Despite looming end of life, XP remains primary laptop OS

Fiberlink study finds nearly half of laptops still run Windows XP, and users show pattern of risky behavior that will persist long after they are migrated

Examining data from one million devices, Fiberlink, a mobile management firm, examined the often forgotten part of mobility in the workforce -- laptops. While IT and security vendors focus on Google's Android, Apple's iOS, tablets, and smartphones, Lenovo's ThinkPad and Dell's Latitude chug along, remaining a stable fixture in the workplace. According to Fiberlink, almost 50 percent of the laptops observed in their study are running Windows XP.

Not counting extended support contracts, in April 2014 IT and security managers will be forced to face the fact that Windows XP has reached end of life. As is the case with other operating systems, XP will remain as a legacy installation and cause its own share of risk in some cases. However, the explosion of mobile in the work force, which includes laptops procured years ago that now live their life in a constant state of rotation between staff, means that organizations will have some choices to make.

[ Windows 8 left you blue? Then check out Windows Red, InfoWorld's plan to fix Microsoft's contested OS. | InfoWorld has your top picks: the best Windows 8 tablet laptops, convertibles, and Ultrabooks. | For a quick, smart take on the news you'll be talking about, check out InfoWorld TechBrief -- subscribe today. ]

[Security experts questions if Google's Chrome Apps is worth the risk]

"Looking at the laptops we manage, we see close to 50 percent of customer devices that need to upgrade or be replaced by that time. When speaking with our customers, they are typically not enthused with migrating to Windows 8, which leaves them in a situation where many are going to upgrade to Windows 7 instead or are waiting to see what Windows 8.1 is going to bring to the table," Fiberlink explained in an email to CSO.

Organizations have had some time to prepare for the change from XP, but that doesn't mean that such deployments are finished. However, CSO was curious about the mindset of many IT managers when it came to OS changes and security, particularly management. When considering the two, IT has been looking at platforms that enable them to manage employee-owned and corporate-assigned devices from one instance, and lucky for them -- there are plenty of vendors that claim to do this in the MDM market. (No, seriously, there's plenty of options.

"We were surprised to see that almost half of our laptop customers are still running XP. That number continues to shrink every day, but it's still unclear what many CIO's and IT executives will choose as their next move," Chuck Brown, director of product management at Fiberlink, told CSO.

"We're seeing businesses consider many different options as Windows XP gets closer to the end of its support in April 2014. Potentials options include upgrading employees to Windows 7, waiting to see what Windows 8.1 feels like, and even moving straight to the Windows Surface Pro 2."

Employee-owned laptops (much like employee-owned tables and phones) are a growing trend and a source of risk. IT doesn't want full control over these devices, but if they're being used to access sensitive data or communications, there needs to be some sort of visibility and management, such as pushing patches or enforcing VPN usage.

[Attacks multiply as hackers target unpatched IE flaw]

Speaking to CSO, Brown, said that the enterprise is certainly not abandoning the laptop. In fact, it's quite the opposite as CIO's and IT executives are just as concerned about managing laptops as they are about phones and tablets. All of these devices have the same concerns related to compliance, protecting corporate data and applications. But laptops are just one part of the BYOD profile.

Prior to examining laptop usage, Fiberlink looked at other security metrics, including the use of passcodes on mobile devices. According to a random sampling of 1,000 customers, a majority of the passcodes allowed by IT are simple PINs (93 percent). Of those devices with PINs, 73 percent require a length of 4-5 characters, while 27 percent require greater than five characters.

Further, in July, Fiberlink looked at data risk, and discovered that of those employees who use either a personally owned mobile device, or one issued by their employer, 25 percent of them saved work-related documents into a third-party application (e.g., Dropbox, Quick Office, or Evernote); 20 percent said they've copied work-related documents into personal email; and 18 percent noted that they've used mobile devices to bypass IT's Web filtering policies.

Again, laptops with a soon to be expired OS are just one part of the problem, as this data clearly shows. Long after employees are migrated away from XP, the little things such as weak PINs and risky data handling will still pose the most risk to the business. This is why mobile device usage is such a hot topic, and just like laptops were mid-90s, something that will require planning and time before IT can get a solid handle on it.

[Despite risk of aiding hackers experts favor disclosing vulnerabilities]

Today's workforce is a mash-up of personal and professional gadgets, platforms, services, and applications. IT can no longer sacrifice personal usage over professional, so they're looking for ways to make them work together securely, but making that solution look as good in reality as it does on paper, is easier said than done.

This story, "Despite looming end of life, XP remains primary laptop OS" was originally published by CSO.

Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Join the discussion
Be the first to comment on this article. Our Commenting Policies