Running an end-of-life (EOL) operating system is dangerous. Vulnerability is ramped up for two main reasons: the lack of security updates available, and the fact that outdated legacy applications are retained for compatibility.
In short, hanging on to a poorly supported operating system as a cost saving measure is false economy on a potentially grand scale.
The need to replace EOL software does not have to be bad news for a business, however. Instead of looking at it as an unproductive drain on resources, treat it as an opportunity for a transformative technical, operational, and performance refresh.
It's an approach that gives a whole new meaning to the acronym EOL: Embrace the Opportunity to Lift the business - not just to new heights, but literally into the cloud.
Why it's hard to let go…
Organisations grow around operating systems, and change can be a scary prospect.
Third-party applications may have been written in such a way that they only work with a certain version of Windows or iOS, and the downtime required to upgrade them may be viewed as too costly.
Legacy hardware may not be able to run newer versions of software and a technical refresh may be viewed as too complex.
Custom bug fixing and third-party patching can limit the security risk of running EOL software and might seem an attractive alternative, but it is an expensive strategy for a partial solution.
…but why you must
Security vulnerabilities are top of the list of reasons to let go, because vendors stop releasing updates for obsolete operating systems. Microsoft did issue new patches for retired software in the wake of the global WannaCry ransomware attack in May, but not before the assault crippled NHS systems in the UK.
Apart from the security risks with EOL software, reliability issues mean that downtime can soon outweigh the cost of an upgrade.
Businesses in regulated industries may also face significant fines for running out-of-date systems. In the upcoming era of General Data Protection Regulation (GDPR), operating EOL software is likely to be negligent, exposing all types of business to the risk of sanctions.
Consider the carrots as well as the sticks though. Newer software and hardware simply perform better - and that increased performance can bring about significant business benefits.
Still running XP? You're not alone
Although support for Windows XP ended in April 2014, it is still widely used across many sectors, with seven per cent of global desktops still running this operating system. Microsoft also ended mainstream support for Windows 7 in January 2015, although extended support will continue until 2020.
As the main provider of end-user operating systems, Microsoft publishes a clear timeline of its support services. The life cycle policy provides mainstream support for five years, or two years beyond release of the replacement product, and extended support for another five years beyond that. So Windows Server 2003 is no longer supported, while Windows Server 2012 has six years left to run with support.
Using cloud services can solve some problems of hardware obsolescence because upgrading simply involves switching to a new virtual server and migrating any required data. Software as a service (SaaS) is also making this easier in the application space, but you still need to effectively manage your physical IT estate.
It's time to stop running scared
Far from being something to dread, EOL provides organisations with a natural break point at which to assess the direction of their IT strategy.
EOL can be used as a transformative stage in virtualisation or a jump to the cloud. It is an opportunity to make a solid business case for ditching traditional hardware approaches in favour of a ‘cloud first' strategy, which may seem much more palatable when presented against the cost of a tech refresh or operating system upgrade.
EOL is also a great time to assess your current contracts and vendors. Many organisations simply buy more of the same out of a sense of brand loyalty, but the marketplace is diversifying and at EOL you can consider all options.
Technology can be a powerful business driver so take the best way, not the same way.
What to do next
Published life cycles allow plenty of time to budget for new software, create an upgrade plan, and manage a successful transition, so make EOL part of your wider strategic IT plan.
- Draw up an EOL roadmap for key dates and decision points for all core software
- If you are using any EOL software or legacy systems, consider why that is - and make sure you have costed the risk
A cost-benefit analysis of replacing EOL software is likely to look pretty attractive. Costs may include training staff on new software, new licences, compatibility and obsolescence issues with existing software and hardware, and programme roll-out.
But look at the benefits: compliance with key regulation, less risk of down time or attacks, and the chance to use new technologies and software to drive the business
It is the opportunities that come with technology changes that make the most compelling case for embracing EOL as a business enabler. Having the right software to support business processes can boost profitability through things like increased sales and faster turnaround.
Can you afford not to bring your software up to date?
Graeme is a Senior Consultant at Mason Advisory. He is an IT security professional with over eight years' experience in IT delivery, information assurance and cybersecurity in a high-profile and fluid MoD environment, having reached the rank of Major during his military career. He is also endorsed by the National Cyber Security Centre and the Institute of Information Security Professionals.
HP ZBook x2 offers 32GB RAM, M.2 SSD with up to 2TB storage and Nvidia Quadro GPU
Laptops should be able to offer true all-day working, and some
CGN has created an "online capability gap" between cyber criminals and law enforcement, says Europol
ISPs use Carrier Grade NAT to share IP addresses amongst multiple users
Attack revealed bugs and potential security flaws that were later exploited in real-world cyber attacks