Microsoft’s support for Windows XP ends today, April 8, 2014. However, Gartner estimates that one-third of enterprises currently have more than 10 percent of their systems remaining on XP.
In today’s blog post, Neil MacDonald, vice president and Gartner Fellow, says the issue is not whether the continued use of XP entails risk. It does. The issue is whether the continued use of XP represents manageable and tolerable risk to the enterprise.
Mr. MacDonald said:
Any system, supported or not, carries risk. For the majority of use cases, XP can continue to be used with the risk managed to a tolerable level, without requiring the enterprise to pay Microsoft for expensive custom support while migrations are completed. While doing nothing is an option, we do not believe that most organizations (or their auditors) will find this level of risk acceptable.
If XP systems are continued to be used, Gartner recommends that organizations follow the 10 best practices below to reduce the risk of using these systems to a tolerable level.
If organizations do not implement these best practices, they could consider paying Microsoft for custom support if the enterprises’ risk tolerance is low, or if regulations require.
Detailed analysis on each best practice, additional best practices, and a discussion on XP-based embedded systems is available in the report entitled “Best Practices for Secure Use of XP After Support Ends” which can be found on Gartner’s website at http://www.gartner.com/doc/2701420.
Gartner analysts will share additional information on top security trends at the Gartner Security & Risk Management Summits 2014 being held June 23-26 in National Harbor, Maryland and September 9-10 in London.
More information on the National Harbor Summit is available at http://www.gartner.com/technology/summits/na/security/. Members of the media can register by contacting Christy Pettey at firstname.lastname@example.org. Additional details on the London Summit are available at http://www.gartner.com/technology/summits/emea/security/. Members of the press can register for this Summit by contacting Rob van der Meulen at email@example.com.
Information from the Summits will be shared on Twitter at http://twitter.com/Gartner_inc using #GartnerSEC.
Gartner, Inc. (NYSE: IT) is the world's leading research and advisory company. The company helps business leaders across all major functions in every industry and enterprise size with the objective insights they need to make the right decisions. Gartner's comprehensive suite of services delivers strategic advice and proven best practices to help clients succeed in their mission-critical priorities. Gartner is headquartered in Stamford, Connecticut, U.S.A., and has more than 13,000 associates serving clients in 11,000 enterprises in 100 countries. For more information, visit www.gartner.com.
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.