Windows XP: The terrifying anarchy of technology 'have-nots'

It's easy to dismiss organisations that have failed to move away from XP as ignorant or lazy, but it's not quite that simple.
Written by Matt Baxter-Reynolds, Contributor
Inoculating the NHS against being stuck with Windows 8 in the future as it is with Windows XP today seems impractical.

Finally it's happened. XP is dead. Long live Windows 8. Or long live the slightly better Windows 8.1 Update 1.

There are still a lot of people using Windows XP though. Some 27 percent by some accounts, which is quite a lot of people who are about to sit down each day in front of a relentlessly exploitable, and downright dangerous operating system.

It's easy for us IT professionals to "hand wave" over this and dismiss those who've not managed to migrate as being either lazy, irresponsible, or willing ignorant.


We know that the NHS in the UK just spent £5m ($8m) keeping XP going for another year.

This scenario looks like one that falls into the "irresponsible and ignorant" camp. The NHS is a large, professional organisation. It looks, from the outside, like one that would have no problem navigating the migration away from XP.

Why then the $8m? Or, to put it another way, should we cut the NHS some slack?

To give you some idea of scale, the NHS is big. Really big. You just won't believe how mind-boggling big it is. It employs 1.7 million people — fourth in the world to the Chinese Liberation Army, Walmart, and the Indian Railways. It spends — albeit over its entirely — $5,000 every second of every day.

Importantly in this context, there is no central IT function per se. There are national IT initiatives, though. These look to deliver social care policy via technology across the entire organisation. By and large, the IT function is owned and operated locally. Glossing over complexity, there are 160 "NHS Trusts," and the Trust itself manages the IT for the (on average) 16-17 hospitals within its remit.

This is where things get complicated if you're actually trying to do your job of delivering healthcare to patients in terms of IT.


I should say the following is based on a true story, with the names changes to protect the innocent.

Imagine you run a small therapy team in a local hospital. Let's say there are ten of you on the team, and your job is to go out into the community and do something. You'll run clinics at the local hospital, but also run other outreach services and clinics out and about in that local community. You need some IT to do that job.

So you go and petition the Trust's IT to deliver something. But the Trust's IT turns around and says you can't have what you want, and let's say that's for very good reason. A typical reason is that you want something that's a subset of some larger system that's being rolled out over the whole Trust and that, rightly, it's silly to give you something that's going to be made obsolete when that new system comes online.

As the person in charge of delivering the service, what do you do? You could, in theory, find the budget to do it yourself, and so off you go and commission some local IT bod to come along and implement something. You like it, it works, and it lets you do your job.

Years go by and the IT system the Trust promised hasn't come along, and you're still using the system built by the local IT bod, but it runs on XP, and it will only run on XP. And now the Trust's IT turns round and says you can't use it anymore because it runs on XP. And the local IT bod can't upgrade it because of one of a million reasons. But you have to use it to do your job, so the Trust agrees to let you keep using XP so that you can keep doing your job.

In this scenario, everyone has done everything more or less right, but the end situation ends up being bad. The only finger of blame you can really point is at the Trust IT's for not being agile enough in delivering what the therapy unit needed in the first place. It stuck to its guns of delivering a snazzy system that sat above everything, and was lovely and beautiful in theory, but wasn't actually there or working in reality. (And, remembering this is a true story, was never delivered.)

Now go ahead and scale up that bad scenario for thousands of service delivery units across one of the world's largest organisations and, suddenly, that $8m looks pretty cheap. The real cost will be in the NHS's IT spend itself. Can you imagine how many of these tiny, fractured projects, they actually have? It's terrifying.

Have nots

This — and I hasten to remind you the above is based on a true story — is worth looking at because it's about those users in our purview who use IT but that have no control over it.

We IT professionals are lucky enough to be in the technology "haves." We sit there at the top and control everything. We can sit there and design beautiful systems, execute them elegantly, and have users all over the organisation buy us drinks, and generally commend us on a job well done.

Then there are people at the bottom of the chain who are the technology "have-nots." Those people will always exist, largely because entirely centrally controlled IT makes about as much sense as entirely centrally controlled economies. Those who are "local" to service delivery — whatever that service is — will always understand the needs of the service users better than the IT department.

This means there will always be a force pushing toward anarchy where the "have-nots" build, or engage, or buy, whatever they can to get the job done outside of the control of the IT function. In that scenario, the IT function needs to act as counsel, rather than arch-overseer of everything relating to bits and bytes that the business does.

So in 2023 will we see headlines about the NHS buying extended support for Windows 8?

Of course we will.

What do you think? Post a comment, or talk to me on Twitter: @mbrit.

Editorial standards