Many Companies Face A Huge Security Problem In Just Two Weeks. Is Yours One Of Them?
(This post originally appeared on Forbes)
Many companies don’t want to admit it, but they haven’t yet transitioned entirely to the cloud. It’s happening, of course, but it’s taking time. One recent survey by BetterCloud reported that by 2020, 62% of the 1,500 its customers will be running 100% of their information technology in the cloud. But that still leaves a lot of companies in the United States using internal servers to run their businesses. And according to a report by CTERA, another cloud storage company, “although enterprise is slowly beginning to trust the cloud for more of its corporate applications and data, when it comes to enterprise storage, companies are still control freaks, preferring to keep a tight rein on data than put it on a public cloud or allow employees to access it there.”
This mirrors exactly what I see among the clients of my own consulting firm. Many of my 600-plus clients, who are mostly small and mid-sized companies, are slowly adapting to cloud applications and services but the majority still rely on internal servers to run their accounting, order entry, storage and communication systems.
Many of those companies are about to face a huge security problem. That’s because support for Microsoft’s Windows Server 2003 is ending on July 14.
How many companies are affected by this? A lot. A survey taken just a few months ago found that 61% of businesses are still using Windows Server 2003. Although the survey suggests that just eight% of those questioned intended to keep Windows Server 2003 beyond its end of life, a massive 72 percent feared compatibility issues with other systems and services should they upgrade and most still haven’t made the move. In another analysis of almost 90,000 servers being used across 200 organizations, IT solutions and managed services firm Softchoice found that just seven percent have completely migrated to newer operating systems. “With less than a month to go until Windows pulls support for Windows Server 2003, it’s surprising that there still isn’t a greater sense of urgency among organizations to modernize and upgrade their systems,” said the company’s Manager of Assessment and Technology Deployment Services Consulting.
Why all the fuss? It’s all about security.
Once Microsoft stops providing support for the server software, the huge numbers of companies using it won’t be getting security updates and patches. And without these security updates these thousands of servers that are holding countless gigabytes of potentially sensitive information will be exposed to data breaches and hacks. That means an estimated 2.7 million servers with potentially hundreds of millions of files could be at risk, according to a study by Bit9 + Carbon Black, a Waltham, Massachusetts-based data security software and services provider. Microsoft is making support available after July 14 for those companies that want to buy it at about $600 per server, with the price doubling every year thereafter The U.S. Navy recently decided to take this route for many of the Microsoft products it’s still using. It’s known that most organizations do not have the resources of the U.S. Navy. It’s unknown how many organizations will opt to pay this fee or just take their chances.
Security is not the only issue faced by companies who don’t upgrade. Hardware and software compatibility problems will be on the rise. Development environments using the out of date software will become more challenging. Support services provided by Microsoft partners and other independent consultants will be in demand at higher costs.
Based on what I’ve seen already at my clients who have made the move, upgrading won’t be without its headaches. More recent versions of Windows Server will require newer, more powerful hardware which generally means you may need to replace your existing servers. You’ll want to take the additional step (and incur some additional costs)to upgrade past Windows 2008 Server to the newest Windows 2012 version because support for the 2008 version will also be running out in just a few years (January, 2020). You’ll incur downtime for testing, compatibility issues and migration of data. And although you may be entitled to the new software if you’re current on one of Microsoft’s maintenance plans you’ll still likely need to rely on the services of an outside, certified IT firm to perform the work. All of this may be the final straw in your decision to move to the cloud. But that decision will also come with its costs of data migration, disruption, consulting fees and monthly payments to your new cloud service provider.
You may not be thrilled that Microsoft is ending support for this critical product but the company has given fair warning. And there are options. However, in light of the potential risks to your data, doing nothing is not a recommended one.