got to Go!

Rob Enderle
Slide Show

A Closer Look at Windows 8 Security

We’ve had a bit of a hiatus, largely thanks to Windows Vista, off the regular cadence of eliminating old desktop operating systems, but much like other things that are kept beyond their prime, Windows XP has now passed its “use by” date and next year most support will be pulled from the platform.   

Since this has been an irregular occurrence of late, there are still a ton of folks who haven’t budgeted for this yet and appear to be thinking that if they don’t migrate, no one will notice. This is largely because they haven’t assessed the risk of not migrating and are just looking at what they think is an avoidable, or at least short-term ignorable, expense. It is never wise to make decisions based on the world the way you’d like it to be while avoiding the world that is.  

The Risks of Using a Platform Too Long

There are three risks associated with leaving any platform in longer than the provider has allowed for. The obvious one is support shifts to third parties and starts to exceed acceptable existing budgets. This is because budgets are generally set based on contracted services and fixed by the provider, in this case Microsoft, but once an OS drops outside of the support window, Microsoft will either refuse support, forcing you to use a third-party provider, or charge a premium for supporting an obsolete product, resulting in a potential unfavorable budget variance.  

Second, without support patches to address security, exposures slow significantly and the perceived responsibility for assuring the product stays secure shifts from the provider to the buyer of the product who, generally, isn’t equipped to deal with this problem. And relatively older products are just less secure. With social media active, successful exploits are much more likely to be seen externally, providing a double exposure -- first for the exploit itself, and second for what may appear to be an attempt to cover it up -- both of which could have, depending on severity, civil and criminal outcomes.  

Third, and the one IT executives seem to forget most often, is the OS is just the tip of this iceberg when it freezes, as well as the application packages that exist on it as developers move on. This makes the eventual migration of the platform massively more expensive because everything on it becomes so obsolete that the migration tools provided by the vendors often don’t cover them. We’ve seen this on old mainframes (and other systems): Suddenly you have a large number of critical out-of-date applications that no one knows how to migrate or update, which generally has a significant impact on user productivity and IT satisfaction (users tend to get rather upset when they learn, as new employees join, that they are using a large number of out-of-date and non-competitive tools to do their jobs).

Maintaining a Software Update Cadence

While you clearly don’t need to upgrade as fast as a vendor would like, maintaining a regular cadence of updates assures you don’ t drop outside support windows, and assures that when you need to migrate, the skills, tools and money are there to make it happen. As we know, once a regular budget is institutionalized, renewing it is relatively easy. However, once a budget is used up and not renewed, getting it re-established often feels like it should take an act of God.   

In addition, much like preventative maintenance shouldn’t be an avoidable task, software updates perform a similar function. They assure the platforms are assessed regularly and that malware, particularly root kits, are eliminated as part of a regular process. If you don’t regularly refresh, the likelihood that a large number of systems are compromised, particularly those that are mobile, goes up sharply and given the increase in malware attacks, this might alone represent an unreasonable risk.

Wrapping Up: Timing


Your window is likely between when the maintenance release for Windows 8 comes out, probably in the late third or early fourth quarter, and that suggests the ideal time will likely be during the holiday break with the new offering. 

If you choose to wait until the last minute, resources to help are more likely to be spread too thinly and you will likely drift out of the support window. Once that happens, the pressure to delay further will increase until you are left, like a lot of companies were with Windows 2000 -- largely unable to move without major disruptions or excessive expenses and the users were increasingly unhappy as well because they were tied to old, heavy and increasingly unreliable hardware on top of the out-of-date OS. Y2K prevented an even worse situation with Windows 9x users, but we don’t have another Y2K coming anytime soon to clean this all up.   

So don’t put this off and consider using a technology like Windows-To-Go this time, which could make future migrations and new hardware implementation a ton easier and would enable BYOD without the risks. 

One final thing: A lot of folks are considering Windows 7 over Windows 8 and I understand the reasons, remember that Windows 7 will expire about 3 years before Windows 8 will and that will force another migration far sooner. I’m a big believer in doing these things as few times in a career as possible and that, too, should be a consideration.  



Add Comment      Leave a comment on this blog post

Apr 24, 2013 12:36 PM MarielainaPerroneDDS MarielainaPerroneDDS  says:
perfectly said. Most people dont change because if it works dont fix it. But in the world of software and security you must move forward. Reply

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 

Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making

SOA

SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data