Microsoft finalized the end of life of the Windows 7 operating system on January 14, 2020. There are no more updates and in most cases Windows 7 will be replaced by Windows 10. For many IT professionals, the Windows 7 end of life has created a huge security hole for companies still running the old operating system.
How big is a hole? We estimate that around 50% of machines running Microsoft Windows in a business environment are still running Windows 7 or an even older version. These machines no longer receive the necessary security updates to ensure the security and compliance of the applications and the data they contain.
Windows 7 and earlier operating systems still exist, as apps that were designed to run on them are difficult to migrate to the next-gen Windows 10 operating system. Thus, organizations maintain old operating systems, keeping them in place to maintain the applications that run their business.
Now that Microsoft no longer releases updates for older operating systems, hackers are exploiting the vulnerabilities inherent in these unpatched systems every day. Here are some tips for security professionals and IT staff dealing with these end-of-life issues:
- Embrace next-generation cloud computing. Today, businesses know the cloud is the future of business software. As 32-bit computing gives way to 64-bit, we find ourselves at an inflection point with legacy systems and how they will move to the cloud. There will be no more security patches for Windows 7, leaving machines and applications vulnerable. Windows 10, the likely new destination for Windows 7 stores, runs on a 64-bit operating system. This next-generation compute will not support applications designed for 32-bit machines. IT staff face large-scale business continuity issues, leaving them with the choice of continuing to work with an unsecured operating system or recreating the application for modern IT using cloud services or web solutions. We understand that budgets are tight, but organizations cannot maintain safety in these new end-of-life conditions.
- Take control of your data. Gartner estimates that 99% of vulnerabilities exploited by hackers are already known to security and IT professionals. There is a huge wave of applications where security and IT pros know there are issues, but they don’t have the time or resources to recreate them in Windows 10. However, By centrally procuring and deploying solutions, developers can update their own applications and help the business maintain central control over security policies and data.
- Go after the IT shadow. Enterprises use shadow IT to recreate the experience of legacy applications, but in insecure online environments. For example, not all businesses are ready to go when it’s time to make a necessary operating system update or change. Existing 32-bit applications are very likely not to work on new, updated 64-bit machines. Often times the IT team doesn’t have time to fix it, or it’s just not in budget, so the sales team comes up with their own solution. They export the necessary data, import elsewhere, often to an insecure and non-compliant location, and get back to work. Millions of apps are exported to online cloud apps and when that happens the business has no more information or control over the data and security and compliance risks are open. If organizations install a centralized solution for modernizing and building applications without code, users can safely migrate their application to a modern application and continue working.
- look at the future. Make sure a scalable cloud application is deployed across the enterprise, so users can keep data secure, compliant, and under corporate control. By purchasing a cloud-based product that ensures the security and stability of your team’s applications, it also uncovers a huge data opportunity that was previously inaccessible. Legacy applications keep the data and its context on local machines, so by upgrading these applications to a lonely cloud application, all data is brought together in one place for future analysis, consolidation and innovation.
- Focus on application security. The business should have breach detection and login controls placed on all business data. This makes the organization’s valuable information difficult to access and eliminates any liability issues because the company has made a good faith effort to protect the data. Hackers often attack the application level. Once this happens, no security is attached to the app itself, making all attached data available. If the apps were connected to larger databases, it also gives hackers a gateway to that data.
While many companies are still using Microsoft 7 or earlier versions, now that its end of life has passed, companies need to stay flexible, review their options, ensure and maintain compliance, and update with the many controlled cloud applications in such a way. centralized available. It’s really important for organizations to focus. Many of the ransomware breaches and attacks we talk about in the news come from vulnerabilities in unpatched or outdated Windows systems. Migration requires a lot of work and a lot of cooperation between departments, but it beats the alternative.
James Ford, Chief Evangelist and Sales Manager, Intact
Want to know more?
Please login or register first to view this content.
Next article in Perspectives