Why it’s so difficult for the public sector to stay current on Windows software

For the second time this year, a major public service in the UK, Greater Manchester Police (GMP), has come under public scrutiny for running out-of-date software – specifically, Windows XP. In fact, the BBC reported that as many as 1 in 5 GMP devices are still running XP – an extraordinarily high proportion. Earlier this year, of course, the same outdated OS made the UK’s National Health Service the first standout victim of the devastating WannaCry ransomware attack.
Over the past 20 years, I have worked with hundreds of public sector organizations in both the U.S. and the UK, helping them keep their Windows systems current. I’ve noticed several common challenges faced by the public sector when it comes to this increasingly difficult challenge. (Some are of these challenges are also prevalent in the private sector, but not to the same degree.) In the public sector, main challenges to staying current are typically application compatibility, budgets and skills.

Application compatibility

Greater Manchester Police cited the incompatibility of some crucial applications with more recent versions of Windows as a key reason that it maintains Windows XP on so many devices.
No question, application compatibility is a crucial workstream when preparing for a Windows migration. If you think about a typical application estate for a typical organization, there will be a number of apps that only certain parts of that organization will use. Take finance, for example. They’ll probably have SAP, some add-ons to Excel, and other legacy applications. Some of those won’t be compatible with newer operating systems. This requires IT teams to ask some difficult questions: “Do we actually need this application? Is there a more modern and secure alternative? Can the app be virtualized? Can the device be ported to a safer operating system?”
If users really can’t do without the app, and can’t update it, then IT needs to consider excluding certain areas from the OS migration, and enhancing the security around those areas. This can mean steps such locking down firewall ports, so that viruses can’t land and use them as boxes to bounce off and propagate through.
Application compatibility is a challenge for every organization, public or private. In the public sector organizations I’ve worked with, however, such as government bodies and hospitals, there can be incredible budget and resource constraints that can discourage the process of confronting them, which means public sector IT teams put up with outdated software longer than most others would.

Budgets and skills

Often in the public sector, you’ll find IT departments that are staffed very thinly. Yet, these departments must be very widely skilled: they’re expected to support Configuration Manager, support and deploy applications, fix Exchange problems, address hardware faults, respond to malware incidents – the list goes on and on.
This naturally results in teams comprised of people with a lot of skill breadth but often not a lot of depth. This has several repercussions. One is that it can make OS migrations daunting. Another is that teams aren’t technically skilled enough to know how to automate certain facets of software updates – the very thing that could alleviate the demands on their time while also keeping systems more current and secure. The net effect of that is that these organizations get farther and farther behind on their migrations and on application patching as well, until suddenly they find 1 out of 5 of their devices are running an OS that is 16 years old and two years past end-of-life support.
Automation is the key, as doing anything manually through IT staff on each endpoint is prohibitively expensive. I sometimes wonder why senior IT folks struggle to realize this simple mathematical fact. If IT staff must spend 2 to 4 hours on each Windows machine during a Windows upgrade, then the project is going to be of significant cost in any sizable organization. Furthermore, in a typical organization in a typical year, nearly half of PCs are either rebuilt due to technical issues or because the hardware needs to be replaced. An investment in automation can reduce the time spent on most PCs to zero.

So how can public sector companies improve their ability to stay current?

So how can public sector organizations improve their ability to stay current on software? The first step is a software audit, to assess how many devices are out of date, and by how much. You can’t fix the problem until you know its scope. Some network configuration tools enable IT teams to do this quickly and easily – you may already have the tools you need.
Next, explore software update automation options – there are several available, and while they do require an upfront expenditure, they will save you money and a lot of time in the long run by helping to accelerate patching and OS migrations and most importantly reducing your exposure to attacks like WannaCry. You can’t put a price on breach avoidance.
The most crucial thing that needs to happen, though, is that senior executives need to mandate that software and operating systems stay current. A senior public-sector worker once told me, “In the public sector, no one is fired for following process” – meaning the outcome is less important than whether the official policy or process was followed.
Today, there is simply no mandate to stay current. There may be general guidelines, but no one gets fired (or even appraised) for not doing so. And then even if the will is there to do better, there is no public-sector benchmark that can be used to measure the organization against. While there isn’t any such benchmark in the private sector either (and perhaps there should be), in the private sector other business drivers often provide the stimulus to upgrade or stay current. The public sector needs guidance and motivation to meet its targets, rather than just appalled post-mortems when its software shortcomings come to light.

Source:www.computerworld.com

Comments

Post a Comment

Popular posts from this blog

Solar cars begin race across Australian desert

SYDNEY (Reuters) - The World Solar Challenge began on Sunday with 42 solar cars crossing Australia’s tropical north to its southern shores, a grueling 3,000 km (1,864 mile) race through the outback. The race from the northern city of Darwin to the southern city of Adelaide is expected to take a week for most cars, with speeds of 90-100 kmh (55-62 mph) powered only by the sun. The fastest time was achieved by Japan’s Tokai University in 2009, completing the transcontinetal race in only 29 hours and 49 minutes. Belgian team Punch Powertrain started first on Sunday after recording a trial time of 2:03.8 for 2.97 km (1.78 miles), hitting an average speed of 83.4 kmh (51.5mph). But reigning 2015 champions Nuon from Delft University of Technology in the Netherlands believes it has a good chance of retaining the prize. “All the cars look completely different (this year), and all we know is we’ve got a good car, we’ve got it running perfectly the last couple of days and we’re co
Read more

Sri Lanka Arrests Two Men over Taiwan Bank Hacking

Sri Lankan police have arrested two men for allegedly helping international criminals who  hacked into computers at a Taiwan bank and stole millions of dollars, an official said Sunday. The pair were arrested after they tried to withdraw large sums of money that had been wired to their accounts with a Sri Lankan bank branch in the capital Colombo, the official said. The police Criminal Investigation Department (CID) was working closely with  Taiwan counterparts to track down the hackers, who are said to have breached the Taiwan bank's computers last week. "We are looking at some $1.3 million that had come into three accounts in Sri Lanka," the official involved with the investigation told AFP, asking not to be named. "We have taken two people into custody and we are looking for one more person." Police in Sri Lanka did not disclose the name of the affected bank in Taiwan or the sum said to have been stolen, but a Sri Lankan media report said tens of m
Read more