BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Die Hard – Windows XP Against the World

Posted April 8, 2013    Mike Puterbaugh

Today marks the beginning of a significant year-long event in the worldwide computer industry – a year from today, Microsoft will end support for the Windows XP Operating System. Mainstream support had already ended in 2009  and this new milestone marks the end of security updates on the platform. Are you ready? According to a recent survey, many of you aren’t. 

By some counts, Windows XP still holds on to approximately 40% of operating system market share. With 2 out of every 5 computers worldwide still running Windows XP and the very real expiration date of security updates upon us, the enterprise/corporate component of that 40% is staring down the barrel of a very real challenge. Why is XP so hard to kill? What’s Holding Back Corporate Upgrades?

In conversations with BeyondTrust customers and partners, I’ve heard a few interesting reasons why an organization still might be working through their upgrade strategy. They include;

The advent of tablets
One organization I spoke with is giving end users a choice:  a) a desktop and a company-provided and supported tablet, or b) a laptop. Regardless of what an end user chooses, the company is trying to foster a mobile workforce. This has stalled, but not killed, upgrade cycles at many organizations who are offering this approach.

Less Intensive Computing Requirements
As a former Intel employee, I shudder to think that 3 year old laptops still have the processing power to perform as needed in today’s corporate setting, but they do. With the widespread use of web apps, like salesforce.com, Workday, even Microsoft Office.com, the need for heavy computing power has moved to the cloud (er, internet). Combined with the continued free-fall of memory pricing, hardware refreshes (which is often attached to the OS upgrade cycle) are being delayed (but again, not killed altogether) in favor of a memory upgrade.

Security or Productivity? Why Not Both? 
By far, the most frequent subject in my conversations around the complacency of PC upgrade cycles is security, and the resulting effect on end user productivity. With the continued proliferation of internal and external attacks targeting corporate desktops and their Administrator privileges, the concept of Least Privilege on the corporate desktop is something many organizations have embraced, yet there continues to be widespread use of Administrator privileges on the desktop, especially on Windows XP. This is a major reason why some organizations haven’t upgraded – they’re unsure of how best to operate in a world of least privilege, and how it will affect their end users.

Least privilege has benefits beyond the reduction of attack surface – properly implemented, it can also contribute to a reduction in help desk and support costs. Trading Admin accounts for User accounts isn’t always the answer for far flung, mobile organizations. Every call to the help desk to install a printer (comically, this is the one example I hear most often) costs money. The ability to dole out privileges in a fine grained manner – for users, tasks and applications – has as much budget benefit as it does security benefit. Beyond the simple printer example, proper least privilege deployments can aid in more complex activities, such as elevating processes or services, as opposed to end-users, for business-critical applications.  This contributes to better overall security, and ensures end users can remain productive.

Simply put – this removes a significant barrier to migrating off of Windows XP.

As we countdown to the Windows XP retirement party, we have to acknowledge Microsoft’s most successful operating system to date, but we also have to acknowledge the  call to action facing many corporate IT departments today – it’s time to upgrade.  The clock is ticking.

Tags:
, , ,

Leave a Reply

One Response to “Die Hard – Windows XP Against the World”

  1. Anthony

    As much as I loved Windows XP – it is time to move on

    April 18, 2013 11:58:04, Reply

Additional articles

Restricted Area Sign

Implementing Least Privilege for Windows the Easy Way

Posted July 31, 2014    Morey Haber

The concept of least privilege states that asset users should have the lowest level of access privileges required to effectively conduct their jobs. Implementing least privilege can bring several benefits to your organization, including: Increased security by reducing the attack surface available to users and to potential attackers who compromise user systems via phishing, malware,…

Tags:
, , ,
gartner market guide image - aug 2014

Introducing the Gartner Market Guide for Privileged Account Management

Posted July 29, 2014    Chris Burd

Gartner recently released a new Market Guide for Privileged Account Management (PAM), and we’d like to share a complimentary copy with you. The report includes PAM market analysis and direction, vendor overviews, and recommendations for selecting PAM solutions for your environment. BeyondTrust is one of two representative vendors (out of 20) to address all solution…

Tags:
, , , , , , , ,
Integrating Least Privilege and Password Management to Solve Account Security Challenges

Integrating Least Privilege and Password Management to Solve Account Security Challenges

Posted July 24, 2014    Morey Haber

There is a reason all BeyondTrust Privileged Account Management (PAM) solutions share the PowerBroker name: They all inherently enable you to reduce user-based risk and can be integrated under a centralized IT risk management platform. Here’s one common use case that demonstrates how this integration changes the playing field. Consider the challenge of privileged access:…

Tags:
, , , , ,