Denial delays modernisation
Surely the risks associated with software that’s not supported far outweigh the need for cost savings. It begs the question, why are there so many instances of Windows Server 2003 still being run in Asia Pacific?
According to Spiceworks, a global professional network of more than 5 million IT Professionals, 64.5% of organisations who use its tools in Asia Pacific are still running at least one instance of Windows Server 2003 as of June 2014.
Why not see it as an opportunity to make changes to align to a mobile-first, cloud-first world? I have never met a CIO who was refused funding to modernise infrastructure.
A few factors that I’ve observed from my interactions with my peers. CIOs in the region are not assigning a high enough “risk” level to the Windows Server 2003 end of support issue when they are determining overall risk assessment. IT risk is generally assessed through the equation: “risk= threat x vulnerability x asset.”
Organisations should note that with regard to “assets,” Windows Server 2003 is a server operating system which directly affects a large portion of the IT ecosystem within a business. The impact would be on a greater scale than that of Windows XP’s end of support, which was just a desktop operating system.
Similarly, the stoppage of security updates that comes with end of support will sharply increase “vulnerability.” So when the overall IT risk of Windows Server 2003 end of support is assessed within a company, it is logical to conclude that the risk level associated with failure to migrate is unacceptable.
Another point to note is that IT risk acceptance also analyses the cost of counter measures. Some may not be aware that a Custom Support Agreement for extended support of Windows Server 2003 is at best a stop-gap measure.
Analysts have indicated that the cost of tailored support for the system will vary by customer, but will likely be three times that of Windows XP. Extended support is simply too expensive to be considered a cost-effective counter measure in the long run.
Whilst the above two points are possible reasons for the general malaise when it comes to technology refreshes, the most likely reason is that people are underestimating just how long server migrations take.
The entire migration process can take anywhere between 200 and 300 days to complete. A cause for concern given the end of support deadline is less than 200 days away.
Beyond mitigating risks incurred from failure to migrate, I encourage my fellow CIOs to also consider this event as a golden opportunity to get strategic, modernise their IT and help drive innovation within their companies.
As one chapter ends, another begins. This is your chance to redefine the role of IT to lead business transformation through the use of the cloud, mobility, big data and social. Are you going to let outdated technology like Windows Server 2003 hold you back?
Anthony Steven’s KPMG Australia’s Chief Information Officer, has more than 15 years of experience as a CIO, Executive General Manager and Entrepreneur in the services and technology sector.