Email inboxes around the globe are filled though January with a flurry of IT market and technology predictions. I’ve been guilty of writing them in the past but chose not to this year. However, a few people have nudged me and requested at least a summary or a few ideas on a few significant IT security areas to consider through 2020 (not predictions). One thing I can convey with certainty, is that fact we actually don’t know what will happen in the security arena moving forward, we can assume and theorise but don’t really know. The business and technology landscape has never been more uncertain, with well skilled and financed attackers (at times more so than the defenders) due to the potential for immense rewards. To that end organisations need to be aware, pragmatic, agile with effective security controls and actionable remediation strategies to help them deliver “Secure IT”.
So, what might happen
The “Windows 7” platform will be a highly targeted attack vector (whether embedded, full function or other). Whilst many users remain emotionally and operationally wedded to the now reliable and robust legacy operating system, the end of operating system support and patches for Windows 7 software platforms means enterprises as a minimum must evolve away from Windows 7 to Windows 10 or to another secure and supported operating environment. If a move from Windows 7 cannot be undertaken in a timely manner, compensatory controls for example the use of virtual patching may add a layer of defence but that will very short lived. A move from the Windows 7 operating platform is the only outcome to maximise user and system security.
Next up, “connected things”. IOT is the collective term frequently used to describe connected devices, often without an interface for human input but “connected things” collect, process, transmit and sometimes store data. The sheer volume of connected things increases the security challenge with defenders requiring real time visibility, always on controls as they seek to minimise or eliminate the potential for attack. To make matters worse, many of the “things” become invisible to the human eye hidden in ceilings, behind walls or embedded in other devices. But they remain highly visible to attackers are easily located with simplistic scanning tools and can be used to launch highly damaging attacks (or as a beachhead to enter a networked environment). Visibility visibility visibility is everything – you can’t secure things you cannot digitally see. Connected device visibility platforms or advanced NAC systems help to determine the type, status, behaviour of all connected devices. This allows them to determine posture, grant and revoke access, supply data inputs to asset and CMDB databases but more importantly to help organisations to create and maintain a baseline of “normal or known good security”.
And last but not least, “the human vector” remains a key consideration in 2020. Un-informed users have the potential to become the weakest link in the security chain, but informed, engaged, security conscious users become one of the most significant elements of optimum security. Users have the power to make intellectual and dynamic decisions, interpreting situations in a way technology based controls cannot. With users as educated, security advocates and technical security controls working together in harmony, end to end optimum security becomes a reality not a dream.
As a recap, to maintain a security by design and by default in 2020 for users, business & consumers, three areas will be high on my list:
- Acceleration of the move from Windows 7 (or to secondary compensatory security deployed if a platform move is not possible)
- Optimum visibility of connected things (traditional connected devices and IOT) to ensure they can be located, patched, secured.
- Inspirational education of “the human” to intentionally become the strongest security link in the digital chain.
Through 2020 we must strive to make intentional security simple to consume, manage, operate and EFFECTIVE. This will help users, organisations and the industry to shift the current mindset and position security positively as the essential enabler of the digital world. Its time to start now, start today.
Until Next time.
Business Line CTO Networking and Security – Computacenter UK
With the imminent approach of the end of support of Windows XP (April 2014), questions on many customers’ minds include “can’t we just stay on Windows XP?” or” Can we just pay Microsoft some money to extend my support to mitigate my risks?” Both of these questions have been asked of me in the last two weeks. Having just had sight of the magnitude of costs involved for extending Windows XP support, let’s explore both of those questions and the extended support costs.
The move to Windows 7 or Windows 8 away from Window XP is an emotive decision for many customers. They can often feel forced to migrate and can struggle to identify the material benefit of migration. This is certainly true in terms of pure direct cost savings against the cost of transformation. But fiscal benefit is of course completely separate to improving the experience of users and the material improvements in functionality and supportability which Windows 7 or 8 bring. So are Microsoft unreasonable in wanting to move on and force their customer base to migrate?
Windows XP was released in September 2001 therefore By the time Windows XP becomes end of life (EOL), it will have been a supported product for 12.5 years. Usually Microsoft only support a product for 10 years, and they would argue (with some justification) that they’ve gone the extra mile with Windows XP support already. The main reason Microsoft remove support of a product though is because of the costs involved in having to support so many platforms and retrofit those platforms to accommodate new products and technologies.
Microsoft release new versions of products every 3 years, (a situation caused by EA agreements and software assurance rights) and so for Microsoft to have teams that support so many platforms (currently Windows XP, Vista, 7 & 8) it inevitably becomes commercially unviable. I also wonder (* Car Analogy Klaxon *) how many of us drive cars even 5 years old, never mind 12 years old? Yet we might consider running our business on software and technology that was developed over 10 years ago?
If you’re a customer considering staying on Windows XP, why move? Inevitably, the eco system around Windows XP platforms will close. Your organisation will be forced to change in time. Software vendors (for the same reasons as Microsoft), want to call time on older, legacy versions of their products too. Hardware vendors (and it’s already happening), will not provide drivers and downgrade rights to older versions of operating systems on newer equipment.
