Last month, Matt Barlow, Corporate Vice President at Windows confirmed it will begin prompting users still running Windows 7 to visit Microsoft sites to understand their options regarding the upcoming end-of-support date. Mainstream support ended in 2015 and the extended support date of 14 January 2020 – now less than a year away – is looming, putting pressure on IT teams to update their organization’s standard operating system.
When support ends, so does security
High profile data breaches, such as the NHS’s battle with the WannaCry malware in 2017, mean that the topic of cyber security has been thrust into the news. Never has the public been so aware of, and companies so scrutinised for, the damage ransomware can cause – it’s now regarded as one of the biggest threats to business. Many ransomware attackers can gain access to an organization’s network via weak, unsecured operating systems and take down their entire IT infrastructure.
During the mainstream support period, Windows 7 users were provided with security updates as well as new features and other complimentary support. While many of those benefits stop during the extended support period, security updates, bug fixes and patches are still included. When the support period comes to an end, so too do the security updates – leaving organisations at risk of hacks, breaches, and data leaks across their business.
Extending Extended Support
Microsoft offered customers the opportunity to upgrade to Windows 10 for free and, although Windows 10 market share has reportedly now surpassed that of Windows 7, it seems many users did not take advantage of the offer, nor are they prepared for 14 January 2020.
To help mitigate this, Microsoft have offered an extension on the extended support, with the Windows 7 Extended Security Updates (ESU) plan available for purchase from 1 April 2019. Sold on a per-device basis, Microsoft offer two flavours:
Windows 7 ESU for M365 – for those licensed for Windows Enterprise
Windows 7 ESU – for those licensed for Windows Pro
Pro tip: Although the name “ESU for M365” might suggest they are applicable only to those with licenses for Microsoft 365, the Microsoft Product Terms document states:
Windows 7 ESU…for M365 licenses may only be assigned to devices with active Software Assurance or used exclusively by users with Windows Enterprise or M365 SLs
In an effort to dissuade organisations from relying on this support extension, the ESU licenses double in price each year:
An organization licensed for Windows 10 E3, with 1,500 remaining Windows 7 devices, would pay: $37,500 in year 1, $75,000 in year 2, and $150,000 in year 3 – giving a total of $262,500 for 3 years of additional Windows 7 support. Probably not a wise financial decision for any IT team.
Attackers are targeting Windows 7
Tanmay Ganacharya, Principal Group Manager of Windows Defender Research explained that modern threats and older platforms don’t mix, and that Windows 7 simply doesn’t have the levels of defense that Windows 10 offers. This graphic, taken from the Microsoft blog post, shows the Ransomware encounter rate – that is, “the percentage of computers running the OS version with Microsoft real-time security that blocked or detected ransomware”. It’s clear to see that Windows 7 devices are being targeted over and above Windows 10.
- Taken from https://www.microsoft.com/security/blog/2018/01/10/a-worthy-upgrade-next-gen-security-on-windows-10-proves-resilient-against-ransomware-outbreaks-in-2017/
The bottom line is this: If your organization is running software that isn’t supported by any Windows version above 7 – irrespective of how business critical that software is – the software must be replaced or modified in its delivery to ensure it doesn’t become unsupported and therefore a security risk to your organization. As the cost of changing a business process or rolling out a new version of a piece of software can be high, other alternatives could be considered. For example, Microsoft is offering extended support for free as long as it’s redeployed within Azure. Deploying software utilising Citrix in Azure for application virtualisation, therefore, could be an upgrade alternative, and avoids the associated costs. Organizations should look to validate the costs of an upgrade against redeployment within Azure and procurement of Extended Support, evaluating not only software and online service costs but also consultancy and migration costs.
Software Asset Management and your upgrade plan
If an IT team doesn’t know what’s deployed, it can’t know what needs to be upgraded. Software Asset Management offers visibility of the entire IT estate, so identifying devices and their current state – including what’s deployed, how it’s used, and its operating system requirements – any further necessary upgrades will also become apparent.
A Windows upgrade could also be an opportune time for a license review – for example, would user-based Windows licenses be more cost-effective that device-based? Equally, using SAM to keep track of post-upgrade license consumption to prevent over-licensing will help protect precious IT budget, which could go some way to covering the potential costs associated with the new “Windows-as-a-Service” delivery method of Windows 10.