Microsoft's looming end-of-support deadline for Windows XP isn't motivating some organizations to upgrade. But they face looming trouble spots.
10 Hidden Benefits of Windows 8.1
(click image for larger view)
Companies and individuals, perhaps especially those in the technology industry, often use the phrase "end of life" to describe the culmination of a product's lifecycle. In the case of Windows XP, the phrase is somewhat of a misnomer: While Microsoft will end support for the longstanding operating system next year, it's not as if XP-based machines -- and there are still millions of them in use today -- will suddenly die.
Running an unsupported OS does create valid concerns around security, drivers, performance and so forth. Once Microsoft stops issuing updates, you'll be left to your own devices on those fronts. Nonetheless, some businesses that still use XP today don't have April 8, 2014 -- the date Microsoft will stop supporting XP -- circled on their calendars. Their reasons vary, but as one managed services provider (MSP) put it recently, XP is still widespread because it works. That's not likely to change overnight.
Yet while some companies and IT pros are comfortable with the risks of running an unsupported OS, they face other requirements and challenges -- some of which have only an indirect relationship with XP's end-of-life date -- that may force them to upgrade. Let's look at three of those scenarios.
1. An Unsupported XP May Mean You're Non-Compliant
Much of the XP end-of-life discussion understandably focuses on security. Microsoft regularly issues updates and patches to fix issues that the bad guys could otherwise exploit, which has led IT and security pros to wonder: What will happen when those fixes stop coming? (The answer varies depending on who you ask.)
What you hear less about is a related issue: the complex world of compliance. That's indeed a source of anxiety for some companies still running XP, though. MSP and Microsoft partner Valor IT caters to many healthcare firms, and some of them are still running XP. That could put them in regulatory hot water next year, according to Valor's business development manager, Christian Castro.
"One of the big concerns in healthcare is that an end-of-life operating system could be interpreted as not being HIPAA-compliant and grounds for federal fines in case of an audit," Castro said via email interview. "I have spoken with some healthcare providers that are going to continue to use XP and remove all security concerns by essentially making them thin clients that securely connect through a terminal server to access sensitive information."
In another heavily regulated industry, banking, there's no gray area. Banks and credit unions with ATM machines still based on XP will be considered non-compliant with payment card industry (PCI) guidelines as of April 8 unless they have an ongoing support contract, which can be expensive, according to Dean Stewart, senior director of core solutions product management at the security firm Diebold.
"PCI guidelines require that financial institutions provide current operating system patches, security updates and software support for their ATM fleets," Stewart said via email. "Financial institutions unable to upgrade to Windows 7 by the April 8 deadline face increased risk of noncompliance if they cannot adequately support -- and demonstrate that they are supporting -- operating system patches and software upgrades that ensure the security of payment card data."
Penalties for PCI violations aren't widely publicized, according to Stewart, but estimates run anywhere from $5,000 to $100,000 every for each month of noncompliance. "That can be catastrophic to the bottom line, especially for smaller financial institutions," he said. That leaves these institutions with little choice unless they can procure -- and afford -- an ongoing support contract.
"The simplest way for banks and credit unions to protect themselves from potential penalties is to upgrade to Windows 7 by the April deadline," Stewart said.
2. Microsoft May Make It Harder To Downgrade Windows 8
Eric Schlissel, CEO of GeekTek IT Services, said some of his XP-based customers are worried about a murkier deadline than the actual support cutoff: the point at which Microsoft may make it difficult to downgrade new hardware running Windows 8 or higher. Today, downgrading to Windows 7 is relatively painless, according to Schlissel, provided you've got the proper images and licenses. He's got an ample supply of both, and downgrading a Windows 8 machine just takes an hour or two per user.
Schlissel's fear -- and specifically that of several of his customers who intend to run XP past the end-of-life date in order to stretch their hardware budgets -- is that Microsoft may eventually make it tougher -- for technical, licensing or other reasons -- to downgrade to Windows 7 on new hardware purchases. Microsoft could want to do that to encourage wider adoption of Windows 8.x and the company's broader reinvention as a devices and services company. The reason why that's a problem for Schlissel's clients: The ones that have tried Windows 8 universally dislike it.
InformationWeek Must Reads Oct. 21, 2014InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.