I recently participated in a Twitter chat (#CDNwinXP) with regard to the Windows XP operating system reaching end of support in April 2014.
As I write this post, I am returning from a business trip. Windows XP was used by the airline to check me on to my plane. Windows XP was used to check me in to my hotel room. It was even used as the POS platform at several of the restaurants that I ate at. I sometimes forget how much it is still deployed.
It is unlikely that these will all be upgraded by the support deadline. So what will happen in April 2014? The options are pretty simple – either Microsoft will have a last minute change of heart and continue support, or all these machines will continue life as unpatched hacker delights. If you are a large enterprise, you’ll pay the hefty support fees to continue support until you complete your migration forward. Everyone else will have a problem.
I would like to tell everyone that they should just hire a consulting firm and push forward on their upgrade to meet the deadline. Sadly, even with the best intentions that isn’t always possible. In the real world, upgrades are delayed by resources, by funding, by application compatibility and competing business priorities. So what is a business to do?
The options can be described as follows:
- Take the risk of running unpatched XP machines and hope anti-virus and edge security measures protect them.
- Completely isolate the XP machines by removing all Internet access
- Remediate upgrade barriers using technologies such as application virtualization or terminal services
At this point, there is no one who can predict which security vulnerabilities in XP will be published after April. Relying on AV and edge security is obviously the riskiest option. They aren’t foolproof at providing protection even for patched machines.
My advice is to push forward with migrating as much as you can and isolating whatever you can’t. Heavy use of remediation technologies can accelerate project timelines as well as clear some deployment barriers.
The next obvious question becomes whether you should deploy Windows 7 or Windows 8.1. The answer to this will largely depend on your size and business requirements. The most likely scenario for most businesses is that desktops will standardize on Windows 7 and that as modern touch screen devices start to enter the business, that IT will need to support a Windows 8.1 image as well. In my mind, there is a compelling argument for managing a single Windows 8.1 image and simply personalizing it to look like Windows 7 if that is desired.
Long story made short, if you currently have XP floating around your organization, you have until April to come up with some strategy for mitigating your risk or migrating off the platform. After April, your risks will increase each month. Even if we ignore all the security, performance and usability benefits of migrating forward, let’s not forget nobody wants to go to work and step back in a time machine. Move to the current platform and provide your staff with a modern PC experience.
For a more detailed look at what to consider when you are planning your XP migration, check out this blog post.