With less than 100 days until Microsoft ends support for Windows Server 2003, Anthony Stevens, CIO of KPMG Australia gives his personal view on why organisations are failing to migrate from Windows Server 2003, despite the high awareness on the imminent deadline.
There is an estimated 23.8 million instances of Windows Server 2003 running across 11.9 million physical servers worldwide.
The numbers are absolutely astounding, especially when one considers the fact that businesses and CIOs are well aware of the imminent end of support for Windows Server 2003. Due on 15 July 2014; less than 200 days away.
Despite the high awareness of the issue; with trusted national bodies such as the U.S. Department of Homeland Security issuing alerts and reminders on the nearing end of support, organisations are simply not moving off the platform quickly enough.
You would be hard-pressed to find an IT professional who isn’t aware of the risks of failing to migrate before the end of support deadline. Telling a CIO that it is dangerous to run unsupported software is akin to telling someone it is dangerous to cross a busy street with their eyes shut.
But let me reiterate them just in case. Windows Server 2003 is a server system which is already on extended support.
It has been powering the IT infrastructure of companies, providing computing resources for mission critical applications, email and even general business applications.
Let us also not forget that it is a system that was first released when camera phones were considered “new and innovative.”
To put it in context, CIOs would not expect an 11-year-old feature phone to perform all the tasks the latest smartphone can do today. So much has changed from a business applications perspective which the 11-year-old platform was not designed to support.
On top of that, the risks involved with running a server software application that is no longer supported include: increased exposure to software failure – Microsoft will stop supporting new software add-ons making updating applications a potentially dangerous gamble; heightened security risks – new security flaws will no longer be patched; and finally one runs the chance of falling out of the compliance good books.
For example, according to the credit card industry’s PCI Security Council standards, if an unsupported operating system is Internet-facing, it will be logged as an automatic compliance failure.
Additionally, should being compliant with standards such as the PCI Data Security standard and the health industry’s HIPAA not be an issue within the organisation, it may still result in the company being cut off from partners seeking to preserve their own compliant status.