If you haven’t migrated from Windows Server 2003, you may not see immediate consequences, but you need to upgrade soon.

In July this year, Microsoft officially ended all support and updates for the extremely popular Windows Server 2003. Of course, plenty of warning and due notice was given to prepare organisations on how to implement a migration strategy, we even wrote our own guide here.

One would assume that a major piece of most company’s network infrastructure becoming obsolete or more importantly, becoming a high-security risk would lead to mass replacements or restructuring of certain architecture within organisations IT environments. However, new research from the Enterprise Strategy Group (ESG) and Trend Micro suggest otherwise. ESG state that “more than 80% of enterprise and midmarket organisations still support Windows Server 2003 to some extent.” In addition, it was reported that over 90% of companies who have not migrated are only planning to do so in the next 12 months!

These are staggeringly high figures given the implications and risks associated with the continued use of an end-of-life product. So, why are organisations so slow to adapt?

Why so slow to adapt?

One of the most obvious reasons why companies are slow to migrate can be attributed to the business disruption caused by such a move especially if the organisation in question is heavily reliant upon or has a large number of Windows Servers 2003 within their environment. Conversely, although admittedly a bit of a pain, it pales in comparison to what a company would have to endure should they become a victim of a targeted attack such as Ashley Madison have recently.

Compatibility issues are often another reason why companies are so slow to adopt a new server and to be fair this reason is a little more understandable. With the advent of popular virtualisation software the question of how to deploy servers, either virtually or physically, is genuine with the ESG reporting an estimated 77% of those surveyed now using virtual deployment methods over 69% preferring physical deployment. Yet given the huge numbers stated above it appears that companies need to hurry up and make a decision as every day that passes is another day that valuable data is vulnerable.

The final reason specified for the lack of adoption derives from a previous ‘bad experience’ with old migrations from XP and Windows 2000. This is simply a matter of priorities and preparation to ensure the smoothies possible transition.

However, there is a solution for those who are not ready to migrate. Organisations can continue to use Windows Server 2003 until they have a proper migration plan in place by using specialised virtual patching programs that can secure their 2003 servers from vulnerabilities. For example, Trend Micro Deep Security will continue to provide support for Windows Server 2003 after the end of life date until at least the end of 2017.

If you cannot migrate soon, you need the proper patching tools in place. Why?

A couple of considerations are needed to put this situation in context. For Example:

• The next big threat – This year has seen HEARTBLEED, POODLE & FREAK disrupt thousands of businesses and cause hundreds of millions worth of damage worldwide to date. This cyber criminal activity isn’t going to stop anytime soon and you can be sure that hackers are aware of such vulnerabilities –making you an easy target.
• “It won’t happen to us” – Some might assume that the line of business they are in will not become the focus of an attack. Taking our Ashley Madison case as an example, it is true that their line of business may be morally questionable and may have been the reason for the attack. However, every company holds valuable data which is now at risk and left exposed after the Server 2003 EOL.
• Customised support from Microsoft for ongoing patches is still possible. However it is also expensive and unsustainable in the long-term. The EOL of Server 2003 has got and it will get a lot of attention from hackers and if you do decide to stay with Windows Server 2003, you need the proper patching tools in place.

It is important to note that this is not an attempt to scaremonger IT departments into purchasing expensive services or software. It is simply a reality check as to what the situation currently is. A company would never leave easy access to any other valuable business assets such as stock or cash so why should your IT environment be any different?

Should your company need any advice or assistance in developing a successful migration or patching plan please don’t hesitate to contact us.