Plan Net Logo

T: +44 (0) 20 7353 4313 | E: info@plan-net.co.uk

social media icons white twittersocial media icons white linkedin

migrationDo you remember Roger's bell curve? It asserts that for continuous innovation, the technology adoption life-cycle fits a bell-curve graph where acceptance of a new product or innovation tracks the demographic and psychological characteristics of defined adopter groups.

Do you remember Roger's bell curve? It asserts that for continuous innovation, the technology adoption life-cycle fits a bell-curve graph where acceptance of a new product or innovation tracks the demographic and psychological characteristics of defined adopter groups. At one end you have the innovators (2.5%) and at the other end the laggards (16%). Inbetween there are the early adopters (13.5%), early majority (34%) and late majority (34%). A quick scan of online sources suggests that the migration away from XP is now heading towards the laggard stage. According to Computer World April 02, 2013, Forrester and Gartner experts suggest 10-20% of enterprise systems will be using aged OS when support for Windows XP stops on April 08 2014. If I were to use only Roger's bell curve to make an educated guess, I would say on April 08 2014 it will be 16% +/- 4%.

Falling off the bandwagon of continuous innovation adoption, laggards only adopt when forced to. Doomsday prophecies of calamitous attacks by hackers, regulatory fines, and security exposure are insufficient stimuli. This group needs to see evidence. Journalistic articles that suggest running an out of support OS may breach the 7th principle of the Data Protection Act is not the same as presenting concrete examples of actual fines or legal cases where this has occurred with Windows NT, 95, 98, 2000, or Vista*. To a part of this group, marketing activities that continue along this path may seem increasingly desperate, an effort to rinse a stone - perhaps emphasising a lack of understanding of this group by marketers./p>

In fact, this group may definitely be worth understanding. There is some evidence that a percentage of laggards may leapfrog generations of technology to become early adopters**, or part of the early majority. If this is the case, I would expect this group to skip Windows 7 SP1 and begin uptake of Windows 8.1 in approximately 12 to 15 months from its launch date. This might not seem "early" given that Windows 8 has been around since October 2012 but in context, given the efforts organisations have gone through to upgrade to Windows 7 and given that we are dealing with target population percentages, I think it will be relatively early compared with the rest of the market. If your organisation statistically falls into this group, it would be great to learn what your plans are.

>Wherever your organisation sits on the bell curve, arguably there are two sets of core considerations that should be front-of-mind when weighing-up your desktop OS upgrade strategy. What is the top and bottom line impact? What are the managed and unmanaged risks?

You know your business; you understand the environment in which it operates, so it may have not taken you much time to decide that there is negligible top or bottom line business benefit to moving away from XP. To you, it quite simply represents an opportunity cost and your organisations' resources are better assigned elsewhere. Generic marketing messages will not sway you from this course; only a winning business case that is specific to your organisations' value chain can do that. Certainly something you have not seen before.

In contrast, dealing with the question of risks requires a level of technological awareness that spans several areas. This may be something that sits outside of your core business domain of expertise. Fortunately, this can be abstracted to some extent, or at least applied to a framework that enables more informed decision making. Coming to think of it, you have not seen a risk assessment either.

I would start by quantifying the risks; determine those you can manage and the probability and impact (specific to your business) of those that you can't. Assign costs for risk management strategies; assign costs for risks being realised and dealt with post fact. This will give you a high view of the landscape. High cost, high probability, high business impact areas will then require further analysis. The exact package of measures and extent to which they are implemented is something that needs to be proportional and appropriate to your business.

While you may have tuned out of one area, don't tune out of the big picture. The benefit of being a laggard in this context is that you have enviable levels of pragmatism that can propel you towards the lead of Rogers' bell curve. I would strongly recommend looking in detail at the potential exposure of business data considering Windows XP as an entry point to your network. A supported desktop OS is one line of defence in a much broader spectrum of measures that protects your data and network. My view is that it does not sit at the top of the list.

Consider my list below. Then ask yourself the following strategy-forming questions: What/what not? : Why/why not? : Where/where not? : When/when not? : How/how not?

  • Does your organisation have a security policy? Has it ever been audited?
  • Is there a firewall protecting the perimeter of your network? Is it been penetration tested to show that it's properly configured?
  • Are you running anti-virus software on your client and server hardware? Are the latest updates applied?
  • Are your servers running the latest OS with the latest security patches and hotfixes?
  • Is there a local firewall operating on the desktop OS?
  • Do you have system policies in place? Are your desktop builds hardened against attack?
  • Does your Windows XP run an up-to-date Internet browser, e.g. IE 8 removed and a mainstream third party product installed?
  • Are your devices encrypted?
  • Do your mobile users use VPN?
  • Do you have an "IDS" (Intrusion Detection System) in place to monitor and audit file access activity and network activity?

* Note that this statement is an opinion only and does not constitute any kind of legal advice.

** "Laggards in disguise: Resistance to adopt and the leapfrogging effect", Jacob Goldenberg and Shaul Oreg, Technological Forecasting & Social Change 74 (2007) 1272–1281, Science Direct, 2006 Elsevier Inc.