The end of Windows XP, IT governance shows the way forward

Wednesday, 23 April 2014 - 5:30pm IST | Place: Mumbai | Agency: dna webdesk
  • Windows-XP Windows XP (AFP PHOTO)

On April 8, Microsoft ended support for Windows XP. They urged people to migrate to their newer operating systems particularly Windows 8.1 citing enhanced security, higher mobile workforce, higher user productivity, and a lower total cost of ownership through improved management capabilities.

The end of support for Windows XP has global consequences and there will be several challenges to the IT sector due to this change.

 Sandeep Godbole, a member of ISACAan independent, nonprofit, global association, which engages in the development, adoption and use of global knowledge and practices that deal with information systems India Task Force spoke to dna and shed some light on what this change might mean on a global scale.

What does one mean by end of support for Windows XP? How will this affect enterprises across the globe?

A much respected teacher at school distinguished characteristics of a good student: The good student is not always more intelligent than others, the good student is aware, better prepared and ready.

These words of wisdom flashed in my mind when a professional acquaintance mentioned to me the nightmare that some organisations will go through with the end of support to Windows XP. Microsoft has ended its extended support to Windows XP on April 8, 2014. This event was already expected and anticipated as it was announced much in advance. Those who find themselves in a quandary today have probably ignored or not acted on this piece of information that was already anticipated years.

Let us first question whether ‘end-of-support’ is something significant enough to lose one's sleep over. Imagine yourself touring in a car whose spare parts are not available and which no mechanic is willing to touch. Would you be concerned in this scenario, you definitely would! So long as the car is running, things are fine. If it breaks down, you are in serious trouble. Similarly software like Windows XP whose extended support has come to an end, will continue to run, however if service or security issues are encountered, Microsoft will not fix them. This has huge risks in the interconnected world. A known security flaw that is discovered and that remains open presents a huge opportunity for malicious hackers. Running unsupported software is thus a big risk.

Why was there the need to end support for Windows XP? 

Why do IT products and software have an end of life? Would it not be better that products be supported forever? These are good questions but require a detailed discussion. The product companies mention that innovation and enhanced products are what they and their customers strive for. It therefore becomes unviable for them to expend their energy on supporting older products with a dwindling market share. Without getting into any debate let's understand the reality that commercially supported Operating Systems (OS) typically have an average age of about 10 to 12 years from availability to end of support. The end of support is also made known quite a few years in advance and therefore it is in the interest of the customer to plan for the eventuality in advance.

What are the possible challenges in selecting or implementing a new OS?

The solution offered by companies to beat the end of life of their OS is to upgrade to a supported OS. That’s easy isn’t it?  Well, actually it may not be, if not planned well.

Firstly, moving to the supported OS requires you to purchase the OS and that costs money. Secondly there might be dependencies. For example certain existing software say a camera driver, an accounting application may not be supported by the new OS.  In a scenario where information is stored in a database that is not supported by the new OS causes serious issues. The choice seems to be, either upgrade to the new OS and forfeit the database or continue to use the old operating system that is no longer supported. Either way it’s a loss.

Scenarios like these pose tough questions and demand a solution. It increasingly dawns on us that there is no quick fix or point solution. It is then that we realise questions posed by technology do not always have technology solutions. Rather, the solutions seem to point toward an optimal approach that involves multiple factors and objectives. They require a framework that helps us to plan, review and monitor all major issues wherein all the risks and decisions related to technology become apparent. Investments, new technology, deployment, support, technology benefits, security all seem to be a part of a chain that is related and dependent on each other. An approach that looks at all the relevant factors in an integrated manner and provides a framework to institutionalize the relevant processes is what constitutes IT Governance. It is this approach that looks capable of answering larger questions from the IT space.

What is IT Governance and how does it ensure seamless functioning of IT across the organisation?

IT Governance has been globally recognized as an essential management and governance practice that organisations need to adopt. IT Governance is built on the assumption that investments as well as commissions and omissions related to IT have a deep and long term impact on the cost, business value and risk.  It is therefore important to govern IT and manage it well. Good governance over IT ensures that IT is aligned to the needs of the organisations and delivers the expected value. This would be possible only if the risks, IT costs and resources are managed in an effective manner. A review and oversight mechanism to ensure that these objectives are met is also an important component inherent to the concept of IT Governance.

How does IT Governance enable organisations to prioritize processes so they can avoid issues similar to end of Windows XP?

An organisation having appropriate IT Governance practices would have, in a timely manner identified issues related to the impending end of support scenario related to XP. Decisions related to upgrades would then have considered multiple factors like asset life, organisational risk, benefits and value, resource requirements, performance issues and much more. IT Governance is not merely about taking decisions but ensuring that processes necessary to sustain efficient, effective, secure and reliable IT services are available within the organisation. Not only would the decisions related to XP migration have been taken but also decisions on whether to upgrade or replace applications and hardware that run or are dependent on XP.

What are the best practices offered by IT governance framework such as COBIT, which helps organisations to choose the right technologies and platforms to be deployed?

The COBIT 5 is a framework that supports IT Governance. The Framework has defined Governance Processes and Management Processes necessary for the Enterprise IT to function and add value to the enterprise while minimizing the risk. Organisations implementing such framework are better placed to manage the entire IT life cycle and related activities in a holistic manner. It ensures that not only are the technology but also the strategic and governance aspects of IT are addressed.

How are IT professionals with CISA, CISM, CRISC or CGEIT certifications equipped to efficiently manage their IT environment?

Implementing IT Governance calls for an open mindset where IT is looked as a valuable enabler. Only when it’s value and significance is understood will it lead to participation. Professional certifications like CISA, CISM, CRISC and CGEIT play an important role in educating professionals about IT Governance. IT Governance not as a point solution for resolving specific issues but provides a framework to build the capabilities, resilience and maturity with respect to the Enterprise IT. It enables organisations to ensure that IT creates value for the organisation while addressing the risks and concerns.

(ISACA ​is an independent, nonprofit, global association, ISACA that engages in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information systems.)




Jump to comments