All that new equipment you were thinking of buying in the next year or so but downgrading to Windows XP probably won’t be able to run Windows XP. Also, it should considered that whilst it might be possible to sweat an asset for an indefinite period of time, (until it fails) at some point support and maintenance of really old equipment actually starts to cost your business more. Effectively you’ll be paying more for support, to stay still technologically, whilst your competition embrace modern workplace working practices.
So, you’re thinking about taking a custom support agreement (Microsoft jargon for extended support)? Well, if you’re an enterprise organisation, you’re going to be looking at 7 figures minimum per year, (and I’ve seen a customer that’s been offered 3 year extended support for an 8 figure sum). There will be also be additional costs for customers who request hotfixes and security patches as well.
All good things come to an end. Windows XP has served the business world well, but inevitably technology vendors improve and enhance their technologies based on feedback and requirements from their customers.
Whilst it might be possible to put off the inevitable for a short period, the reality is that moving from Windows XP must happen at some point in time. My recommendation to any customer would be start planning to migrate off Windows XP if you haven’t already and consider using that contingency/extended support fund you would have used to stay on Windows XP and get on with the business of migrating. Migrating any volume of users before the EOL date of Windows XP has to be better than none.
…..and finally, if you have to make a change, make it a good one. There are many benefits and opportunities available to your business in moving to a new platform, make sure you understand what they are and communicate them. Show your user community that this change is a positive one for the business.
With the very recent release of Windows 8, many companies that haven’t started moving to Windows 7 already will surely be asking themselves; “should I deploy Windows 7 or Windows 8”? In fact, only this last week I’ve been asked this very question twice by customers. So, assuming you’re not one of the 50% of organisations already committed to Windows 7, what should your organisation consider doing? Which is the right choice and why?
It’s no coincidence that any new version of Windows is ready and available to supply to Microsoft’s OEM channel partners in September of any given year. Christmas will soon be upon us all, and there are presents to be bought, whether for loved ones (or ourselves!) and this gives you a good indication of who Windows 8 is primarily aimed at in this first wave of enablement. In fact, (as warned previously), you’ll no doubt have seen the Windows 8/Surface/Windows 8 phone campaigns begin in earnest, entirely to this end, to sell to home/consumer users. Uptake in consumers drives uptake in business, a lesson that Microsoft learnt a long time ago.
With Windows XP the predominant operating system for the vast majority of the remaining 50% of companies yet to upgrade, and with Windows XP support ceasing in April 2014, that gives these customers around 16 months with which to try and get off the older platform if possible, (of course, some won’t make it in time given their organisations size and plethora of legacy applications). A typical 2000 seat organisation for reference takes around 12 months to plan, design, test, enable and deploy Windows 7; though don’t quote me if you don’t plan and prepare well enough. (You’ve been warned).
Windows 8 clearly brings some very attractive features for enterprise, specifically of interest are the following : –
- quicker boot up, stability and performance of the OS
- Improved security
- The improved search function (which is really excellent)
- Internet Explorer 10
- Longer support lifecycle(remember it’s 10 years from release for any MS product)
- Windows 8 to go – allowing boot from USB drives
- Internal application store for self service applications of your apps
- Touch UI for touch enabled applications (such as Office 2013)
Having used Windows 8 for some time now, (on both touch optimised device, and non-touch optimised device), without doubt, Windows 8 is better with a touch experience. Yes, the Windows Modern UI is excellent, but there are functions and features you still need a keyboard and mouse for to make the experience less irksome. Secondly, there is a learning curve with Windows 8; things aren’t where you’re going to expect them to be or do what you expect them to do sometimes.
As an example when I gave my wife a Windows 8 device initially, she didn’t like the experience at all, yearning for the ways she’s used for as long as she’s used a PC (which is a long time….. ). Other experienced long term users of Windows also report much the same, (me included). With consumer deployment well established in perhaps 12 months’ time you’ll probably not have this problem but if you’re considering going early, you’ve got to consider the learning curve and factor in additional training costs.
Finally (as this is just a blog, not a whitepaper), it’s likely your existing hardware estate of the last few years will support Windows 8 right out of the box, in fact, I doubt you’ll struggle to make it run on equipment of up to 5 years of age, these devices however won’t have touch. The early devices that have touch are going to be great, but will be improved upon, and of course, importantly will come down in price, so again, Windows 8 touch optimised kit will come with a premium on your typical laptop cost of say £500 per device, with many slates likely to be £800 and upwards initially.
Right now, it’s most likely that Windows 7 offers most organisations the best choice for their corporate desktop deployment and Windows 8 for slates, Ultrabooks and touch enabled devices. Windows to go might also offer you some benefit for flexible/home working practices (without the cost of additional hardware supply on the company’s part).
Windows 8 offers some great technology and features, but the added time, complexity of readiness (some features) and costs involved just make it another unnecessary time delay and barrier to deploying a supported and stable platform. For these reasons; unless you have specific scenario that would be of benefit on Windows 8, Windows 7 remains my recommended platform of choice for the vast majority of your business.