BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Die Hard – Windows XP Against the World

Posted April 8, 2013    Mike Puterbaugh

Today marks the beginning of a significant year-long event in the worldwide computer industry – a year from today, Microsoft will end support for the Windows XP Operating System. Mainstream support had already ended in 2009  and this new milestone marks the end of security updates on the platform. Are you ready? According to a recent survey, many of you aren’t. 

By some counts, Windows XP still holds on to approximately 40% of operating system market share. With 2 out of every 5 computers worldwide still running Windows XP and the very real expiration date of security updates upon us, the enterprise/corporate component of that 40% is staring down the barrel of a very real challenge. Why is XP so hard to kill? What’s Holding Back Corporate Upgrades?

In conversations with BeyondTrust customers and partners, I’ve heard a few interesting reasons why an organization still might be working through their upgrade strategy. They include;

The advent of tablets
One organization I spoke with is giving end users a choice:  a) a desktop and a company-provided and supported tablet, or b) a laptop. Regardless of what an end user chooses, the company is trying to foster a mobile workforce. This has stalled, but not killed, upgrade cycles at many organizations who are offering this approach.

Less Intensive Computing Requirements
As a former Intel employee, I shudder to think that 3 year old laptops still have the processing power to perform as needed in today’s corporate setting, but they do. With the widespread use of web apps, like salesforce.com, Workday, even Microsoft Office.com, the need for heavy computing power has moved to the cloud (er, internet). Combined with the continued free-fall of memory pricing, hardware refreshes (which is often attached to the OS upgrade cycle) are being delayed (but again, not killed altogether) in favor of a memory upgrade.

Security or Productivity? Why Not Both? 
By far, the most frequent subject in my conversations around the complacency of PC upgrade cycles is security, and the resulting effect on end user productivity. With the continued proliferation of internal and external attacks targeting corporate desktops and their Administrator privileges, the concept of Least Privilege on the corporate desktop is something many organizations have embraced, yet there continues to be widespread use of Administrator privileges on the desktop, especially on Windows XP. This is a major reason why some organizations haven’t upgraded – they’re unsure of how best to operate in a world of least privilege, and how it will affect their end users.

Least privilege has benefits beyond the reduction of attack surface – properly implemented, it can also contribute to a reduction in help desk and support costs. Trading Admin accounts for User accounts isn’t always the answer for far flung, mobile organizations. Every call to the help desk to install a printer (comically, this is the one example I hear most often) costs money. The ability to dole out privileges in a fine grained manner – for users, tasks and applications – has as much budget benefit as it does security benefit. Beyond the simple printer example, proper least privilege deployments can aid in more complex activities, such as elevating processes or services, as opposed to end-users, for business-critical applications.  This contributes to better overall security, and ensures end users can remain productive.

Simply put – this removes a significant barrier to migrating off of Windows XP.

As we countdown to the Windows XP retirement party, we have to acknowledge Microsoft’s most successful operating system to date, but we also have to acknowledge the  call to action facing many corporate IT departments today – it’s time to upgrade.  The clock is ticking.

Tags:
, , ,

Leave a Reply

One Response to “Die Hard – Windows XP Against the World”

  1. Anthony

    As much as I loved Windows XP – it is time to move on

    April 18, 2013 11:58:04, Reply

Additional articles

PowerBroker Password Safe Password Age Report

Reshaping Privileged Password Management with Password Safe 5.2

Posted July 21, 2014    Martin Cannard

Today, we’re pleased to unveil the latest edition of our privileged password management solution, PowerBroker Password Safe. I’ll start with a brief intro of what’s new and then tell you a little about the driving factors behind Password Safe development. New features for mitigating password risk and ensuring accountability enterprise-wide Here’s the 10,000-foot overview of…

Tags:
, , ,
PowerBroker for Windows tamper protection

PowerBroker for Windows 6.6 Tamper Protection

Posted July 18, 2014    Morey Haber

I have a bone to pick: Stopping an administrator from performing an action on a system is futile endeavor. As an administrator, there is always a way to circumvent a solution’s from tampered protection. Really! By default, Windows administrators have unrestricted access to the system – and even though an application, hardened configuration, or group policy…

Tags:
, ,
PowerBroker for Windows can be configured to automatically identify the end user’s language preference

Implementing Least Privilege Around the World with PowerBroker for Windows

Posted July 17, 2014    Morey Haber

BeyondTrust recognizes that international, multilingual businesses have unique operating challenges, especially when it comes to implementing enterprise software. PowerBroker for Windows is a least-privilege solution often deployed across thousands of systems spanning multiple geographies and protecting users of diverse backgrounds. Earlier this year, PowerBroker for Windows introduces new data privacy features for EMEA and APAC,…

Tags:
, ,