One in seven public sector computers still running Windows 7 - CRN FOIs
Despite extended support ending today, many public sector organisations have swathes of machines running Windows 7 as they struggle with budget constraints and migrating legacy applications, CRN FoI requests reveal
Some 14 per cent of public sector computers are still running Windows 7 despite Microsoft ending support for the operating system today, according to Freedom of Information (FOI) requests made by CRN.
The popular operating system finally reached end of life today, following a lengthy campaign that has seen Microsoft, PC vendors and partners urge customers to migrate to Windows 10 or suffer an increase in the risk of cyberattacks on outdated systems.
At the end of last year analyst NetMarketShare estimated that 32.74 per cent of machines globally were running Windows 7, second only to Windows 10 (47.65 per cent).
The government's National Cyber Security Centre has warned users to not even access their email accounts on Windows 7 devices from now on.
"The NCSC would encourage people to upgrade devices currently running Windows 7, allowing them to continue receiving software updates which help protect their devices," it said.
"We would urge those using the software after the deadline to replace unsupported devices as soon as possible, to move sensitive data to a supported device, and not to use them for tasks like accessing bank and other sensitive accounts.
"They should also consider accessing email from a different device."
The public sector has fallen under intense scrunity when it comes to keeping operating systems up to date, particularly after the WannaCry attack in 2017 crippled many public sector bodies that had not kept their machines up-to-date.
Despite this, some 14.3 per cent of computers in the public sector have not yet been migrated to Windows 10, at least among the nearly 300 public sector bodies across the NHS, local government and universities that responded to a CRN FOI request sent in December.
Around two-thirds of the 94 NHS Trusts that responded said they have not completed their Windows 10 migrations, with some 46 per cent of machines still running on Windows 7.
A number of NHS trusts, however, told CRN that they have the option to continue receiving security updates from Microsoft, as part of a huge Windows 10 migration deal with Bytes Software Services.
Bytes managing director Neil Murphy told CRN that the migration has passed the halfway mark, revealing that the process is different to those carried out in the past.
"Windows 10 isn't the same as the Windows migrations of the past where you are just moving across to an updated kernel bundled together with a shiny new feature set," he said.
"With Windows 10, everything is different. How you deploy it, how you patch it, how you manage it, etc."
Murphy also said that NHS trusts that have already deployed Windows 10 are seeing costs savings, despite the cost of the migration.
"It demands a relook at policy and methodology around key processes such as security, identity, access, data protection, patching, and so on," he added.
"Our customers are quickly realising the inherent value of it over and above it being the latest desktop OS with the additional security capabilities baked into the OS.
"NHS organisations are seeing an almost immediate saving by switching from legacy third-party single-point solutions to the premium features of Windows 10."
What does end of support mean?
Microsoft ended what it refers to as "mainstream support" for Windows 7 on 13 January 2015. During mainstream support Microsoft provides security updates, patches, feature development and complimentary support.
The vendor then moved Windows 7 into extended support, during which it provides security updates and patches. This period has now ended, meaning Windows 7 will no longer receive critical security updates from Microsoft.
According to the vendor, "if you continue to use Windows 7 after support has ended on 14 January 2020, your PC will still work, but it may become more vulnerable to security risks".
The data received from universities showed 45 of the 84 institutions that responded to CRN's FOIs have yet to complete their migration from Windows 7 to Windows 10.
Meanwhile 72 universities broke their data down further. These universities run 460,923 devices between them, with 35,168 still running on Windows 7 - equating to around eight per cent.
In local government organisations, around 15 per cent of machines in local authorities are not yet migrated to Windows 10, data from 79 bodies revealed.
These authorities hold a total of 252,016 Windows-based devices, with 38,390 not yet running Windows 10.
A number of the organisations that responded to CRN said that they would be keeping machines running unsupported operating systems, including Windows 7 and XP, offline to mitigate security risks.
Mark Lomas, solutions architect manager at Probrand, said that while this form of security works in theory, it is harder to implement in practice.
"The area we get into with these extremely old computers like Windows XP - and indeed Windows 7 as that starts to progress into an end-of-support stage - is that people will identify the risk of having old and unpatched machines, and look at elements of risk mitigation," he said.
"One of the things that people will look at for risk mitigation is that they will not connect it to a network to ensure that the vulnerabilities cannot be exploited in that way.
"Obviously isolation and air gapping from the rest of the world is fine, but the issue is that the road to hell can be paved with good intentions. You need to make absolutely sure that mitigation is strictly adhered to.
"Someone could come along and plug in a network cable to download some software, or plug in a USB stick. the moment you start watering down mitigation is when cracks start showing in security."
How extended security updates work
Despite 14 January being touted as the ultimate end of support for Windows 7, Microsoft has offered a reprieve to businesses not migrated in time via extended security updates (ESU).
Businesses can purchase ESU for $50 (£38.48) per device running Windows 7 Pro and $25 for devices running Windows 7 Enterprise via Microsoft Cloud Solutions Providers. These prices are for the first of three years of ESU, rising to $200 and $100 per device respectively in the third and final year.
Only the Pro and Enterprise versions of Windows 7 are eligible for this support.
