Due to the out-of-date security that Windows 7 will provide compared to the latest operating systems, companies choosing to stick with Windows 7 after its End-of-Life could be at higher risk to cyber attacks.
Another major pitfall that these companies will experience is the cost that will come with needed support, having been offered by Windows for free previously.
Microsoft are expected to charge Windows 7 Enterprise customers $25 per device, and Windows 7 Pro customers $50 per device, up until January 2021, after which costs will rise over the last two years of the extended support’s duration.
Enterprise users will be charged $50 per device in year two and $100 in year three, while the support price for Pro users will rise to $100 in year two and $200 in year three.
Research by Cloudhouse has found that 96% of the UK’s FTSE 100 and 250 companies are still running legacy applications on Windows, and Cloudhouse CTO Nick Coleman, says that compliance could also be a factor that these firms need to consider.
Don’t just check that box. What if regulatory compliance actually enhanced business innovation and performance
“I’d like to think that organisations who have compliance requirements for whatever reason don’t have the same dependency on Windows 7,” he said. “So you would like to think that regulated industries such as financial services or healthcare, would have already made the move away because they would be out of compliance if they were not on supported platforms.
“So the first thing is that organisations need to look at their corporate risk profile and their compliance profile and ensure that they’ve got a solution to that issue.”
The issue of security
Coleman went on to address the vulnerabilities that continuous Windows 7 users could experience from today, even if the operating system is only being used minimally, stating that “as time goes further on, that risk increases”.
Top security risks in digital transformation – and how to overcome them
He explained: “You can argue that yesterday they were covered and supported, so the threat and vulnerability today and tomorrow is quite low.
“But you can imagine that in six months time, bad actors in the market and the and the world will be looking to find those vulnerabilities, and those operating systems will have that six month period where they have no protection against them.
“Effectively, the bad actors will have done more homework and got smarter and clever about attacking those vulnerable machines.”
Further insight into security issues for companies continuing to use Windows 7 was also provided by Carl Wearn, head of e-crime at Mimecast.
“As Windows 7 remains in use across many organisations at present, people should be aware of the increased vulnerability which this OS will now experience as it is no longer supported,” he said.
“Ensuring good cyber hygiene and the use of fallback facilities, as well as ensuring the updating of a good antivirus solution, becomes even more critical to an organisation if it continues to use an unsupported OS.”
Possible solutions
Cloudhouse CTO Coleman put forward a way to protect Windows 7-based system components physically, and also suggested a possible “permanent fix” to vulnerabilities.
“(Companies) could isolate those Windows 7 environments from all external environments from now on,” he said. “If they are legacy reporting app of some sort, you can literally take it off the network, and protect it in a physical sense.
“The other types of options you can use is companies like such as ourselves, where we will take a legacy Windows 7 application, and we will put it inside our compatibility container and allow you to deploy it on Windows 10.
“That will allow you to live with that legacy application as long as you wish. That’s a viable solution that we are seeing in many markets, both for desktop and servers that are running out of extended support.”
Wearn, meanwhile, added: “Making sure users are aware of the increased vulnerability of their system and the steps they can take to help ensure its security, including the use of strong passwords, will likely go a long way towards maintaining the security of any network yet to be updated with a newer OS.
Is it time for businesses to nudge us towards the death of passwords?
“In any case, this advice should always be followed even on newer, supported systems.”
Ultimately, however, it may be best for companies to migrate to Windows 10, with the benefits potentially outnumbering the pitfalls, says Tim Brown, VP of security architecture at SolarWinds.
“Above all, it’s important not to see Windows 7 coming to the end of its life as a negative event,” he said. “It’s an opportunity for businesses to transition to a more secure and superior OS.
“While many will be panicked into upgrading because they fear a security incident, it’s important to recognise the benefits- better efficiency, increased user-friendliness, and faster apps.
“Avoid thinking that ‘if it isn’t broke, don’t fix it’, an attitude to software that simply doesn’t work in the long term.”