The countdown is on. Last November, Microsoft Corporation announced that support for its 12-year old Windows XP operating system will be
discontinued from 8 April 2014 so we are now just six months away from D-Day.
Windows XP Professional established itself as one of the most popular Windows operating systems. It has been proved to be notably more stable and robust than its predecessors, and its graphical user interface has been well-liked. Reports indicate that XP usage is now declining rapidly across the globe, as users migrate to Windows 7 or 8; but there is still a substantial number of XP Professional users out there somewhere, and some of these are surely to be found in corporate treasury departments.
Users of XP Professional, conscious that the plug will soon be pulled, should surely be aware of the theoretical implications of the forthcoming support withdrawal. Moreover, they should be planning or taking appropriate steps today to secure their technology platform for a critical financial function such as treasury management.
Why Should Corporate Treasurers Care about Operating Systems?
Sensitivity about operating systems does not rank highly among the hot topics for discussion by corporate treasurers. Yet there are a number of relevant technical issues that should represent significant professional concerns for all executives who bear responsibility for the integrity and continuity of treasury operations. For example:
- What are the practical implications of working with an unsupported operating system?
- What is involved in migrating to a new operating system?
- Are there better ways of managing software administration in corporate organisations?
“In reality, when Microsoft’s support of XP ends next April it will render the operating system [OS] virtually obsolete for corporate PC networks, while creating subsequent security and operational vulnerabilities in the process,” says Dr Deepak Kumar, chief technology officer and founder of Adaptiva, a provider of advanced systems management solutions and services.
Dr Kumar feels that many companies are highly vulnerable positions with respect to technology; for example, many executives fail to realise the scale of migrating a major enterprise to a new operating system. Even applying a service pack in large organisations is a serious and complex undertaking; for example, the Windows 7 Service Pack 1 involves the transmission and processing of one gigabyte of information for each computer to be upgraded.
Equally, there are severe operational risks attached to working with an unsupported operating system. If, for example, an external technical change impacting an unsupported operating system on which a live treasury system was running meant that it was incapable of uploading bank statements, treasury could, without warning, well find itself desperately resorting to manual methods to construct the daily cash position.
Additionally, there can be a real problem in finding properly-qualified technologists to rectify such a situation, as the best technical people seldom elect to work with archaic systems.
The only responsible course of action for organisations that are confronted with support withdrawal, such as will happen with XP, is to upgrade as quickly as possible to a supported operating system. This will eliminate the related range of risks to which those who take no remedial action will be automatically exposed.
The details of migrating to a new operating system naturally depend on the IT policy and complexities of each individual corporate. In isolation, the process should include cleaning the PC, downloading and installing the OS, restarting with the new OS, testing and verifying with the old database in the new environment, and then cutting over to live operations. If the exercise is to be replicated across the organisation, says Kumar, be aware that “this massive and unwieldy project is very complex: it is multidisciplinary, and involves among other things many people, approvals processes, control elements, accountability issues, time taken, and organisational politics.
“It’s a technical, organisational and political challenge. It can involve a massive content transfer, including patches and drivers, to keep the resultant image and operational applications up to date. It is in fact a technical – not a human – problem because of the scale. There are big demands on traditional technology architecture, servers and so forth when making configuration changes such as switching from Windows
XP. Not least, it’s an expensive exercise.”
Supporting archaic operating systems may not be in the best interest of either vendor or client. The vendor naturally wishes to market and support up-to-date versions of its own offerings, concentrating its business activities as efficiently as its market will tolerate. From the perspective of the client, there are usually (though not always) technical benefits associated with updated software, such
as bug fixes and accelerations, as well as the availability of new business functionality. The balance to be struck is between the pain of the process and the gains of the new environment, so there are several factors underlying the issue. The risks described that attach to using unsupported operating system software should always tip the balance towards upgrading in such situations.
“The sun setting on what was an incredibly popular version of Microsoft’s operating system serves as a reminder of a software vendor’s need to control supported releases of its products and focus on current offerings,”says Paul Bramwell, senior vice president (SVP), treasury solutions, at SunGard AvantGard.
“Supporting too long a tail of trailing releases can be costly and divert research and development [R&D] from current products,’ he adds. “Supporting older versions of software are a business decision and one that SunGard takes very seriously in order to protect our customers’ investments over time. However, upgrading to newer versions ensures that customers are using the best of what we have to offer, and on our side, it frees up development costs which can be used to continually enhance current solutions to the benefit of the entire user base.’
