Windows XP Zero Day Approaches and You’ve Made Zero Progress

As April 2014 approaches, it is those organizations who haven’t upgraded from Windows XP (and Office 2003) for whom the bell tolls.

With only a month to go, if you haven’t started the process of upgrading then you probably have a good reason why. Whether its propriety applications that haven’t been brought up to current compatibility standards, budget issues, or some other rational explanation you still have to come to grips with the reality of the situation. Your organization has to migrate – soon!

Now, there are a few strategies (check out this recent article in InfoWorld) to help underwrite your self-insurance policy against security vulnerabilities (frankly it’s all about security – XP and Office 2003 will keep on running, just not as securely as prudence would require) such as beefing up your existing security protocols and being hyper-vigilant, isolating XP-dependent applications in a virtual machine (in essence, creating your own corporate version of Jurassic Park), or removing as many unsupported applications (like IE 8) as possible.  However, none of these will provide a viable, long-term solution to delay the inevitable upgrade.

So, where do you go from here?

Like any project, it all begins and ends with proper planning. Now is not the time to cheap out on assembling a solid project team to assess the risks, define the scope, establish a budget, coordinate resources and get the ball rolling.  Despite the desire to get going and start the project now, it would be foolish not to go through a proper planning process, especially if the project is accelerated.  Condensing a project that is not well thought out is a recipe for disaster.  All projects, big or small, have risk associated with them and the role of any project plan is to reasonably mitigate those risks. Understanding the effort required is going to be critical.  Keep in mind, hours of effort are not impacted by shortening the project duration.  They are merely pushed vertically along the project timeline by either working longer days or adding more bodies to the project.

As they say, the effort is the effort and a failure to plan is a plan for failure. By skipping or skimping on project planning means you’ve effectively laid booby traps for your organization along the way.  The real surprise is that you won’t know if they are small traps or mission critical traps that could put your organization further at risk.

As a company that helps enterprises around the globe mitigate their data risk, we have been brought into projects either really late in the planning phase or at some point during project failure. Some think that’s a good thing for our organization as we are certain to get a software or services deal out of it. Unfortunately, that is not how it works.  Even if you ride in on the white horse to help save the day, the battle might already be lost.  Often, budgets are locked at the outset of the project, so coming in with additional costs late in the game means that people look bad and there’s likely not a lot of extra monies floating around.  Since we are a for-profit company, it can make for a difficult discussion regarding how much our help will cost. We generally don’t reward poor project planning with a discount. At the same time, we do genuinely want to help organizations get their projects back on track.  One hundred percent of the time our team wishes that the customer brought us in earlier. Late is better than never, but late is never good. Compound that with a condensed timeline and the issue is magnified.

So, what’s the lesson here?  Well, if you waited this long to migrate from Windows XP or Office 2003, then your best bet is to engage some good project planning.