Microsoft is set to terminate extended support for Windows Server 2003 come July 14, 2015, yet, an alarming number of enterprises remain unprepared to migrate from the outdated platform, leaving an estimated 2.7 million servers unprotected after the end-of-life deadline.
According to the results of a recent Windows Server End-of-Life Preparedness Survey (PDF), IT and security leaders are still unaware of the ongoing security risks and financial burdens associated with running the unsupported operating system.
Out of 500 IT managers from both U.S. and U.K. organizations, one-third of respondents stated their enterprise plans to run Windows Server 2003 (WS2K3) after end-of-life. Meanwhile, 14 percent of respondents revealed their enterprise did not have an upgrade plan; and more than half of respondents did not know when Microsoft was ending support.
“With approximately [2 months] remaining until the EOL deadline, and the average migration estimated at 200 days, businesses appear to be grossly unprepared,” read the report.
As of now, Microsoft estimates roughly nine million systems still running Windows Sever 2003.
“Continued operation of unsecured WS2K3 systems can leave organizations exposed to ‘zero-day forever scenarios,’ where new zero-day vulnerabilities are discovered and exploited by attackers and no publicly available patch will ever be provided,” the report continued.
In addition to the vast security risks, businesses continuing to rely on WS2K3 could also risk non-compliance of various industry regulations, such as SOX, HIPAA, PCI or NERC, resulting in steep potential fines or regulatory citations.
Organizations like the Financial Services Committee of Ontario have already required its members to operate using supported software, and the Payment Card Industry’s Data Security Standards (PCI DSS) mandates vendors have up-to-date vendor-issued security patches.
Although Microsoft will offer for-fee support for customers migrating away from the platform, the extended support is accompanied by a hefty price tag, costing companies $600 per server in the first year alone, and an average total of $200,000 per year.
IDC’s Al Gillen, Program Vice President of Servers and System Software, adds the benefits of an up-to-date operating system are many.
“Unlike Windows XP, where there were mitigation challenges that created barriers for some customers to move forward to a newer product, Windows Server 2012 R2 offers relatively good application compatibility with Windows Server 2003,” said Gillen in a white paper, Windows Server 2003: Why You Should Get Current (PDF).
Gillen further explains the update would offer enterprises integrated visualizations, extensive scalability, operational roles, script execution capabilities, and of course, better security.
Nonetheless, for many customers, Gillen says this is about more than just Windows Server 2003:
“Given the age of installation, the chances are high that other software products beyond the operating system are aging. The list of products that customers may be concerned about would include applications, middleware, database products, and management tools, all of which may be approaching or already past their supported life cycles, leaving customers at even further potential risk should a problem arise.”