Firms not ready for Windows XP end-of-life could face compliance risks

In less than a year, Microsoft ends support on Windows XP. Companies must have a migration plan or face compliance issues

With less than a year left before Microsoft pulls the plug on its still-widely used operating system (OS) Windows XP, companies must have a migration plan or risk facing compliance issues, warn analysts.

Microsoft will end support for Windows XP and Office 2003 by 8 April, 2014. The software giant warned on its website that “If your organisation has not started the migration to a modern desktop, you are late.”

According to Microsoft, the average enterprise deployment can take 18 to 32 months from business case through full deployment.

“To ensure you remain on supported versions of Windows and Office, you should begin your planning and application testing immediately to ensure you deploy before end of support,” it said on its website.

Research firm Gartner has predicted that more than 15% of medium and large enterprises will still have Windows XP running on at least 10% of their PCs after Microsoft support ends in April 2014.

“Organisations must conduct several analyses on their application portfolios to help safeguard the organisation after XP support ends, and in preparation for Windows 7 or 8 migrations,” advised Michael Silver and Steve Kleynhans, vice-presidents in Gartner’s client computing team.

“For critical applications that can run on Windows 7, consider moving these users first. If Windows 7 can't be used, prioritise these applications and users so that you can move them as soon as possible,” they further advised.

According to Kevin Beadon, head of workspace & mobility at GlassHouse Technologies,the next two months will be a tipping point for businesses that need to migrate applications.

“Those that fail to implement a migration or contingency plan over the next couple of months will risk not being able to move their applications in time and come next April’s cut off point, may face compliance issues,” warned Beadon.

Companies need to guarantee that they are keeping pace and adapting their workplace to suit legalisation requirements and new IT environments, experts said.

“This means ensuring they have the most effective tools in place to carry out the migration and to maintain any new technology following deployment,” said Beadon.

Last-minute XP migration advice

Keep these five things in mind as Windows XP end of life approaches.

End of support for Windows XP also means that Microsoft will stop developing security patches for it and new vulnerabilities will continue to impact Windows XP on a regular basis. These vulnerabilities could include critical flaws that could allow an attacker to take over or cripple a PC running it bringing new risks to the business, Beadon said.

In addition, companies that made software for XP will also stop developing applications for it.

“Why would companies such as McAfee, Symantec, Kaspersky or Trend Micro bother maintaining a product for an OS that is, for all intents and purposes, dead?” asked Gabe Knuth, a Microsoft application and desktop virtualisation blogger on Computer Weekly’s sister site.

“The bottom line is that running Windows XP in your organisation on anything other than a desktop with no network connection, floppy drive, USB ports, or CD drive is an outright liability, bordering on irresponsible,” Knuth warned.

Some enterprise customers such as Jaguar Land Rover have already started migrating to Microsoft Windows 7. The upgrade is part of JLR’s multi-million pound five-year IT project.

“We have decided to upgrade to Windows 7 instead of Windows 8 because a majority of our engineering apps are still built for Windows 7," said Gordon McMullan, its chief technology officer (CTO).

Many applications will no longer be supported while running on Windows XP. Organisations may be on their own to resolve issues and problems, which could result in system downtime, according to Silver and Kleynhans from Gartner.

Glasshouse’s Beadon also highlighted legal issues around Data Protection Act which requires businesses to use up-to-date software to protect information.

“If companies are using outdated operating systems with no support, then this could be deemed as a breach of the Act,” he said.

“Companies should use the next 12 months as an opportunity to evaluate the benefits of a flexible workplace strategy, while at the same time making the migration away from XP in good time before the 2014 cut-off date.”

Read more on Datacentre performance troubleshooting, monitoring and optimisation