Microsoft Windows Server 2003 will reach its official end of life on July 14, 2015. In practical terms, that means Microsoft will longer support the software, and any security or compatibility issues that arise after that date will not be addressed. If your enterprise is still using Windows Server 2003 after July 14, then you are taking a potentially very expensive, and unnecessary, risk.
According to a survey of over 1,300 IT professionals conducted by Spiceworks in March 2015, some 63% have either already migrated or partially migrated off of Windows Server 2003, and another 28% were in the planning stages. Most of those surveyed said they are migrating to Windows Server 2012 R2. That’s the good news.
The bad news revealed by the survey is that 22% of the IT professionals surveyed said they do not plan to migrate all of their servers off Windows Server 2003, citing compatibility and cost worries. That means there could potentially be thousands, even millions, of unsupported servers running enterprise operations around the world after the July deadline.
Security and compatibility
Every time Microsoft declares end of life for one of their software products, there’s a natural tendency for enterprises to resist the migration to alternative, supported, software. For example, there are still a large number of Windows XP PCs operating in enterprise environments.
Enterprises naturally do not want to spend the money and time buying, testing, and deploying new servers when the servers they’re using are working just fine. But this is a very risky and potentially very expensive “non-strategy” to take in the current business environment.
Just in the past year or so, we’ve seen confirmed breaches of servers perpetuated by the governments of North Korea and China. We’ve also seen network security fail to stop Russian organized crime from stealing identification data from retailers. Just about every other week, there’s another widely reported IT security incident.
As an IT professional, these security breaches should make you very wary of your own enterprise security protocols. Can you really afford to have unsupported and potentially vulnerable servers in your network?
Target estimates that the data breach it suffered in 2014 will cost the company close to $150 million. Identity thieves, like those in Russian organized crime, fraudulently steal $6 billion from tax refunds annually. In other words, stealing identification data is big business, and business is good.
Enterprises, especially ones that collect private identification data from their customers and clients, are expected to take every possible precaution to protect that data. In a lawsuit over a security breach, one of the first things any lawyer worth their salt is going to do is check whether the enterprise’s infrastructure is up to date. Running an unsupported operating system like Windows Server 2003 isn’t going to go well for you.
Microsoft will support each server running Windows Server 2003 for $600 per month after the July 14, 2015, cutoff. That can buy you some time to complete the migration to an up-to-date operating system or a cloud solution, but it’s certainly only a temporary fix.
While the timing may be bad for your current situation, the fact remains that Microsoft Windows Server 2003 has reached its end of life. The potential liabilities of running that operating system as an integral part of the enterprise infrastructure far outweigh the benefits of not spending a relatively small amount time and money migrating to something more modern and secure.
Are you still running Windows Server 2003 in your enterprise? Are you planning to migrate off of that OS? If you’re not, why aren’t you concerned about the potentially liability risks? Let us know your thoughts in the discussion thread below.