It’s official – on 14 July 2015, Windows Server 2003 reaches its end of life, no longer receiving support from Microsoft. It’s been a wild 12 years of patches and updates, and for companies intent on sticking with Server 2003, the future could get a whole lot wilder.
Without patches for known vulnerabilities, organisations will be at an immediate risk of compromise. A server running an out-of-date operating system creates an open door for security breaches, potentially compromising the entire organisation.
Attacks on Server 2003 expected to peak when support ends
“We expect attacks will peak around 14 July when support officially ends, as [Server 2003] will then be one of the least secure systems in existence,” says Symantec’s Piero DePaoli, senior director of global enterprise security product marketing. “Unprotected systems make organisations more susceptible to data breaches, loss of critical, confidential data, and business disruption such as an inability to run mission-critical transactions or deliver customer services – all of which damage the brand and the customer’s trust. On top of that, organisations incur the costs associated with system remediation, investigation, customer care and potential lawsuits following the attack.”
To make matters worse, an unsupported system could mean compliance violations and expensive fines for companies governed by industry and government regulations surrounding IT security and information management.
2.7 Million Servers will be unprotected
However, 30% of enterprises still plan to continue running Server 2003 environments beyond 14 July deadline in spite of the risks, according to security vendor Bit9 + Carbon Black’s 2015 survey of medium and large enterprise IT leaders in the US and UK. This translates to around 2.7 million unprotected servers.
The same survey discovered 57% of enterprises didn’t know when Server 2003 would reach end of life, revealing that lack of education is a major reason for these concerning numbers.
Additionally, many organisations have insufficient visibility of their system architecture, not knowing whether they are running Server 2003, let alone whether this out-dated operating system is tied to critical functions.
For some organisations, migrating to a new platform entails a significant expense, as they may have legacy systems tied closely to Server 2003. Application control and monitoring can provide relief in these cases, but should only be considered as a temporary measure while more robust solutions are developed.
Upgrading from Server 2003 can be a blessing in disguise
Of course, it’s not all doom and gloom – the Server 2003 end-of-life creates an opportunity for companies to upgrade their entire approach to security, along with their software. Companies can move away from the “knee-jerk” approach to emergency patching, and adopt a proactive, future-friendly strategy embracing new technologies and a longer-term view of product lifecycle management.
Don’t wait – plan your server upgrade now. If you suspect your infrastructure may suffer after the Windows Server 2003 end of life, discuss your options with Managed IT today on 1300 626 243 or get in touch.