Microsoft’s announcement that it will no longer support the Windows 7 operating system has serious implications for legacy users. So, we have put together everything you need to know about the situation, and tips on how to proceed for institutions using the system.
What does the end of support mean?
The Microsoft website states: “After January 14, 2020, Microsoft will no longer provide security updates or support for PCs with Windows 7.” This includes software updates and technical support.
While machines running Windows 7 will still work, any devices running the system that are connected to the internet are more vulnerable to cyber-attacks, due to their lack of security and regular updates.
How does end of support affect institutions?
The National Cyber Security Centre (NCSC) warns that ‘malware can spread much more easily on obsolete platforms because without security updates, known vulnerabilities will remain unpatched. As a result, it’s crucial to move away from them as quickly as possible.’
Richard Jackson, cloud security engineer, e-infrastructure at Jisc, advises that the safest option is to migrate from Windows 7 to a supported operating system, which will have the regular security patching and technical support. He says:
“The end of support means you don’t have an option to install security patches without substantial cost implications, and so problems can open up – whether through internal and/or external factors – with the issue only getting worse over time.”
Jackson also notes that Server 2008/R2 is at end-of-life (EoL) and should be upgraded to Server 2016 as a minimum.
To put this into context, according to Microsoft Inspire 2018, roughly 80% of all enterprise applications run on Windows Server. Of those applications, 70% still run on Windows Server 2008 or earlier versions.
What can be done about it?
Colm Blake, cloud solutions consultant, e-infrastructure at Jisc, suggests there are two main possibilities for action:
-
Upgrade on-premises – this option includes upgrading your servers and workstations to supported operating systems – at least Server 2016 and Windows 10 LTSC
-
Migrate to cloud – this option means that the products you use, including your operating system and server, will be updated regularly and serviced by required security patches
Jon Hunt, information security officer, strategy and corporate services at Jisc, also emphasises the importance of having an end-of-life plan going forward for devices and software that will no longer be supported. The NCSC guidance on this matter says:
"At some point, updates will no longer be available (as the product reaches the end of its supported life), leaving it fixed at an old version that does not have the latest security patches. This means you need to be planning to replace your devices and software so the new ones are ready to use before the support for older versions expire."
How can Jisc help?
If you’re unsure about how to start migrating or updating away from Windows 7, Jisc can help. Jackson suggests that end points (such as PCs, laptops, phones and tablets) may be some of the most vulnerable areas for education institutions, as they are potentially “open to untrustworthy parties or accidental misuse” due to the lack of physical security controls and entry points such as email clients/web browsers.
Jisc is a cloud solutions provider and can provide support for members interested in migrating to cloud services such as AWS or Azure.
Useful resources
Talk to an account manager about how Jisc can help migration and updating.
Find out about Jisc’s cloud and cyber security services.
No comments:
Post a Comment