Ed Jones works for Firebrand Training, a Microsoft Gold Learning Partner. He has worked in the IT training and certification industry for the past 4 years. He is a tech enthusiast with experience working with SharePoint, Windows Server and Windows desktop.
Microsoft officially ended support for Windows Server 2003 on July 14th of this year, but what does this actually mean? Well, for businesses still operating within the Windows Server 2003 framework, it means the responsibility for securing, patching and identifying vulnerabilities now falls solely on you, the end user.
Microsoft will no longer devise and disseminate security updates, or fix issues that appear in the legacy server operating system. This lack of continuing support will extend to System Center Endpoint Protection and Forefront Endpoint Protection running on the WS2003 platform.
Worldwide, there are around 3 million servers still housing their data — credit card details, customer information, etc. — on Windows Server 2003 machines. All of them are now officially unprotected.
What are the real risks of staying on the Windows Server 2003 platform?
Security breaches: Migrating to a new IT platform is always going to cost businesses money, both in acquiring the necessary technology and software resources and also in training staff in how to use the new platform. However, consider the fact that the average data breach now costs a company £1.46m (as reported by the Telegraph), or about $2.22 million, and the overhead expenses needed to keep servers secure and up to date start to look like a very good value for the money indeed.
With Windows Server 2003 not having any internal firewalls, gaining access to an unprotected system gives a hacker complete freedom to move around all of its files, folders, databases and applications. And all it takes for this to become a plausible scenario is a single unpatched vulnerability.
Hardware failure: Windows Server 2003 is now over a decade old. Many of the businesses still employing the outdated OS will have purchased new hardware at the same time as they got on board with the platform. This means that the machines themselves are likely to be well past their own operational lifespans, leading to increasingly high failure rates that can also potentially lead to data loss.
Operational cost increases: The costs of running a twelve-year-old hardware system are high, and those associated with continually patching a server platform well past its use-by-date can be considerably more so. Conservative estimates state that the cost of protecting a single instance of Windows Server 2003 on an increasingly inefficient system could begin at £385, or roughly $585, per year.
Issues with new software: Nowadays most new device drivers and applications favor 64-bit systems and environments. As Windows Server 2003 only runs 32-bit, businesses still wedded to the retired framework may find they are increasingly unable to keep up-to-date with their competitors in terms of running the latest software.
Compliance issues: Windows Server 2003 is no longer PCI compliant. This will cause several issues for businesses that choose not to migrate to newer platforms. One of the most serious of these issues is that websites still running on the system will no longer be able to have payments processed by either Visa or MasterCard. Unsupported systems may also fail to meet HIPAA and SOX compliance levels.
A Word on Migration
To make sure your company’s systems are secure, compliant with current industry standards, and as future-proofed as possible, those still running Windows Server 2003 should be thinking very strongly about migrating to either Windows Server 2012 R2 or Microsoft Azure. Microsoft’s Migration Planning Assistant offers a comprehensive guide for making the transition that is both user-friendly and thoroughly informative.