Don’t Get XPloited: Mitigating Network Security Risk for Mobile Workers
Not 30 days after Microsoft ended support for Windows XP on April 8, 2014, the company was forced to address a zero-day vulnerability in Internet Explorer 6 through 11 that was so critical that it made an exception to its new no-support-for-XP policy. The flaw allowed attackers to execute code remotely on a compromised computer if a user simply viewed an infected Web page using IE. The risk was so serious that the Department of Homeland Security warned people not to use IE until the problem was fixed.
It’s only a matter of time before another critical Microsoft vulnerability is found and exploited. But there’s no assurance that Microsoft will address the issue for XP customers the next time—even if a customer opts to pay Microsoft’s hefty price for custom support. Nor does Microsoft mince words about the dangers, noting that customers who stick with XP are extremely vulnerable to exposure or destruction of business information by malware.
There’s a Surprising Amount of XP Out There
It’s astounding, but XP still runs one-third of the world’s PCs. That’s more than 500 million laptops and desktops in homes, schools, government agencies, and businesses.
There are many reasons that millions of people haven’t ditched the 13-year-old operating system. Some simply weren’t aware; they missed Microsoft’s marketing blitz warning them that XP support was ending. Others couldn’t justify the cost of buying and installing new hardware, operating system, applications, and essential utilities like backup, antivirus, and VPN. Microsoft’s misstep with Vista made many people question the once-sacrosanct Microsoft upgrade cycle, and Windows 7 and Windows 8 didn’t hold much more allure. Some organizations have applications that won't run in XP Mode within Windows 7 or Microsoft Enterprise Desktop Virtualization (MED-V). For others, XP is part of a specialized computer or embedded system on the manufacturing floor, in the warehouse or in an industrial environment.
Whatever the reason for sticking with XP, the reality is that hundreds of millions of XP desktops and laptops are a treasure trove for cybercriminals looking to steal high-value information or expand their botnets for spam, advertising click fraud, bitcoin mining, or other nefarious activities. Continuing to use XP could put an organization’s compliance status at risk, as these regulations typically stipulate that operating systems have up-to-date patches and protections. And if your organization handles customers’ payment-card information on an XP device, you are definitely in violation of the PCI DSS standard.
Your XP Migration Plan: Prioritize Remote and Mobile Workers
Migrating off a legacy computing environment like XP is a resource-intensive project for IT managers, who are already overworked and dealing with newer priorities like mobility, cloud services, and collaboration applications.
With IT resources finite, it makes sense for IT to prioritize the migration of old XP computers as high, medium, and low risk. Start with the highest risk category—mobile and remote workers using XP laptops and desktops. The risk is lower for the XP machines inside your corporate network, which are afforded a measure of protection by your firewall and other perimeter defenses. But when your people travel with an XP laptop or connect to your corporate network from that old XP desktop at home (or their parents’ house), the risk escalates. Every connection to the Internet is another opportunity for compromise.
There are a lot of old machines out there that won’t be able to run a new operating system. When companies are investing in new machines, it just makes sense for IT pros to take a good look at their remote access network as well. The timing is right.
How Cloud Networking Can Help
Your XP migration plan should not only include the particulars of a new operating system, applications, and utilities, but also it’s a good time to retire that decade-old VPN client. Since you're investing all that time and expense in upgrading to a modern OS, why not upgrade to a modern remote network access solution in the process. You can deploy a cloud network for less money than you're paying for maintenance on your current VPN solution and works seamlessly with it, so you can upgrade on a machine-by-machine basis.
A cloud network will give your mobile and remote workers a modern way to connect to their applications and files, whether they are behind the firewall or in the cloud. People find that VPNs don’t work the same way across all of their devices, and that means fiddling with connection settings and then toughing it out on a connection that seems to drop at the worst possible moment. Cloud networking is an easier way to connect and assure mobile network security for your business.
With Pertino, you can create a secure, optimized cloud network in minutes, add people and devices instantly, and deploy network services on demand. No matter where your people are, they will have simple, secure access to their files and applications, whether they’re behind the firewall or in the cloud. They’ll have fast, secure LAN-like connectivity between their devices without a complex setup or connection hassles. With Pertino, your people get the easy accessibility of the Internet, while IT can be confident that it has the control and security of a private network.
A Pertino cloud network:
Provides strong AES 256-bit, device-level encryption to protect your high-value information and IT resources.
Uses a private address space that is cloaked from the public Internet and gives you front-line protection.
Features a system-administered, closed-loop certification authentication service that simplifies deployment and reduces human error.
With a Pertino cloud network, IT staff can see where users’ devices are located at any moment. If the need arises (e.g. a machine is lost or stolen), you can instantly perform a remote wipe to remove all network authentication and access, and protect your organization. In addition, traffic is encrypted, which protects valuable data and reduces the risk of being sidejacked at public Wi-Fi hotspots.