Mitigating the Risk
There are several technical approaches that can largely mitigate the risks, costs and complexities of an enforced operating system migration.
Storage Area Optimisation: Kumar’s Adaptiva offers a centralised virtual solution, ‘Storage Area Optimisation’ (SAN), which has been successfully applied in the banking environment, and also various large corporations, for some time. In outline, SAN eliminates server infrastructure by utilising unused technology capacity right across the enterprise. It is sometimes referred to as grid computing, and large corporates often use virtualisation technology from VMWare and similar organisations in their data centres to aid this
optimisation. Corporates using SAN will benefit from the central control of operating system upgrades.
Terminal Services: Offerings such as Citrix are very popular among those corporates whose IT policy requires that software should be installed on site, or in a segregated and secure external facility. In outline, a single instance of the software is installed on a powerful central server, and the partitions on this server effectively replicate the client machines in a distributed client/server arrangement. The centrality of this architecture means that it is a (relatively) straightforward matter to manage and control the migration of operating systems, as this need be performed only once, as in the SAN environment.
Both the SAN and terminal services environments provide the potential for specific testing programmes to be performed prior to making any software change operationally live, if this is a requirement of IT policy.
Software as a Service (SaaS): SaaS has proved to be very popular in the corporate, and more specifically the corporate treasury, business environments. It is less prevalent among high-end multinationals, where IT policy tends to require in-house management and control of technology.
The managed technology infrastructure of SaaS allows the hosting organisation to direct and control operating system upgrades and changes, assuming most of the risk associated with these processes.
“Worrying about which operating system your software supports is an unfortunate symptom of legacy software,” says Bob Stark, vice president of market strategy at Kyriba. “It isn’t a problem treasury professionals should have to worry about.”
His company’s own position is that as more companies are moving to SaaS based treasury management systems, the issues of product sun-setting and compatibility are going away.
“Cloud solutions run on web browsers meaning this is a non-issue for anyone that has adopted a more modern treasury solution,” Stark adds. “In
the cloud, it doesn’t make any difference whether you use an iPad, Mac, PC, or a Linux-based machine, or what operating system you are running. Everything is delivered from the cloud directly, and you are always working on the most up-to-date version of the product without the need for any upgrades. If the TMS needs to be upgraded, this incurs both internal and external costs – not to mention the extra time and diverted resources that could have been more efficiently utilized managing treasury.’
Reval is another vendor that is firmly committed to the SaaS route – a technical policy pathway that seems to offer a comprehensive comfort zone for potential victims of the imminent Windows XP sunset.
“Our clients will bypass the pain of an application upgrade that comes with installing a new operating system,” says Phil Pettinato, chief technology officer of Reval, a global SaaS provider of treasury and risk management solutions. “Since our clients only need a browser to access our SaaS application, they won’t have to wait for the installation and testing of new software or systems.
“What’s more, as a matter of course, we test and verify compatibility with new versions of Internet Explorer that ship with each new Windows operating system. I expect that a majority of our clients have already upgraded, but for those who still need to move to a newer Windows operating system, the good news is that the more SaaS applications their organizations are using, the less time they will waste waiting for software upgrades.’
After the Windows XP Sunset
It seems highly unlikely that similar issues to those stemming from the XP situation discussed here will arise when future versions of Windows are discontinued. There is no obvious reason why the trend towards adopting centrally managed and controlled technology environments such as those described should be reversed; it clearly represents a significant improvement in the quality of IT management. This is because the contemporary approaches provide more secure, efficient and cost-effective centralised ways of managing technology – compared with repetitively and riskily rolling out upgrades across vast distributed networks of computers.
Obviously, the less technology distractions that are suffered by a treasury team, the better. We are, in all probability, seeing the last instance of withdrawal of support for a popular operating system that has a noticeable impact on treasury management.
Tim de Knegt, treasurer for the Port of Rotterdam, discusses how he is looking to bring more value to the Port's clients using blockchain.
Regulation technology is fast gaining currency by transforming how financial institutions can tackle compliance in a swift, comprehensive and less expensive manner.
Many banks around the world, large and small, continue to experience major security failures. Biometric systems such as pay-by-selfie, iris scanners and vein pattern authentication can help.
The implementation date of Europe's revised Markets in Financial Instruments Directive, aka MiFID II, is fast approaching. Yet evidence suggests that awareness about the impact of Brexit on MiFID II is, at best, only patchy and there are some alarming misconceptions.