Firms not ready for Windows XP end-of-life could face compliance risks

In less than a year, Microsoft ends support on Windows XP. Companies must have a migration plan or face compliance issues

With less than a year left before Microsoft pulls the plug on its still-widely used operating system (OS) Windows XP, companies must have a migration plan or risk facing compliance issues, warn analysts.

Microsoft will end support for Windows XP and Office 2003 by 8 April, 2014. The software giant warned on its website that “If your organisation has not started the migration to a modern desktop, you are late.”

According to Microsoft, the average enterprise deployment can take 18 to 32 months from business case through full deployment.

“To ensure you remain on supported versions of Windows and Office, you should begin your planning and application testing immediately to ensure you deploy before end of support,” it said on its website.

Research firm Gartner has predicted that more than 15% of medium and large enterprises will still have Windows XP running on at least 10% of their PCs after Microsoft support ends in April 2014.

“Organisations must conduct several analyses on their application portfolios to help safeguard the organisation after XP support ends, and in preparation for Windows 7 or 8 migrations,” advised Michael Silver and Steve Kleynhans, vice-presidents in Gartner’s client computing team.

“For critical applications that can run on Windows 7, consider moving these users first. If Windows 7 can't be used, prioritise these applications and users so that you can move them as soon as possible,” they further advised.

According to Kevin Beadon, head of workspace & mobility at GlassHouse Technologies,the next two months will be a tipping point for businesses that need to migrate applications.

“Those that fail to implement a migration or contingency plan over the next couple of months will risk not being able to move their applications in time and come next April’s cut off point, may face compliance issues,” warned Beadon.

Companies need to guarantee that they are keeping pace and adapting their workplace to suit legalisation requirements and new IT environments, experts said.

“This means ensuring they have the most effective tools in place to carry out the migration and to maintain any new technology following deployment,” said Beadon.

Last-minute XP migration advice

Keep these five things in mind as Windows XP end of life approaches.

End of support for Windows XP also means that Microsoft will stop developing security patches for it and new vulnerabilities will continue to impact Windows XP on a regular basis. These vulnerabilities could include critical flaws that could allow an attacker to take over or cripple a PC running it bringing new risks to the business, Beadon said.

In addition, companies that made software for XP will also stop developing applications for it.

“Why would companies such as McAfee, Symantec, Kaspersky or Trend Micro bother maintaining a product for an OS that is, for all intents and purposes, dead?” asked Gabe Knuth, a Microsoft application and desktop virtualisation blogger on Computer Weekly’s sister site.

“The bottom line is that running Windows XP in your organisation on anything other than a desktop with no network connection, floppy drive, USB ports, or CD drive is an outright liability, bordering on irresponsible,” Knuth warned.

Some enterprise customers such as Jaguar Land Rover have already started migrating to Microsoft Windows 7. The upgrade is part of JLR’s multi-million pound five-year IT project.

“We have decided to upgrade to Windows 7 instead of Windows 8 because a majority of our engineering apps are still built for Windows 7," said Gordon McMullan, its chief technology officer (CTO).

Many applications will no longer be supported while running on Windows XP. Organisations may be on their own to resolve issues and problems, which could result in system downtime, according to Silver and Kleynhans from Gartner.

Glasshouse’s Beadon also highlighted legal issues around Data Protection Act which requires businesses to use up-to-date software to protect information.

“If companies are using outdated operating systems with no support, then this could be deemed as a breach of the Act,” he said.

“Companies should use the next 12 months as an opportunity to evaluate the benefits of a flexible workplace strategy, while at the same time making the migration away from XP in good time before the 2014 cut-off date.”

Read more on Datacentre performance troubleshooting, monitoring and optimisation

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

This seems to be a hype by the so-called "independent research firms" to panic us into upgrading. Properly managed XP PC's behind well managed firewalls and with current anti-virus installed should be ok for quite a while yet. Next they will be telling us that Linux systems are not compliant. If Microsoft and it's promoters are saying that upgrading is going to be mandatory then where are we?
If we go the whole way into the cloud with Azure and Office365 then what possible compliance issues could there be with just XP and a Browser being required?

It's more about the revenue than compliance....


