CIOs who haven't moved their companies from Windows XP by now ought to be fired, some people think, but those who haven't and are still on the job have options for saving their bacon.
"Start," is the first piece of advice from Shawn Allaway, CEO of Converter Technology, which specializes in migrating businesses to new versions of Windows and Microsoft Office. Even if the project isn't completed before Microsoft ends support for XP on April 8, it's important to minimize the window of exposure during which XP runs unsupported on corporate networks.
[ Also on InfoWorld: Windows 7, XP vulnerabilites doubled in 2013, security firm finds. | Windows 8 left you blue? Then check out Windows Red, InfoWorld's plan to fix Microsoft's contested OS. | Microsoft's new direction, the touch interface for tablet and desktop apps, the transition from Windows 7 -- InfoWorld covers all this and more in the Windows 8 Deep Dive PDF special report. | Stay atop key Microsoft technologies in our Technology: Microsoft newsletter. ]
Those who haven't started yet probably should be fired for leaving their businesses open to the impending threat, he says. "This is not like Microsoft dropped this on you six months ago," he says. "You're putting your organization at risk."
That threat is that vulnerabilities discovered after April 8 will never be patched by Microsoft, leaving Windows XP open to an ever expanding range of attacks. In addition, many applications will no longer be supported when running on Windows XP, Gartner warns.It's possible and even desirable to sign a custom support contract with Microsoft that provides continued upgrades after the end-of-support date, but it is also expensive, says Directions on Microsoft. If that's not possible, the main goal is to minimize risks caused by using unsupported XP, which means a review and possible beefing up of security.
Isolating XP machines on corporate networks and limiting what devices they can communicate with is essential, and there are tools for this. For instance Unisys Stealth can limit a machine's access to other machines and hide it from attackers, says Unisys CIO Dave Frymier. A Stealth shim in the IP stack of XP machines sits between the link and network layers to decrypt IP payloads if it can and drops packets when it can't. A machine can talk to another only if it is a member of the same community of interest as defined by Active Directory, he says.
Migrating isn't a quick process, and the larger the network, the longer it takes. The rule of thumb is that for a 10,000-desktop network with 15 offices, it will take two to three months to complete the project, Allaway says.
A first step toward the transition is testing application compatibility with a newer operating system, getting new licensing agreements and assessing the need for and buying new hardware.
Like any OS rollout, this one will be done in phases. Organizations that think they'll miss the deadline should prioritize their applications and users and migrate the most important and most vulnerable first to reduce the risks, Gartner says.