RealSecurity

Microsoft launched Windows 7 last week to mixed reviews from the security industry, but seemed to resonate a little better with the larger business community. Many of the perspectives of 7 are based not necessarily on what is new, but rather the differences from Vista, specifically less hardware requirements offering greater longevity for existing systems. But when viewed through the lens of evolving business IT strategies, one could see that 7 may be Microsoft’s swansong for the windows product line and act as the catalyst for dramatic changes in IT and security that are just now beginning to materialize.

First, it must be difficult for Microsoft to have launched a new OS virtually on the basis that its predecessor failed to meet expectations. Moreover, the valued attributes of 7 are pretty much based on how it’s better than Vista as opposed to introducing something new and compelling. Part of this is that the world is changing and even the concept of an operating system is changing. In other words, there are not a lot of new features in 7 simply because it is representative of the zenith of the role of the operating system as we know it. MS 7 is interesting, but arguably a polish on existing capabilities. From a security perspective, it’s generally acknowledged that 7 is better than Vista and demonstrates a meaningful direction for Microsoft.

One of the many talking points for 7 is that the hardware requirements are not as stringent as Vista elongating the life span for existing systems. Seeing that Vista was not adopted as much as MS would have hoped, in large part due to the hardware requirements, it is also reflective of the state of PCs and laptops. Seeing that many organizations did not upgrade to Vista to save on capital expenditure, it is likely that many systems in the field are aging. Even in the face of this, some reports estimate that up to 90% of existing business systems meet the minimum requirements of 7 as opposed to the 50% able to handle Vista when it was launched. These projections are a testament to MS’s intent on making upgrades to 7 more acceptable to customers than Vista. It is also reflective of how MS wanted to bolster the PC market with Vista, which failed catastrophically. In short, companies are not going to take on software and hardware costs just to run a new operating system. One can blame the economy, but in reality it is a shift in corporate spending culture.

The fact remains that existing systems are already aged. So while they may support 7 today, eventually they will need to be upgraded representing a long-term cost related to moving to 7, so MS is not clear from the Vista cost legacy. But it’s far more than this and when you begin to look at all the moving parts you begin to see that big changes are on the horizon.

So, to summarize, we have a lot of systems out there that support 7 today, but will need substantial hardware investment in the 3 to 5 year timeframe. It is also understood that the costs associated with supporting PCs and laptops increase substantially starting roughly around the 42 month mark, which many systems will be entering in the next 12-24 months representing a collision. In short, these are huge costs to the business.

But why does this make any difference now? We’ve seen this cost-spike in history many times when MS releases a new OS. Well, we didn’t with Vista and now we have cloud computing and an enormous amount of applications are being moved to the web – making the browser the predominant interface and placing less demands on the OS and more on the browser and network.

Now, within the context of business, many have gravitated to the concept of the cloud for reasons that include such things as cost, flexibility, and IT services that exist to support the business and not the other way around. But more importantly this was a Pandora’s box moment and once companies starting looking closely at IT they started seeing more than just trends, they started seeing a new future. Many organizations have outsourced their networks and systems to providers for years in an attempt to reduce costs and help to focus their energy on core business competencies. Some have also done the same with end-user systems, pushing them out to third parties for management and support. However, not a huge number of companies have pushed out end-user systems and regardless if they have or have not, they still own the end-user systems – so it’s still a cost and liability.

Companies are taking a hard look at who they are. Are they an IT company or a hospital, insurance, manufacturer, bank, drug, or retail company? Most have come to the conclusion they are not in the business of IT and as such are looking to shed that from their business holistically. Over the years I’ve heard this phenomenon called a number of things, but what seems to stick is the “University Model”. In short, the university model is taking advantage of the fact that employees have their own PCs or Macs and mobile devices that can be used for business purposes. It gets its name from students attending universities and brining their own systems to classes that have evolved to a point where a computer is required, blurring the line between a system for personal use and organizational use.

The advantages to a company are obvious: a stipend to an employee is far less than actually provisioning a system, employees are people too and want to use what they want to use, many business applications can be accessed using just about anything, and more and more employees are working virtually or on the road. This all ends up being a win-win. Companies have less IT headaches, less cost, and can focus more on their core business, and employees can use their own systems and mobile devices and get them virtually paid for. Sounds great… unless you’re Microsoft. Companies will move to 7, but not to the likes we saw with XP. More importantly, in abut 4-6 years when MS launches version 8, or 2015, or whatever, there will only be a handful of businesses that will care because all the others won’t have any end-user systems on their books. Of course, by then Google’s OS will be out, everything will be in the cloud and webified – the operating system as we know it will be very different.

I’m not suggesting MS is done, far from it. In fact, I see huge opportunity for MS. Not only in the server and virtualization space, but application development and cloud computing. When you look at cloud computing, it’s obviously more than virtualization; it’s provisioning, policy, tracking, charge models, etc. Arguably, MS is very well positioned to do these things. I see a bright future for MS – a new identity if you will - I just hope they are looking at the same place I am.

However, what I am saying is that the wave they’ve created years ago for faster and faster hardware to run bigger and bigger OSs has reached the shore. Companies not only want to spend less on IT, they don’t want to spend on IT anymore – ever. Companies will buy 7 and run it on aging hardware, and 7 will see success, but this has every indication it will be the last time. When it is time to upgrade that hardware, then companies will use it as the impetus for the final exodus from IT. End-users systems will be the responsibility of the individual, applications will be in the cloud, and the networks will be operated and managed by providers. Companies will simply have a bill to pay at the end of the month and it will be someone else’s problem. Well… everything but security. That’s for another post;)