In previous columns, I’ve discussed the need to keep your IT hardware and software current. Technology can be a significant investment. It may be tempting to continue using your tools until they simply will not function for you any longer. After all, if it’s ain’t broke…. What would you do if you learned that by continuing to use your reasonably functioning (but outdated) technology you were putting your entire business at risk? You will be doing just that if you have a server using the Windows Server 2003 operating system, and you continue to use it after July 14th of this year.
IT analysts estimate there were 10 million instances of the operating system still active as of July of 2014 – over a decade after the system’s initial release. The reason is simple – it worked well. Think about how things have changed over the past ten years.
A look back at 2003…
Windows Server 2003 launched on April 26, 2003. That same week Apple launched the iTunes store. President Bush was still in his first term. This was also the year Martha Stewart was indicted on fraud charges and Saddam Hussein was captured in a dirt hole in Iraq. The DVD market was growing quickly with television shows on DVD regarded as the fastest growing segment of the home entertainment business. The release of Windows Server 2003 occurred a full four years before the release of the first iPhone, three years before the launch of the Nintendo Wii video game system and two years before the launch of YouTube.
Today, none of you carry the Nokia GSM mobile phone that was all the rage at the time with “advanced” features like two games, an alarm clock and an internal antenna. You could text on your black and white screen but doing so was painful since you lacked a QWERTY keyboard. Today you do not buy TV on DVD, but likely stream your favorites through Netflix. Your collection of digital photos likely far exceeds the average hard drive capacity of a 2003 era PC hard drive (which was 120 GB).
You’ve moved on. It’s time for your server to do the same. Reasons you must upgrade (now):
- Your entire network is at risk.
A single, unpatched server is a point of vulnerability for your entire computer network. A hacker needs only one vulnerability to steal your data, commit fraud or harm your business.
Mainstream support ended for Windows Server 2003 in 2010. No additional features or enhancements have been made since that date, though Microsoft has continued to issue security patches to correct vulnerabilities discovered in the operating system. Official enhanced support for security patches ends this July, however it appears as though Microsoft has already moved towards end of support. Microsoft made the decision not to patch the latest vulnerability known as FREAK discovered in March. The end of extended support means Microsoft will no longer issue critical security patches. Continuing to use the operating system after that date will pose a huge security risk to your business.
- You may fall out of compliance with regulations affecting your industry.
Does your organization accept, transmit or store customer credit cards or debit cards? If so, you are subject to the Payment Card Industry (PCI) data security standards. Continuing to store or process credit cards on a server that is no longer patched and supported will cause you to fall out of compliance.
Are you a healthcare provider (or Business Associate to a healthcare provider) who is subject to HIPAA? When Microsoft sunsets Windows Server 2003 this summer, your compliance with HIPAA will also come to an end if you fail to upgrade.
- The migration is complicated.
There is no direct migration path from Windows Server 2003 to the most recent server operating system, Windows Server 2012 R2. Upgrading will take considerable time and effort. Microsoft estimates the average migration to take 200 days. While this may be an exaggeration on Microsoft’s part, migration with proper planning will still take some time. You have no more time to procrastinate. The time to act is now.
If 2003 was the last time you purchased a server, you’ll be pleased to know that a lot has changed in the last twelve years. You have more technology options available to you that will not only keep your business secure, but may increase operational efficiency and decrease costs as well. One option to seriously consider is moving your server to the cloud. We’ll discuss that in greater detail next month.