Appian provides a low-code development platform that accelerates the creation of high-impact enterprise software applications – from idea to app in 8 weeks with a guarantee.
83 per cent of Windows computers within UK councils are still operating on the ageing Windows 7 system. Mat Clothier, CEO, CTO and founder of Cloudhouse, explains why this is a worrying statistic for councils, and what this means for the wider public sector
Recent research we conducted has revealed that a staggering 83 per cent of Windows computers within UK councils are still operating on the ageing Windows 7, despite the two-year countdown to the system's 'end of life' date now being underway. As Windows 7 will no longer be supported on 14 January 2020, this is a worrying statistic not just for the councils themselves, but for the public sector as a whole. Organisations cannot find themselves in a situation where they are running an operating system that does not receive security patches from Microsoft.
While the world of IT is constantly evolving, it is not uncommon for some systems to be left behind on legacy platforms: worryingly this can include business process applications. Organisations are struggling because the applications they wrote for their systems 10 years ago were typically written for the exact OS they were using at the time, rendering them incompatible with newer versions. This is an issue for government organisations who provide vital services to their constituents. Some may find that they are unable to move their apps onto a more modern system without initiating an expensive out-sourcing project, which can take many years to deliver. With budgets coming under tough scrutiny, the public sector generally does not have the time or money to spare.
What the numbers say
The freedom of information request we published last month looked into the use of Windows systems by UK councils, and received a total of 317 responses. It discovered that, despite 97 per cent of local authorities acknowledging that they are aware of the end of life date of Windows 7 in January 2020, nearly a fifth haven’t yet planned their migration away from what will soon become an unsupported operating system. Though many believe they will be able to complete a migration of their applications to Windows 10 within the two-year period, realistically the chances of being able to do so are low, given the migration challenges that have been experienced in the past.
Of the councils asked, 40 per cent stated that moving applications to a new operating system was the biggest issue they faced. While it is positive that many of the councils are aware of this being a major roadblock, the fact that they are yet to implement a plan that will resolve the issue is cause for concern. Most striking of all, the data also reveals that only one per cent of the councils have already completed their migration to Windows 10. The news that so many have yet to do so implies that they may not be as aware of the security risks of running these older systems. With the number of ransomware attacks on the rise last year, and predicted to continue in 2018, it is undeniable that councils should be looking to upgrade to the far more secure Windows 10 sooner rather than later. And if this is such a problem in UK councils, what does this say for the wider public sector?
Why you shouldn’t use Windows 7 for much longer
Organisations across every industry were shaken in 2017 by the number and intensity of ransomware attacks that left many, including the NHS, struggling to recover. WannaCry had a devastating impact globally, causing long periods of downtime even in the commercial sector. Initial reports blamed Windows XP computers that were still vastly in use, despite the support for this OS having run out several years ago.
However, research has since revealed that 98 per cent of the computers affected by the WannaCry ransomware were in fact running a version of Windows 7, while less than one in a thousand were running XP. How did this happen if Windows 7 is not yet at its end of life? Organisations simply did not keep up with the latest security and hot fixes, on an operating system that is less secure than Windows 10. Under-resourced IT teams in organisations can easily put off system patching, particularly when the critical applications may be affected because of downtime if things go wrong – but this simply defers the risk, and pain for later.
After all, councils provide vital services to constituents that often require 24/7 availability. But WannaCry has taught IT departments nationally, not just in the public sector, that something has to be done to help prevent an attack of this magnitude occurring again and affecting so many users. But if rewriting applications is too expensive, takes too long, or seems impossible, what else can be done?
The future of migrations for councils
There is in fact an alternative – one that allows organisations to easily move their bespoke applications without requiring code changes. The solution to all these problems is compatibility containers. Containers involve packaging up applications on their current operating system (such as Windows XP) and moving them in the container to the latest version(such as Windows 10). This enables businesses to benefit from the latest security features offered by Windows 10 or the cloud and continue to use the applications they rely on. Compatibility containers enable organisations to escape the constraints of their ageing operating systems through redirection, isolation and compatibility.
Although Windows 7 still has a couple of years to go before it represents the same level of risk as XP, the events of the past year indicate that organisations cannot be complacent with supported operating systems. The FOIA research that has revealed the state of UK councils’ IT systems reflects the extent of the wider challenge of migrating from Windows 7 to 10, and the statistics suggest this could be a prevalent issue throughout the public sector. If those relying heavily on Windows 7 don’t start putting plans in place soon, they could find themselves falling behind with their security, and will have to face the consequences; in the case of UK councils, disruption to IT services the country depends on.