Rawpixel.com - Fotolia
Lots has been written about the WannaCry ransomware by experts and non-experts alike. And with good reason. With so many organisations affected across the world, including high profile victims such as the NHS, it’s no wonder people have concentrated so much attention on the threat posed by WannaCry and other forms of ransomware.
Amid all the outcry over WannaCry, one of the most persistent messages has been the condemnation of affected organisations for continuing to use an operating system (Windows XP) which, in IT terms, is damn near medieval. It’s nearly 16 years old!
In an industry that takes great pride in the speed with which it evolves and innovates, that’s a seriously long time. Many technologies have come and gone since Microsoft released XP to manufacturing in August 2001. And there’s no doubt that Microsoft has been trying its hardest to wean customers away from the OS for several years now.
But XP users (and people looking in from the outside) might be forgiven for suspecting that the IT world views longevity as a curse rather than a sign of durability. And you can see why IT vendors might feel that way. Having to patch and maintain older products after they have moved onto the next big thing in our rapidly evolving industry is a burden that many IT vendors just don’t want to have to shoulder if they can help it.
But while it’s understandable, it also serves to highlight the disadvantages of the industry’s strategy of making a virtue of how fast moving it is. On one level, it shows that despite all the boasts, there are still plenty of bits of IT infrastructure that are vulnerable to attacks because they have been “left behind” as the industry has relentlessly pursued one next big thing after the other. XP is many next big things behind.
In addition, if vendors seek to implement rapid changes in technologies, there is less chance for any technology to enjoy the benefits of maturity where vendors and customers can finally enjoy a period of stability before the next disruptive phase begins.
There’s also a feeling that, despite all this talk of the fast pace of change, vendors have frequently indulged in “change for change’s sake” to coerce customers into upgrading their IT equipment more often than they have to. This process of incessant change means the IT infrastructure of many organisations is threaded through with remnants of older technologies. Those technologies create vulnerabilities, although it could be argued they might be unsafe not because of their age but because of vendor indifference to their maintenance and preservation.
In other words, the rapid pace of evolution in IT creates an environment where vulnerabilities can flourish because vendors are able to move onto the next innovation before anyone can force them to shoulder full responsibility for their earlier technologies.
The industry has a habit of urging customers to upgrade for fear of falling behind but you could just as easily argue that they’re doing it for their own benefit. If customers don’t upgrade quickly enough, vendors might have to spend more time supporting their existing product instead of replacing it with another one. Ironically, it is precisely because of this policy of permanent revolution that organisations are often left vulnerable to attack via their continued use of technologies that have never been properly maintained by the vendors.
After all, if you’re constantly moving forwards, you never have to look back.