On April 8 2014, support for Windows XP and Microsoft Office 2003 will be coming to a formal "end of life" (EOL), where Microsoft will cease online technical support in the form of software updates and security fixes. This could potentially create a number of serious problems for any organisation still running on this operating system, as it is not designed to handle the challenges of today, such as the increased exposure to cyber-attacks and demands for more data privacy. However, with Windows XP still being the second-most common operating system in use with an approximately 38% market share globally, there's a lot that needs to be done.
But what are some of these risks that organisations face should they continue using Windows XP? Firstly, the most important technical issue from Windows XP's EOL is the end of automatic delivery of free security patches to fix known vulnerabilities. This is effectively like telling burglars where you've hidden your spare keys. It's likely that within a few short weeks of the EOL date, hackers will exploit new vulnerabilities in Windows XP to gain entry into IT infrastructure by taking advantage of the gaping "open door".
Also, it's not just Microsoft that will end support for Windows XP, but expect key security and software companies - like Symantec, McAfee, and Trend Micro - to follow suit by ceasing or dramatically cutting back support. While existing software can still run, the lack of updated virus signatures and technology to stop the latest threats will make Windows XP systems effectively defenceless. The other piece in the jigsaw is that companies which provide tools like mobile
device management (MDM), identity management, virtual private networks (VPNs), Public Key Infrastructure (PKI) management, and more, will also face the same decision processes.
There are also the legal liabilities that could arise. Singapore's Personal Data Protection Act (2012) mandates that organisations must make "reasonable" security arrangements to protect personal data in its possession or under its control in order to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or "similar risks". Clearly, Windows XP will not meet that standard after the EOL date, and this could potentially lead to organisations facing legal liabilities if a security breach that compromises users' personal data originates from one of their PCs.
While organisations can continue to receive patches, this will come at a hefty fee ranging from $600,000 to $5 million for the first year alone, with Microsoft indicating that it will rise in subsequent years. Clearly, this is not cost-effective at all. And if organisations simply continue using Windows XP without patches, they leave themselves exposed to almost all security breaches and the cost of remedying that - not to mention restoring customer trust - would be even larger. It is clearly more cost-effective in the long run for organisations to procure new devices and migrate their users to a more updated operating system like Windows 8.
Sign up for CIO Asia eNewsletters.