Businesses with Windows E5 or Microsoft 365 E5 licensing agreements are eligible for free ESU for one year.
ESU may be seen as a welcome relief to some businesses that have not migrated to Windows 10, but these updates are just a case of delaying the inevitable, according to Mark Lomas, solutions architect manager at Probrand.
"It can be quite costly to pay for that kind of service.
"If you're talking to public sector organisations I suppose the biggest question there is, are you utilising your budget in the most effective manner you possibly can by paying for Windows 7 to continue to be in operation, rather than just getting on with the job of migrating to Windows 10?" he said.
"It seems like it is quite an extra cost burden to expect the public sector to swallow. Ultimately the taxpayer is paying for the continuing use of an old, outdated operating system that is insecure and should have been moved off a long time ago. They are spending money to stand still.
"There is always a cost to maintaining an IT environment, but once it gets to the point where the cost of standing still is starting to escalate, you are obviously paying for obsolescence.
"The idea that you are leveraging your pre-existing investments and saving money starts to go out the window. You're not saving money by keeping what you've got; it is actually starting to cost you money."
Not just about security
Cybersecurity has understandably been the main marketing driver for encouraging businesses to migrate to Windows 10, but Probrand's Lomas said that functionality should play a part in the transition as well.
"There are other elements to this," he said. "People are seeking technologies that provide different benefits and capabilities for their organisation. A lot of those challenges and the solutions that Microsoft comes up with start to be baked into the operating system.
"As organisations look to modernise, if you're not using the latest operating system you are going to miss out on those advantages and capabilities - so I think it goes beyond the security angle, but that is what most people focus on at a time like this."
Unhappy apps
Andy Dunbar, technology services lead at SoftwareONE, said that legacy applications are likely a big contributor to the delay of some public sector bodies upgrading to Windows 10.
"I've worked with the public sector for quite some time and it isn't a surprise," he said. "It's a case of déjà vu from what happened with Windows XP. Historically a lot of public sector organisations tend to struggle, mainly down to the applications they wrote 10 or 12 years ago that haven't been upgraded.
"They were built specifically for the OS and there hasn't been much investment in those apps; they start to constrain development".
Dunbar said that the cost of redeveloping apps for a new operating system adds more expense on top of the migration itself - particularly as some of these applications have not received any recent TLC.
He added that many public sector IT teams struggle for visibility of the applications that are running on end-points, and in many cases some programmes are only being used by a handful of people in an organisation.
However, he said that this visibility is improving as organisations establish which applications can be moved to the cloud ND which can be bought on as-a-service models, therefore preventing them from hampering OS upgrades in the future.
"Not doing anything with the applications over the last few years has put them in a bit of a challenging position," he said.
"What hasn't helped is that a lot of the core app vendors haven't been particularly forthcoming in support them.
"But some of them have started to create their own SaaS-based systems and that is forcing some of the public sector organisations to do something, whereas before the vendor wouldn't do the reengineering so it became a capex cost."
Virtually secure
Microsoft has also used the end-of-support date as a way to plug its Windows Virtual Desktop (WVD) offering, which was rolled out globally last year to much fanfare from partners, according to SoftwareONE's Dunbar.
WVD is a remote desktop as a service that lets users deploy and scale desktops and apps in Azure, meaning they are not stored on machines.
Microsoft will be providing free ESU support to customers using WVD for the full three years that the extended security support is available.
The vendor said that customers can virtualise their desktops to continuing using legacy applications built on Windows 7.
SoftwareONE's Dunbar said: "Windows Virtual Desktop is still relatively new and the public sector doesn't want to be at the cutting edge, but certainly some of our customers are doing pilots.
"Quite a lot of customers have Citrix and [products from] the VDI vendors which is quite costly, but if users have decided to go into an Office 365 strategy and are looking at Azure to use as a platform for the workloads, then Windows Virtual Desktop is a ready-made option. Add in the fact that they don't have to pay for extended support, then it is an option.
"I'm not saying that everyone is moving, but a lot of people are talking about it."
The forgotten (or ignored) OS
Given the buzz around migrating from Windows 7 to Windows 10, it is easy to forget that Windows 8 ever existed.
The much-maligned operating system was released in 2012, with 8.1 following a year later and given as a free upgrade.
But the operating system, which saw an overhaul of the look and feel of Windows, was quickly labelled a failure, and followed up swiftly by Windows 10 two years later.
Mainstream support of Windows 8.1 came to an end in January 2018, with extended support set to end on 10 January 2023.
But it would be wrong to expect a similar furore around migrating from the forgotten OS. According to NetMarketShare, Windows 8.1 accounted for a 4.09 per cent of the market in December 2019, with Windows 8 at 0.69 per cent.
A handful of public sector organisations indicated in their FOI responses that they were in the process of migrating from Windows 7 to Windows 8, but Probrand's Lomas said that he has not seen any examples of this, particularly with Windows 8 having only three years of support left itself.
"Windows 8 was one of those operating systems that, unfortunately for Microsoft, did not gain a huge amount of popularity and is now one of those things that has been brushed under the carpet by Microsoft," he said. "It's the operating system they'd rather forget."