BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Die Hard – Windows XP Against the World

Posted April 8, 2013    Mike Puterbaugh

Today marks the beginning of a significant year-long event in the worldwide computer industry – a year from today, Microsoft will end support for the Windows XP Operating System. Mainstream support had already ended in 2009  and this new milestone marks the end of security updates on the platform. Are you ready? According to a recent survey, many of you aren’t. 

By some counts, Windows XP still holds on to approximately 40% of operating system market share. With 2 out of every 5 computers worldwide still running Windows XP and the very real expiration date of security updates upon us, the enterprise/corporate component of that 40% is staring down the barrel of a very real challenge. Why is XP so hard to kill? What’s Holding Back Corporate Upgrades?

In conversations with BeyondTrust customers and partners, I’ve heard a few interesting reasons why an organization still might be working through their upgrade strategy. They include;

The advent of tablets
One organization I spoke with is giving end users a choice:  a) a desktop and a company-provided and supported tablet, or b) a laptop. Regardless of what an end user chooses, the company is trying to foster a mobile workforce. This has stalled, but not killed, upgrade cycles at many organizations who are offering this approach.

Less Intensive Computing Requirements
As a former Intel employee, I shudder to think that 3 year old laptops still have the processing power to perform as needed in today’s corporate setting, but they do. With the widespread use of web apps, like salesforce.com, Workday, even Microsoft Office.com, the need for heavy computing power has moved to the cloud (er, internet). Combined with the continued free-fall of memory pricing, hardware refreshes (which is often attached to the OS upgrade cycle) are being delayed (but again, not killed altogether) in favor of a memory upgrade.

Security or Productivity? Why Not Both? 
By far, the most frequent subject in my conversations around the complacency of PC upgrade cycles is security, and the resulting effect on end user productivity. With the continued proliferation of internal and external attacks targeting corporate desktops and their Administrator privileges, the concept of Least Privilege on the corporate desktop is something many organizations have embraced, yet there continues to be widespread use of Administrator privileges on the desktop, especially on Windows XP. This is a major reason why some organizations haven’t upgraded – they’re unsure of how best to operate in a world of least privilege, and how it will affect their end users.

Least privilege has benefits beyond the reduction of attack surface – properly implemented, it can also contribute to a reduction in help desk and support costs. Trading Admin accounts for User accounts isn’t always the answer for far flung, mobile organizations. Every call to the help desk to install a printer (comically, this is the one example I hear most often) costs money. The ability to dole out privileges in a fine grained manner – for users, tasks and applications – has as much budget benefit as it does security benefit. Beyond the simple printer example, proper least privilege deployments can aid in more complex activities, such as elevating processes or services, as opposed to end-users, for business-critical applications.  This contributes to better overall security, and ensures end users can remain productive.

Simply put – this removes a significant barrier to migrating off of Windows XP.

As we countdown to the Windows XP retirement party, we have to acknowledge Microsoft’s most successful operating system to date, but we also have to acknowledge the  call to action facing many corporate IT departments today – it’s time to upgrade.  The clock is ticking.

Tags:
, , ,

Leave a Reply

One Response to “Die Hard – Windows XP Against the World”

  1. Anthony

    As much as I loved Windows XP – it is time to move on

    April 18, 2013 11:58:04, Reply

Additional articles

Sudo_logo

Don’t Create a Different sudoers File for Each System

Posted May 20, 2015    Randy Franklin Smith

What if you have multiple Linux and/or Unix systems? Sudo management can become onerous and unwieldy if you try to manage a different sudoers file on each system. The good news is that sudo supports multiple systems.

password-safety

What Does Microsoft Local Administrator Password Solution Really Do?

Posted May 19, 2015    Morey Haber

LAPS is a feature that allows the randomization of local administrator accounts across the domain. Although it would seem that this capability overlaps with features in BeyondTrust’s PowerBroker Password Safe (PBPS), the reality is it is more suited for simple use cases such as changing the local Windows admin account and not much more.

Tags:
, ,
webinar_ondemand

On Demand Webinar: Securing Windows Server with Security Compliance Manager

Posted May 14, 2015    BeyondTrust Software

On Demand Webinar: Security Expert Russell Smith, explains how to use Microsoft’s free Security Compliance Manager (SCM) tool to create and deploy your own security baselines, including user and computer authentication settings.

Tags:
, ,