Windows XP support in April ends – mitigation thoughts

http://blogs.technet.com/b/security/archive/2014/03/24/cyber-threats-to-windows-xp-and-guidance-for-small-businesses-and-individual-consumers.aspx It’s been well publicized that on April 8th, 2014 Microsoft discontinues product support for Windows XP.  Released in 2001, the support policy for the life of Windows XP soon followed in October 2002.  In September 2007, we announced that support for Windows XP would be extended an additional two years to April 8 2014.  We are very clear about the lifecycle of our products, deliberately communicating this information years in advance, because we know customers need time to plan for changes to their technology investments and manage upgrades to newer systems and services.

We’ve also focused on communicating regularly, such as an article posted in August of last year.  That piece focused on the fact that supported versions get security updates that address any newly discovered vulnerabilities, which Windows XP won’t receive after April 8, 2014.  This means that running Windows XP when the product is obsolete (after support ends), will increase the risk of technology being affected by cybercriminals attempting to do harm.  This blog post continues on from that article, and also provides guidance to consider as people look ahead.

A reminder about Windows XP support ending on the 8th of April, there are many government agencies, companies and users who have yet to migrate their systems to a newer version of Windows, Vista, 7 or 8.  The UK government has even released a risk mitigation guide which you can view at this url.

When approaching a Windows XP decommission project, the key objectives should be:

• Identifying applications in scope, in use and establishing their compatibility with the chosen platform (Windows 7 / Windows 8)
• Understanding what applications could be consolidated or have their functionality integrated into existing applications, on a simple level, Microsoft Project vs Open Project or a spreadsheet/calendar in SharePoint?
• Establishing how the remaining applications in scope for certification are affected by business process optimisation or a change in procedures – could a non intrusive change to procedures or work practices remove the requirement for the application.
• De-risking the platform by ensuring that external influences and connections are minimized to reduce the risk of infection or tampering of the existing Windows XP platform.
• Providing the right conditions for migration – effective training and investment, certification of hardware across the stack from the pc through to the scanners and printers for example, for end to end functionality.
• Understand the opportunity of cost of leaving systems on Windows XP – what options are there from a support perspective against the risk of needing support.

This site uses Akismet to reduce spam. Learn how your comment data is processed.