Last month, I blogged about Technology Management strategies and how to link good IT management back to a predictable IT budget. This April brings not only its usual tax day, but, crucial for IT management and business continuity, the end of support for the Microsoft Windows XP operating system. Unless you’re in the minority, look around, you’ll see Windows XP desktops or laptops. So what’s the end of support for XP have to do with increased network management costs? It means you’re going to need to upgrade old computers or risk unplanned downtime due to an exploited unsupported operating system.
Microsoft has stated that “after April 8, Windows XP Service Pack 3 (SP3) customers will no longer receive new security updates, non-security hotfixes, free or paid assisted support options or online technical content updates. This means that any new vulnerability discovered in Windows XP after its ‘end of life’ will not be addressed by new security updates from Microsoft.” IT security is a leap frogging game between those desiring to attack a computer or network and those tasked with protecting it.
The graphic below illustrates the typical IT management strategy for protecting a computer or network. Security systems are designed to prevent attacks, but what happens if an attack is not detected? Computer systems can screech to a halt and valuable data can be lost.
For years I’ve expressed to clients that someone needs to be the first to get a new virus, or be the victim of a software security flaw before patches or updates can be introduced. About four years ago, one of my clients was one of the first to get hit with a new virus. It was identified by Symantec two days prior and the virus definition update, the response, had not yet been released. Fortunately, there were good monitoring controls in place and we were able to limit the damage until Symantec got us the interim software release. The net effect was limited downtime and minimal loss of productivity.
Now let’s fast forward to April 2014. You’re a small business, say 40 employees, all with Windows XP desktops. One of your employees innocently goes to a web site with a corrupt display ad designed to exploit a Windows XP flaw. It attacks their computer and begins spreading throughout your network. What might you expect?
- IT Productivity could drop to a crawl; 40 employees times $100 an hour burden rate will cost the business $4,000 an hour. Can the technicians eliminate the issue in an hour? Probably not; could take a couple of hours just to identify the root cause.
- Do you have a solid business continuity plan addressing these kinds of issues? If you have a remote worker strategy leveraging Citrix, you might be able to get partially back in business in a few hours; now maybe up to $20,000 in lost productivity.
- The IT team says, “We’ve got no choice but to upgrade to a supported operating system like Windows 7 or Windows 8.” Ugh, now you’re hitting cash flow. The upgrade could cost $6,000 to $12,000 to purchase, but how much longer to deploy it? Couple of days to get everyone back on-line? There’s $60,000 in lost labor, but what about lost business?
- Maybe your computers are too old to run the new operating system. Now you’re spending $32,000 in new computers, another couple of days lost labor, $60,000 plus labor to deploy the new machines, and more lost business.
Get the picture? It’s just not worth it. The pennies saved while everything works can cost you thousands without any advance notice. Talk to your IT support company, IT consultant, and your peers. The gamble just isn’t worth the price.
And it’s not just Windows XP. Every piece of technology linking your network exposes you to some degree of risk as it reaches its end of life. Do you have an IT strategy or lifecycle management plan in place to mitigate these risks? Want perspectives? Check out my recent blog about technology management or just drop me a line.