The end of the world is neigh...scaremongering much?


It’s true that there are huge potential risks for companies that have not fully migrated by the April deadline and the project will only get bigger with each new version of Windows; it is already estimated that a migration from Windows XP to Windows 8 will take an additional 5% of time, cost and effort compared to a migration from Windows XP to Windows 7. However, there are several ways to achieve a successful Windows migration; for example by understanding exactly which apps are used, not just the top 30 or 40, but every single app - including web apps and those delivered through virtualisation technologies, plus the dependencies between apps, plug-ins and batch files, project managers can speed up migrations and cut the risk of non-completion.


I have bought a PC with Windows 8 on it. None of my MS DOS programs will work on it. I *do not* have 5 grand stuffed down the back of the sofa to be able to nor do I really want to fix something that isn't broken. WHY, WHY, WHY am I being forced to throw all my DOS programs away to line Microsoft's pockets? I am worried that come next spring I won't be able to work and earn a living!

I will add that if Microsoft don't fix this so that I can port my 16 bit software and use it - then if I really, really really have to "upgrade" and replace my DOS programs, then I will go down the LINUX route.

I can not believe that Microsoft are doing this to me an d millions of other DOS program owners.

WHY am I being forced to throw my DOS programs away? Why can't I and I presume a great deal of other people not just be given appropriate support for our machinery?

I really am not happy about this at all. Damn Microsoft! Damn them !


The simple answer to your question is Return On Investment. There's no ROI for supporting an ever diminishing set of users that have antiquated applications that often will only run on old hardware using an operating system that is basically a hack job compared to the state of the art.

However, all is not lost - if your DOS programs run under WinXP (I assume they do, otherwise, you are already out of the "supported" realm for your operating system), then they should run just fine with Windows 7 32bit. The "End of extended support" for that system isn't until Jan 2020.

I do agree that if (when) you find yourself having to re-write applications, Linux isn't a bad idea because you'll most likely be able to port that more easily going forward.


Sorry Tom,

Dos Box doesn't quite do what I want it to - but I uinderstand dbDOS from dBase Inc might do. I am waiting on them with a few questions


Okay. This makes no sense. I visited the microsoft product lifecycle search page. And it told me xp was going to be out of date. Then I looked at Windows Server 2003. And it told me it would still be active till 2015. Windows Server 2003 is based off of xp. So why would they let that happen. Im trying to figure it out still


Glasshouse’s Beadon also highlighted legal issues around Data Protection Act which requires businesses to use up-to-date software to protect information
Very interesting and useful. Could you please call out the actual part of the Act that is being referred to here. Many thanks.


I FULLY agree with flig50, people do need to move with the times, as an MSP I am seeing a lot of negativity from my clients to change over and upgrade by April 8th and a lot feel that this is like a big TAX on their business. However I as a support company I can not afford to dedicate time to old OS's like XP and if they don't change over they will be left behind and vulnerable to the consequences. Linux is a good option if you are going to start from the ground up, however as Windows 7 is still available and supported till 2020, its still the best option for any business to move to. Yes, if in 2020 MS have not fixed there OS and made something that is usable and productive like XP then the only option would be to go Linux. Here in the UK we are trying our hardest to let business know of the up and coming XP EOL but know one is really listening which is a real shame.


School districts are not as affected. We still have machines with Windows 2000 for century 2000 typing and local workstation stuff. But Windows XP will be with us for at least 2 more years or until adobe, java and other plugins stop supporting. We ended our 2000 machines support for internet about 2 years after Microsoft stopped supporting only because flash and java stopped supporting 2000. I know it is a lot of monetary hype, but for companies it may be different since Norton and other AV's build on the updates from Microsoft. However, I can bet XP will keep cranking for another 2 years. At least, I know we won't end it right away. But our hopes are definitely on adobe and the plugins for internet support, not Microsoft.


By the way, I bought a Dell GX280 at the flea market the other day for $12. I know I can install Windows 7 on it but that will be MY doomsday (canary in the mine) when Microsoft Windows XP truly goes away. I am betting a co-worker that I will continue to use your basic computing tasks, Internet and so forth for another 3 years from April 8th 2014. A hundred bucks says she can do it.