information security explosion

As I sit in the bar on a fine evening après-ski writing this article, I’m pretty much trying to convey the same attitude to a little unknown problem outside the world of IT as other business owners and managers are. I mean, I can literally close my eyes and absolutely not care what Microsoft’s plans are for Windows XP. Nope, not bothering me in the slightest. Okay, maybe a little. Okay, quite a bit…

Next week I have an ISO 27001 audit at a client, I feel kind of blessed in a way – I literally got passed the budget required to finally ensure that all their machines were on Windows 7 and better in recent months, which otherwise would have left me in quite a sticky situation. For those who don’t know or don’t speak tech, it’s as simple as this – Windows XP is around 12 years old – it had its last major update 6 years ago and a year later its mainstream support ended. Extended support for Windows XP ends on April 8th 2014.

In layman’s terms, all the security fixes and updates will just stop – leaving a product that is widely used with a significant amount of vulnerability.

You may have seen terms like EOL floating around, us IT people love our TLA’s.  EOL is End of Life, most people probably would have tuned out at the first sight of those letters.  And if you don’t know what a TLA is you’d better find someone to Google that for you.

Let’s face it, for a product in IT is 12 years old is pretty much a great-great-grandparent and does deserve to be retired. Unfortunately its prodigal child, Windows Vista was an underachiever, Windows 7 was a sensible member of the family that happily wears a suit to work touted most likely to take over the family business, whilst it’s child Windows 8 has been a bit of a surfer dude. Opinions are still out on Windows 8.1, after all it’s only a baby. But it’s difficult to retire when you have so many problems in the family.

The IT industry are calling Windows XP the zombie operating system – it will likely exist installed on many machines with no updates and the likely to have similar faults to those being fixed for Windows 7 or 8, which hackers will hope to reverse engineer and gain access to afflicted Windows XP machines. This problem has been considered so bad that Microsoft themselves has had a bit of a rethink and said that will continue bringing out virus and vulnerability fixes (if they overlap from newer versions of Windows) for Windows XP until 15th April 2015.

Microsoft are being quite understanding in a way, despite giving us two viable alternatives in Windows 7 and in my own personal opinion, Windows 8.1 – we’ve all had a recession to contend with along with the absolutely appalling Windows Vista. Many businesses simply stopped buying for the past five years and their old decrepit IT fleets are creaking at the seams. I don’t want you to think either that this problem is limited to the client side of Microsoft software, the servers like Windows Server 2003 is also in the firing line.

Whilst you may have a couple of months headspace, now is the time to begin planning and forming a strategy for how you’re going to ensure that all your machines are at least on Windows 7 and find the most appropriate and cost effective way of doing so for your business. My company, Unleashed have helped advised and implemented such strategies for many clients ensuring that they maintain their strength against information security issues, whether this be physical or virtual security, or simply their ability to continue to access their systems and trust the integrity of their data.

So I can go back to sipping my vin chaud, breathing a bit easier that when I meet the auditors next week, I’ve already pre-emptively taken care of the Windows XP problem.