Microsoft will officially end support for Windows Server 2003 on July 14, 2015. While many firms are working to migrate their applications and data off aging servers as quickly as possible, a fair number are not migrating for a variety of reasons including the financial cost.
"One of the top barriers to migration is the fact there is no immediate need, because if it's not broken don't fix it. There is some complacency there and people aren't paying attention to the risk. Some assume that they are behind a firewall and think since no one can get into their network they have a false sense of security," said Peter Tsai, content marketing manager with Spiceworks, makers of IT management software.
For firms that will not make the move by July, it falls on them to protect and harden their servers, and to know what's at risk.
Failure to upgrade your systems can have a variety of consequences, not all of them security-related:
Hardware ills: If you are running Windows Server 2003, chances are very good that hardware is a decade old or older, which means it is long out of support from the vendor and also well past its recommended operational life. You run the risk of high failure rate, which could mean lost data, and good luck getting replacement parts. "A lot of people we know buy parts off eBay," said Tsai.
Operational costs: If you are running an eight to 12 year old server, then it's an old 32-bit server with barely any power management at all. Server vendors didn't get the power management religion until a few years later. Those old servers are inefficient and likely unvirtualized, and running at very low utilization. So in addition to being vulnerable they are also highly undesirable.
No compliance: Once support ends, your organization will likely fail to meet industry compliance standards such as HIPAA, PCI, SOX and Dodd-Frank, just to name a few. People in fields impacted by this regulation will likely shut you out and refuse interconnections.
Software compatibility issues: Windows Server 2003 is a 32-bit OS, and virtually everything is 64-bit now, from device drivers to apps. Companies are abandoning 32-bit apps for 64-bit apps. So don't expect to update your old apps.
Data breaches: All one needs to do is look at what the Home Depot and Target breaches did to those companies. That should be motivation enough to migrate. But those firms were big enough to recover. A smaller company might not be.
Unsupported applications: Microsoft is ending support for Windows Server, but the apps running on the server are just as much at risk. Maurice McMullin, product marketing manager with KEMP Technologies, which does WS2003 migrations, said there are two major risks to apps: it may not be maintained by the developer and a company may or not have the resource in house to maintain it.
"That creates a risk in and of itself. If the app falls over, who's there to support it? The implications are if they don't migrate, they are exposed on the app side and may not have the resources to fix it. The other thing is from external risks that may be discovered after support ends," he said.