This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

The information security implications of change

Share this article:
The information security implications of change
The information security implications of change

Microsoft has recently warned businesses that they should be well on the way to upgrading their legacy desktop environments.

It announced some time ago that it will end support for Windows XP and Office 2003 on 8th April 2014, with Server 2003 following suit a year later in July 2015.

For many, the passing of Windows XP and Windows Server 2003 does not sound a significant landmark. The architecture upon which the systems are based is over a decade old, and there have been several landmark advances within the software market from all major players.

However, for many industries, the death knells for support on what have become corporate IT system cornerstones over the past decade pose significant risks to the enterprise environment. Gartner has predicted that more than 15 per cent of medium and large enterprises will still have Windows XP running come April 2014.

While the large, cash rich businesses have the buying power and support teams in order to replace their entire infrastructure in a structured and resourceful manner, or have the investment in firewalling in order to be able to isolate the critical systems from the outside world; the majority of businesses do not have the same luxury.

The migration of corporate systems from a 2003 platform to an efficient, supported environment going forward is a significant IT headache. The rollouts of updated OS deployments bring their own flavour of issues within a number of critical areas. Functionality, security, business continuity and a timely and structured response must all be considered.

However, at a time when budgets are being squeezed, many company and policy decisions are being made with an eye on outspend and without a structured view on the wider implications.

While the rollout of updated server hardware poses a significant headache within corporate infrastructure, the majority of IT technicians are used to overcoming upgrade issues, and have built in disaster recovery plans.

However, the elephant in the room still remains with the vast quantities of PCs, laptops and workstation devices that form the backbone of the vast majority of modern business life. If systems have been updated over time, this risk is much lower.

However, for many companies, the vast swathes of XP devices deployed nationally, and often internationally, all require a structured upgrade path and often hardware replacement and continue to pose significant headaches for IT directors worldwide.

Even within medium-sized enterprises, the upgrade path is significant and requires the backend system to be appropriately configured to support the new systems. This must be achieved without compromising the existing system security or functionality and incorporating procedure to close the weaknesses inherent from the legacy environment once all systems have been migrated.

There are significant logistical issues to be incorporated in such deployments, and with the time taken to process change requests and gain approval for widespread change, those companies not seriously considering the implications of laissez-faire attitudes towards system change may lead to significant difficulties and outlay in the near future.

By considering the long-term corporate position and planning ahead, the transition into a new generation of IT systems can be achieved with the minimal disruption. Furthermore, the significant upheaval caused through the upgrading of core infrastructure provides an opportunity for all businesses to review, and place a consideration for good corporate information security practice at the core of their deployed infrastructure.

It is possible to iron out the inherent weaknesses within many older systems without disrupting the service or functionality of the corporate environment.

Sam Raynor is a consultant at Information Risk Management

Share this article:
close

Next Article in Security Cats Blog

Sign up to our newsletters