Microsoft's looming end-of-support deadline for Windows XP isn't motivating some organizations to upgrade. But they face looming trouble spots.

Kevin Casey, Contributor

July 23, 2013

8 Min Read

10 Hidden Benefits of Windows 8.1

10 Hidden Benefits of Windows 8.1


10 Hidden Benefits of Windows 8.1 (click image for larger view)

Companies and individuals, perhaps especially those in the technology industry, often use the phrase "end of life" to describe the culmination of a product's lifecycle. In the case of Windows XP, the phrase is somewhat of a misnomer: While Microsoft will end support for the longstanding operating system next year, it's not as if XP-based machines -- and there are still millions of them in use today -- will suddenly die.

Running an unsupported OS does create valid concerns around security, drivers, performance and so forth. Once Microsoft stops issuing updates, you'll be left to your own devices on those fronts. Nonetheless, some businesses that still use XP today don't have April 8, 2014 -- the date Microsoft will stop supporting XP -- circled on their calendars. Their reasons vary, but as one managed services provider (MSP) put it recently, XP is still widespread because it works. That's not likely to change overnight.

Yet while some companies and IT pros are comfortable with the risks of running an unsupported OS, they face other requirements and challenges -- some of which have only an indirect relationship with XP's end-of-life date -- that may force them to upgrade. Let's look at three of those scenarios.

1. An Unsupported XP May Mean You're Non-Compliant

Much of the XP end-of-life discussion understandably focuses on security. Microsoft regularly issues updates and patches to fix issues that the bad guys could otherwise exploit, which has led IT and security pros to wonder: What will happen when those fixes stop coming? (The answer varies depending on who you ask.)

[ Is Microsoft patching fast enough? See Overcome The Microsoft Mindset: Patch Faster. ]

What you hear less about is a related issue: the complex world of compliance. That's indeed a source of anxiety for some companies still running XP, though. MSP and Microsoft partner Valor IT caters to many healthcare firms, and some of them are still running XP. That could put them in regulatory hot water next year, according to Valor's business development manager, Christian Castro.

"One of the big concerns in healthcare is that an end-of-life operating system could be interpreted as not being HIPAA-compliant and grounds for federal fines in case of an audit," Castro said via email interview. "I have spoken with some healthcare providers that are going to continue to use XP and remove all security concerns by essentially making them thin clients that securely connect through a terminal server to access sensitive information."

In another heavily regulated industry, banking, there's no gray area. Banks and credit unions with ATM machines still based on XP will be considered non-compliant with payment card industry (PCI) guidelines as of April 8 unless they have an ongoing support contract, which can be expensive, according to Dean Stewart, senior director of core solutions product management at the security firm Diebold.

"PCI guidelines require that financial institutions provide current operating system patches, security updates and software support for their ATM fleets," Stewart said via email. "Financial institutions unable to upgrade to Windows 7 by the April 8 deadline face increased risk of noncompliance if they cannot adequately support -- and demonstrate that they are supporting -- operating system patches and software upgrades that ensure the security of payment card data."

Penalties for PCI violations aren't widely publicized, according to Stewart, but estimates run anywhere from $5,000 to $100,000 every for each month of noncompliance. "That can be catastrophic to the bottom line, especially for smaller financial institutions," he said. That leaves these institutions with little choice unless they can procure -- and afford -- an ongoing support contract.

"The simplest way for banks and credit unions to protect themselves from potential penalties is to upgrade to Windows 7 by the April deadline," Stewart said.

2. Microsoft May Make It Harder To Downgrade Windows 8

Eric Schlissel, CEO of GeekTek IT Services, said some of his XP-based customers are worried about a murkier deadline than the actual support cutoff: the point at which Microsoft may make it difficult to downgrade new hardware running Windows 8 or higher. Today, downgrading to Windows 7 is relatively painless, according to Schlissel, provided you've got the proper images and licenses. He's got an ample supply of both, and downgrading a Windows 8 machine just takes an hour or two per user.

