XP Migration: Where were you when it happened?
18 June 2014 | 0
8 April 2014 — the date that Microsoft ceased standard support for Windows XP. A date that should be ringing in the ears of organisations around the globe. However, many businesses still failed to migrate in time, despite extensive warnings from Microsoft and the wider technology community in the long run up to the deadline. Organisations still using XP face huge security implications, and are effectively opening their virtual front doors to malware and hackers. So why were organisations so slow to migrate and can they make up for lost time?
Under the microscope
VMware ran some research among IT decision makers before the deadline, which revealed that just 34% of organisations were extremely confident they would migrate in time and a fifth admitted that they would not have completed migration until after Microsoft support ends. For many, this has turned out to be true, with the Irish Government being one high profile example.
If cost and risk are being put forward as key reasons for staying with the XP status quo, then it is a worryingly false economy
The high perceived costs and fear of business disruption were certainly part of the reason that many missed the migration deadline. However if cost and risk are being put forward as key reasons for staying with the XP status quo, then it is a worryingly false economy, since the potential cost and level of business disruption due to things going wrong as a result of a misguided decision to stay with Windows XP, are much greater than actually completing the migration and could even be in some cases, business threatening.
In other cases, not migrating would seem to be down to pure inertia. Businesses may not have known where to start, or how to size a project of this scale. They might have gambled that Microsoft would change its mind on withdrawal of support — as it has cried wolf several times in the past! They may have underestimated the time a migration programme would take, or relied on existing PCLM tools to do the job —only to discover that they could not, or could not do so within the time available. Also, many businesses may have misunderstood the implications the end of XP support had for security, compliance, business risk and shareholder value.
For many SMB-class businesses, where XP has often been supplied as part of a turnkey business solution and where there is little or no local IT support resource, the fact that XP is even there is often not understood and the risks of non-migration not even acknowledged.
XP became synonymous with increasing security fears even before 8 April, and evidence from the antimalware solution vendors is that the level of incidence of new viruses and online criminal activity targeted specifically at the XP operating system is rising rapidly. OS-level protection for these systems is no longer being actively developed and patched by Microsoft, which means that realistically, it is only a matter of time before a fundamental security flaw is found and exploited by this increasing level of attack. Whilst it is true that the third party antimalware vendors will continue to provide antivirus signatures that will work against XP malware, if fundamental loopholes in the basic OS code are being exposed and not corrected, then there is a limit to the protection that AV software can provide going forward.
The increased, and increasing, security threat is real, and worse, is very targeted on an increasingly vulnerable population of relatively unsupported systems.
Making up for lost time
Non-migration is not an option. If you have not already started, you need to do so. If you have started, but have not finished, then you need to do all you can to accelerate your migration programme. In the end, it’s all about the mitigation of business risk – the longer you stay on Windows XP, the longer you put business critical data – ultimately, shareholder value – at unacceptable (and increasing) levels of risk.
If you have not already started, you need to do so. If you have started, but have not finished, then you need to do all you can to accelerate your migration programme
You can of course pay Microsoft for special support, but at $200 (€147) per device per year (doubling to $400 next year and $800 the following year), that is unlikely to be an affordable option in the long term.
Otherwise, your migration project should look something like this:
- Audit your PC population to determine the technology footprint in your organisation, getting an accurate picture of everything — hardware and software
- Decide on the operating system you want to move to. The path of least resistance is probably to Windows 7, but bear in mind it is scheduled to reach its own end of mainstream support lifecycle in early 2015 and end of extended support — equivalent to what has just happened to Windows XP — in 2020
- Once you know the target operating system, you can decide how to migrate your business applications. There will typically be three classes: existing applications that can work out of the box in the new chosen environment. Secondly, existing applications that do not work in the new environment but that are now available in SaaS/cloud or Windows 7/8 versions, can normally be migrated to the chosen new environment very quickly and easily with very little disruption. And finally, applications that are incompatible with the new chosen environment and not available in new versions — these are often legacy in-house developed and can be business-critical. They are usually the most troublesome and may have to be rewritten, consuming a big chunk of your migration budget.
This is just our advice, but however you choose to migrate, it is important to realise that this process must be started right away and completed as soon as possible.
Running business critical applications on an unsupported operating system is just not viable for any organisation, large or small, and there is quite literally everything to lose by not taking this seriously. No matter how difficult the migration of these problem applications may be, there is no choice but to commit whatever resources are necessary to do so. So migrate today, there is no price to be put on peace of mind, and your colleagues, customers, partners and ultimately shareholders will thank you for it.
Garry Owen is senior product marketing manager end-user computing EMEA with VMware