BeyondTrust

Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

Die Hard – Windows XP Against the World

Post by Mike Puterbaugh April 8, 2013

Today marks the beginning of a significant year-long event in the worldwide computer industry – a year from today, Microsoft will end support for the Windows XP Operating System. Mainstream support had already ended in 2009  and this new milestone marks the end of security updates on the platform. Are you ready? According to a recent survey, many of you aren’t. 

By some counts, Windows XP still holds on to approximately 40% of operating system market share. With 2 out of every 5 computers worldwide still running Windows XP and the very real expiration date of security updates upon us, the enterprise/corporate component of that 40% is staring down the barrel of a very real challenge. Why is XP so hard to kill? What’s Holding Back Corporate Upgrades?

In conversations with BeyondTrust customers and partners, I’ve heard a few interesting reasons why an organization still might be working through their upgrade strategy. They include;

The advent of tablets
One organization I spoke with is giving end users a choice:  a) a desktop and a company-provided and supported tablet, or b) a laptop. Regardless of what an end user chooses, the company is trying to foster a mobile workforce. This has stalled, but not killed, upgrade cycles at many organizations who are offering this approach.

Less Intensive Computing Requirements
As a former Intel employee, I shudder to think that 3 year old laptops still have the processing power to perform as needed in today’s corporate setting, but they do. With the widespread use of web apps, like salesforce.com, Workday, even Microsoft Office.com, the need for heavy computing power has moved to the cloud (er, internet). Combined with the continued free-fall of memory pricing, hardware refreshes (which is often attached to the OS upgrade cycle) are being delayed (but again, not killed altogether) in favor of a memory upgrade.

Security or Productivity? Why Not Both? 
By far, the most frequent subject in my conversations around the complacency of PC upgrade cycles is security, and the resulting effect on end user productivity. With the continued proliferation of internal and external attacks targeting corporate desktops and their Administrator privileges, the concept of Least Privilege on the corporate desktop is something many organizations have embraced, yet there continues to be widespread use of Administrator privileges on the desktop, especially on Windows XP. This is a major reason why some organizations haven’t upgraded – they’re unsure of how best to operate in a world of least privilege, and how it will affect their end users.

Least privilege has benefits beyond the reduction of attack surface – properly implemented, it can also contribute to a reduction in help desk and support costs. Trading Admin accounts for User accounts isn’t always the answer for far flung, mobile organizations. Every call to the help desk to install a printer (comically, this is the one example I hear most often) costs money. The ability to dole out privileges in a fine grained manner – for users, tasks and applications – has as much budget benefit as it does security benefit. Beyond the simple printer example, proper least privilege deployments can aid in more complex activities, such as elevating processes or services, as opposed to end-users, for business-critical applications.  This contributes to better overall security, and ensures end users can remain productive.

Simply put – this removes a significant barrier to migrating off of Windows XP.

As we countdown to the Windows XP retirement party, we have to acknowledge Microsoft’s most successful operating system to date, but we also have to acknowledge the  call to action facing many corporate IT departments today – it’s time to upgrade.  The clock is ticking.

Tags:
, , ,

Leave a Reply

One Response to “Die Hard – Windows XP Against the World”

  1. Anthony

    As much as I loved Windows XP – it is time to move on

    April 18, 2013 11:58:04, Reply

Additional articles

BI-Qualys-Connector-IMG1

Getting More Value from QualysGuard Vulnerability Data with BeyondInsight v5.1

If your vulnerability assessment scans can’t produce meaningful and actionable reports, performing a scan does no good for anyone. If you’ve read my other blog posts, you know I have no qualms about stating that BeyondTrust provides the best vulnerability reporting in the industry. Ask your favorite analyst and they’ll tend to agree. Of course,…

Post by Morey Haber April 18, 2014
Tags:
, , , , , , , ,
insider-threat-fed

Mitigating Inside Threats to U.S. Federal IT Environments

Recent high-profile cases have increased the perceived risks that go along with disclosure and usage of confidential information. One of the most difficult security threats to mitigate is an attack from the inside. When an over-privileged user, such as an unhappy current or former employee, contractor, or consultant, begins navigating your network, how will you…

Post by BeyondTrust Software April 17, 2014
Tags:
, , , , ,

Are you a Target? Investigating Security Breaches with Kevin Johnson

Last week, over 1,000 IT security professionals watched as Kevin Johnson, CEO of Secure Ideas, presented his expert opinion on lessons learned from recent, high-profile retail breaches. Here’s a summary of key takeaways from the webcast plus an on-demand recording of the full, 60-minute presentation. Understanding the “why” behind attacks According to Kevin, the primary…

Post by Chris Burd April 17, 2014
Tags:
, , , , ,