The Natives Are Restless

- - posted in Windows, research, security | Comments

Many readers know that my day job is as a security technology analyst for Yankee Group. Well, it’s about that time of year where we start to wind down our research calendar. One of the things we’re getting out the door is the 2005 Yankee Group Security Leaders and Laggards Survey, in which we ask a statistically relevant number of enterprises (500+) about their spending habits, preferred security suppliers, and future plans.

This year, we added a special set of questions designed to force choices between several competing alternatives. For example, we asked whether enterprises preferred to work with resellers, or direct with security vendors. Probably the most interesting (read: mischievous) question we asked was this one:

Tell us what outcome is desirable: 1) backporting future Vista security features to older Windows versions (XP, 2000) versus. 2) Enterprise migration to Vista

Now, you might think that companies would be jazzed up about the security improvements Microsoft has promised for Vista, and that upgrading would be something companies would prefer to do. Our data shows exactly the opposite:

  • 5% of customers found upgrading “extremely desirable”: 12% said it was “desirable”
  • 30% were “neutral”
  • An even 26% said that backporting was either “desirable”; ditto with “extremely desirable”

But wait, there’s more!

When we look only at what we call security “leaders” — those companies that spend the highest percentage of their IT budgets on security — the differences are even more pronounced. Fully 40% of Leaders felt that backporting was extremely desirable; after adding in the “desirable” percentage, the total favoring backporting is a sky-high 65%. That is a stunning number.

Now consider the additional fact that Vista won’t run acceptably on hardware older than about a year. Consider also Joe Wilcox’ observation that Microsoft has missed as hardware upgrade cycle. When you put all of those things together, it tells me that customers don’t want a forklift upgrade to a more secure operating system forced on them.

Does this just reflect common sense? Probably. I just didn’t expect the numbers to work out quite this unequivocally.