Article

One month from today: 'XP Armageddon'?

In the scramble to upgrade or otherwise secure ATM operating systems, it's a smart move to consider other strategic IT options.

March 11, 2014

Windows XP end-of-life support is exactly one month away and currently 95 percent of ATMs around the world run on the soon to be outdated operating system. Surprisingly, only 15 percent of financial institutions are expected to react before the April 8 cutoff, according to a recent ATM Industry Association survey.

So, why is there so much reluctance from financial institutions to adopt a new operating system? According to a recent survey of more than 1,000 organizations, 42 percent of respondents cited budget as a major issue. This includes the banking vertical.

With approximately 420,000 working ATMs in the United States, upgrading is no small undertaking. While newer ATMs can be updated "over the wire," older versions require a manual upgrade, which literally involves sending expensive IT talent to remote ATM locations.

If the machine is not updated before April 8 and a vulnerability becomes known, it leaves the ATM wide open to hackers — and because security hot fixes will not be made available, it is entirely possible that no mitigation, besides a full upgrade, will be available.

More concerning is that vulnerabilities found on newer operating systems may also exist on XP. When these vulnerabilities are patched in Windows 7, they provide a roadmap to Windows XP access.

While Windows 7 is the logical upgrade path, some of the older machines may not be able to support the OS and need to be replaced altogether, causing the overall cost to upgrade to surge.

April 8 doesn't represent XP Armageddon, but it is the day that can end up costing a financial institution far more than expected — and not just in cash.

While an IT move this big may be overwhelming for banks to take on, the third party breaches and POS hacks in the news recently point to how detrimental an attack can be to any organization.

Regulations ensure that banks, not customers, will foot the bill of any theft. And it's clear — and somewhat concerning — that this industry in particular has been slow to react and make necessary changes.

As with any forced technological shift, the EOL of XP creates an opportunity for financial institutions to evaluate new, more strategic ways of working. One option worth considering is to virtualize ATMs and move all software and operating systems to the bank's (or service provider's) protected network.

The benefits, especially in the instance of ATMs, are numerous. Instead of storing data on physical computers, virtualization allows FIs to eliminate storage on local ATMs and store it in the cloud.

According to analyst firm Ovum, moving certain functions or applications to the cloud could help cut down damages and protect a customer's data if a machine is compromised.

Many already use cloud in some form and others plan on further integration to help cut costs and streamline processes in 2014. Cloud or VDI options as a long term investment would be a strategic next step as XP is dissolved, especially considering the frequency of new OS updates and the necessity for disaster-proofing and securing data at all times.

Virtualization might still require hardware changes (zero clients or more powerful PCs) and physical upgrades (OS lockdowns, virtualization clients), but when the effort has been made, the bank is in a significantly better spot to ensure that the next EOL will not cost (or risk) as much.

With time running out, it is critical for bank executives and IT managers to devise a plan that will provide for a seamless migration to a new operating system that will safe guard sensitive data without disrupting customer experience.

Organizations, including FIs, would be wise to develop security plans now and ensure they fully understand how the end of XP could affect their business if machines are exposed to malware after April 8.

They need to identify and prioritize key areas that would suffer the most if not upgraded and evaluate options — including a move to virtualization — that would allow them not only to expedite the upgrade process, but also to increase the potential for long-term cost savings, reliability and future-proofing for their infrastructure.

Evolve IP provides organizations with a unified option for cloud services. The company's cloud platform offers security, stability, scalability and lower total cost of ownership, and is fundamentally superior to outdated legacy systems. Tens of thousands of customers worldwide depend on Evolve IP for cloud services such as virtual servers, virtual desktops, disaster recovery, unified communications, contact centers, and more.

photo: ctbto photostream