Mar 11

Building A Business Case for Upgrading from XP

Me ‘n XP go way back …

Windows XP has been running for 12 years now. When it came out, George ‘W’ had just been sworn into office, Jeffrey Archer was starting 4 years at Her Majesty’s pleasure for perjury, and everyone would remember where they were when they heard about the Twin Towers.

Yup, 12 years ago. And that is a hell of a long time in the tech world.

Build a business case for upgrading from XP

XP is still very popular. Particularly, in my experience, with the charity sector. Its good, there is no denying that. Solid, reliable and dependable. But there are good reasons for this. Those annoying, nagging little updates that you always get, and three solid service packs. When you pay for software, half of what you spend your money on goes on the future care. The original Pro version came out in the States at $199, and if you bought it then, that’s just over $16 dollars a year for support and updates.

And as you are likely aware, come April this year, there will be no more support packs or updates, and Microsoft will be pulling their advanced reference guides.

The bad guys know this. And given its trenchant popularity, they will continue looking for those tiny little flaws that allow them access. And now there will be no-one to stop them. Even with the greatest AV and anti-malware software, a genuine exploit hits at the very architecture of the software and can often bypass these programs.

In other bad news:

If you are using Internet Explorer (and seriously, you shouldn’t be) the most up to date version you can run is ie8. This is “not a good thing”. Slow, vulnerable and practically inviting disaster.

Microsoft Security Essentials will only receive updates for one more year. It’s a good freebie, but you probably have other AV/anti-malware going, so 50/50 with that one.

As I found out recently, when people find an XP vulnerability, the results can be pretty bad.

So please, at the very least, make sure you grab whatever updates that you can while they are still available.

Building a business case:

Its hard for a lot of charities out there, so upgrading to a modern operating system (OS) is, on the face of it, hard to justify.

It’s harder to come buy Windows 7 now, and no-one knows how much Longer W7 Pro will be avbailable. Microsoft are piling all their hopes onto Windows 8.

7, while a jump from XP, was still familiar, whereas 8 seems to reek of a desperate attempt to be trendy and homogenise the whole PC and tablet experience.


You can still get 7, but I imagine it will become increasingly rare very quickly

So a business case.

First off, do you research – there are a couple of places that offer discounted software for charities. Do the maths. Check compatibility with whatever Exchange system you use on your servers, factor that in.

Make sure that your machines are capable of running the new software, if you are not getting new hardware at the same time.

The minimum requirements for Windows 8 are

RAM: 1 gigabyte (GB) (32-bit) or 2 GB (64-bit)

Processor: 1 gigahertz (GHz)

Free hard drive space: 16 GB (32-bit) or 20 GB (64-bit)

Calculate total cost of ownership- (TCO), per user, over a 5 year period. This is the minimum period you can expect the software to be maintained.

Add IT costs – installation, compatibility testing.

Additional software requirements. This could be a biggie. If you are running XP. You are probably running other shared software systems that are not compatible with newer operating systems. Get your IT guys to check (or us!).

Right – so those are your tangible costs.

Now the tricky part: the intangibles.

How long would it take you to do a complete system re-install for your organisation?

It depends on your back-up system, the number of PCs you have running and servers, and other software you have running.

Calculate the cost of having to go through all that work. Include time lost due to staff being unable to work, as a cost, as well IT support. Then evaluate the risk incrementally, starting at 0.1 in the first year.

So, over 5 years, we can state the risk of security vulnerabilities increasing as follows:

  • Year one : 0.1
  • Year two : 0.2
  • Year three : 0.3
  • Year four : 0.4
  • Year five : 0.5


And that’s being conservative, estimating that in 5 years time there is a 50% chance of catastrophic software issues using a system that will be, by then, 17 years old! So if total recovery cost is, for simplicity, £10,000, the total intangible risk cost for five year is:


  • Year one : £1000
  • Year two : £2000
  • Year three : £3000
  • Year four : £4000
  • Year five : £5000


So that gives us a total of £15000 risk exposure over 5 years, or £3000 exposure per year.


And remember to mention, that’s being conservative. It doesn’t include the risk associated with bank details being pilfered. Nor, if personal data gets stolen, fines for breaching the Data Protection Act.

I hope that makes sense, and I hope it helps you build a better case for upgrading soon.


The clock is ticking …