When I joined Microsoft to run its Power and Utilities business almost ten years ago I realized that one thing had to change if I was going to be successful. We had to make our software more secure by orders of magnitude. After all, my team and our partners are providing software to run the most critical of critical infrastructures and at the time confidence in our ability to provide software that was resilient against the escalating cyber anarchy seemed like an unattainable goal.
Having been a CIO I realized that things had to change drastically and my peers in the industry wished me well at Microsoft but at the same time they were skeptical that I would be successful as they were losing confidence in Microsoft’s ability to provide them with reliable software that had resiliency against cyber-attacks. Make no mistake, this was a HUMONGOUS task as we realized it wasn’t just about patches and fixes but creating a culture of security for our products that was built into the core of all of our design, development, and deployment processes.
Starting with the famous Bill Gates memo that turned the company in a new direction, a culture of trustworthy computing was born and eventually the security development lifecycle (SDL) which has been key to our success and adopted by many other organizations. It’s been an amazing journey that continues to evolve as we continue to strive for unattainable perfection and our work was recently highlighted in an article “The Business World Owes A Lot To Microsoft Trustworthy Computing” and a story that we recently published called “Life in the Digital Crosshairs”. It’s a fascinating read that includes stories from our customer MidAmerican Energy and partner Itron.
This week an article appeared in a Wall Street Journal blog called “Windows XP in Utilities Could Mean Big Security Problems”. The article discusses the challenges Utility operators will face when we end support for Windows XP on April 8, 2014. After this time Windows XP users will no longer receive new security updates, non-security hot-fixes, free or paid assisted support options, or online technical content updates from Microsoft. Third parties may provide ongoing support, but it’s important to recognize that support will not address fixes and security patches in the Windows kernel and other core modules. This is in-line with Microsoft’s existing support lifecycle policy that has been in place since 2002. Windows XP was released in 2001 and while we have done a fantastic job of improving and securing XP with the SDL development process, it’s an operating system designed for a different era both in terms of functionality and security threats. It doesn’t support new business trends such as mobility and touch, and can’t match the features, reliability, security and speed of a modern operating system like Windows 8.1. Running Windows XP in your environment after the product’s end of support date may expose your data and information to potential risks. We have been working with customers and partners to help them migrate to a modern platform such as Windows 8.1 since we announced end of support for Windows XP to help mitigate the risks.
We have come a long way since 2002 and sometimes I think we don’t always get credit for the work we have done as perceptions linger that other operating systems and products are more secure. But, if you look at the facts you will see otherwise. I am proud to say the world really does owe a lot to Microsoft Trustworthy Computing. – Jon C. Arnold