Schlissel's fear -- and specifically that of several of his customers who intend to run XP past the end-of-life date in order to stretch their hardware budgets -- is that Microsoft may eventually make it tougher -- for technical, licensing or other reasons -- to downgrade to Windows 7 on new hardware purchases. Microsoft could want to do that to encourage wider adoption of Windows 8.x and the company's broader reinvention as a devices and services company. The reason why that's a problem for Schlissel's clients: The ones that have tried Windows 8 universally dislike it. "We've found that Windows 8 negatively impacts the productivity of our clients' employees, and we are not looking forward to the day [when it] becomes mandatory," Schlissel said in a phone interview. While Windows 8.1 may offer some improvements from a usability standpoint, Schlissel doesn't believe it will be enough to convince his business customers to use it. "There will still be a steep learning curve," he said. PCs, especially laptops, remain the favorite device for his customers; tablets have certainly entered those offices, too, but often for very job- or app-specific uses, rather than in mainstream operations.

As a result, Schlissel has discussed with some of his XP-based clients the possibility that they may want to move to Windows 7 sooner than planned to avoid the possibility of being forced to upgrade to Windows 8.x later. GeekTek doesn't sell much hardware; rather, its business is built mainly around services. The firm effectively acts as virtual CIO and co-managed help desk for small and midsize businesses (SMBs), usually in the 15- to 150-employee range. Schlissel's customers typically have direct accounts with an OEM, usually Dell or HP; some of the smaller customers buy hardware from sources like CDW or Amazon.com. It's not far-fetched to envision Microsoft increasing pressure on partners to stop selling Windows 7.

Schlissel said he's not using this line of thinking as a scare tactic to spur sales. "We don't make money on them upgrading," he said, adding that GeekTek's services are typically all-inclusive. "What we do is make them happier by deploying Windows 7 as opposed to Windows 8, and that makes us look better. It makes the [client] relationship a lot easier to navigate when they're not unhappy with their computer systems. I see it as helping our clients utilizing the technologies that they are used to and not [having] to make these massive changes to the way that they work."

3. Want To Upgrade Microsoft Office? You'll Probably Need To Dump XP

Application compatibility is a common reason some businesses stick with an older OS. The pain, real or perceived, that comes with moving to a new OS isn't so much in the OS upgrade itself, but in migrating business-critical applications without impacting productivity or stability.

In similar-if-somewhat-reverse fashion, the minimum requirements to run certain software applications could eventually force XP users to upgrade to Windows 7 or higher. In fact, another uber-popular Microsoft product -- Office -- could ultimately force XP stalwarts to update. Office 365 and Office Professional 2013 both require Windows 7 or higher, noted Castro of Valor IT, adding that the cloud-based version also requires Office 2010.

"This is where Office 365 becomes leverage to upgrade Windows XP machines," Castro said. "Most of our customers with Windows XP are usually running an older version of Office like 2003 or 2007."

It then becomes a matter of ROI math. An organization's per-seat costs -- OS ($200), Office 2013 Pro Plus ($399) and RAM upgrade ($60), plus Valor's labor ($200-$400) -- "will usually price out most small businesses through traditional licensing models," Castro said. "[The] Office 365 E3 plan includes Office 2013 for about $20 per month, making the licensing much more appealing."

While that still entails an OS upgrade, Castro did point to one global client that found a way to have its cake and eat it, too: Moving to Office 365 while continuing to maintain XP boxes in its production environment.

"Their IT department is extremely expensive and most of their day-to-day issues revolve around Exchange and Active Directory. With a migration to Office 365, their executive team of 50 users will purchase E3 plans that include their upgrade to Office 2013. The rest of the company, which is mainly manufacturing, runs older machines with XP as their primary OS," Castro said. The workaround: "These users will have E1 plans with no access to software, but are bypassing Office 365 desktop requirements by making those particular [employees] use Outlook Web Access through their browser, [eliminating] the need to use Outlook."

Using Microsoft-provided tools for calculating ROI, Valor IT estimated this strategy will save its client around $300,000 over five years -- some of which could be redirected to fund future hardware and software upgrades for the company's XP users.

"We try to use those savings as leverage to replace all the older PCs with new desktops running Windows 7 or newer," Castro said.

About the Author(s)

Kevin Casey

Contributor

Kevin Casey is a writer based in North Carolina who writes about technology for small and mid-size businesses.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights