If you cast your mind back to this week in 2001 – when Kylie Minogue was top of the charts with ‘Can't Get You Out Of My Head', dial-up Internet was the norm and Windows XP was released, it seems like a lifetime ago. However, whereas most things from that year have been consigned to the history books, Windows XP is still widely used and this is causing headaches for CSO and CIOs alike.
With the legacy of this year's WannaCry attack still leaving organisations smarting, the virus did serve an important purpose in making the security flaws of Windows XP more apparent. XP's susceptibility to cyber-threats, thanks to the lack of patches issued by Microsoft once the product reached its end of life, gained highly publicised ridicule; so much so many believed that the software had led to the proliferation of the virus, and even prompting Windows to issue a fix in a move that deviated from ‘standard servicing policies'.
Even after XP's involvement in spreading the virus was downplayed by security experts, it still left the overarching concern that use of unsupported Windows XP applications is still rife; especially among high-profile targets such as the NHS, that hold highly sensitive data. So prolific is the problem that, as a recently published Freedom of Information Act revealed, over 1,500 of Greater Manchester Police's PCs are still running the legacy platform. That's just over 20 percent of their total – with the only explanation given that “complex technical requirements from a small number of externally-provided specialised applications.”
Granted, it is a well-known industry fact that while the advantages of upgrading to a more contemporary version of Windows may seem obvious, migrating old applications to new platforms can cause huge incompatibility problems. Often left with little other than the uninviting option of rewriting in-house applications, many find themselves doing nothing with a lack of budget, expertise or inclination to do so. The outlook is often even bleaker when, such as the case of Greater Manchester Police, the applications have come from a third-party resource that may not even still be in business, therefore nullifying any opportunity to fix the problem in the first place.
So where does that leave us?
When there's seemingly no other realistic option than to ‘keep using the old stuff', it becomes far more obvious why use of XP is still so widespread. Above all, if the applications are working with the same level of operational efficiency that they always did, why would they go through the pain-staking and costly resolution of migrating them without immediate and obvious risk?
But warnings from security experts regarding the use of antiquated platforms for business use are out there; many spokespeople across the industry, from academics to vendors to analysts, have said that it is not enough to have the best security tools in the world if running an OS that is no longer updated.
That said, organisations may find themselves with legacy applications that they are not ready to say goodbye to in favour of modern successors, and in some ways the benefits of familiarity outweigh the attractiveness of updating them. After all, if the organisation has no choice but to run the application, then surely there must be a way to reduce the risks presented by the legacy operating system and run on a more secure and supported operating system?
Fortunately enough, app delivery has moved on from these constraints with the arrival of compatibility containers.
Compatibility containers can free enterprises from running unsupported environments, and allow old applications to run in new systems by packaging them up and moving them without changing any aspect of the way in which they work.
Through redirection, isolation and compatibility, the previously unsupported applications can be run unchanged on the modern, supported and secure operating systems which allows them to keep the same characteristics, but with the same level of compliance and security as their modern counterparts.
With the current IT landscape the way it is, it is so important for organisations to make legacy application planning a big priority, as even more platforms reach their end of life. Even more important still, enterprises should find peace in the knowledge that these security risks need not signal the end of the road for important applications that there is no business reason to part with.
Contributed by Mat Clothier, CEO, CTO and Founder at Cloudhouse
*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media or Haymarket Media.