Microsoft pushes security benefits of migration as Windows Server 2003 nears end of life

Australian companies' migration away from Microsoft's Windows Server 2003 is gathering steam as security concerns grow and the venerable platform enters its last 100 days before joining the ranks of Microsoft's end-of-life (EOL) platforms.

Tens of millions of users of the server platform have been busy preparing moves to Microsoft's more recent server platforms, which include 2008 and 2012 versions. Such moves will be necessary to ensure continued support, patches and updates to the server platform after Microsoft stops supporting the 2003 iteration on July 14.

Microsoft has been talking up the benefits of a migration from virtualisation, automation and productivity perspectives, highlighting a recent customer survey that found migrations to Windows Server 2012 had boosted virtual server densities by an average of 12.5 percent in larger firms and 16.7 percent in smaller businesses.

“We all know running unsupported software increases one’s exposure to security risks and software failures,” Microsoft Australia chief technology officer Greg Stone wrote in a blog this week.

“In fact, running even a single instance of unsupported server operating system has a higher risk than a desktop operating system, as any compromise will have a significant amplification effect on those who rely on it.”

Security has indeed proved to be a key concern for IT managers weighing a move away from the 2003 platform.

A recent Spiceworks survey found that security risks were by far the biggest concern of the 25 percent of surveyed IT managers who were still expecting to have Windows Server 2003 systems live after the EOL.

Fully 85 percent named security risks as their biggest concern with retaining the platform, compared with 66 percent naming compliance risks, 65 percent citing reliability and downtime and 58 percent naming data loss as a concern.

Companies making the switch need to make sure they have a robust user authentication and identity management framework in place, Stone warned: “The last thing you want is to have all your colleagues unable to access mission-critical workloads and bring operations to a standstill,” he wrote.

No less than the US Department of Homeland Security (DHS) has weighed in on the migration, issuing a formal alert last November warning that “computer systems running unsupported software are exposed to an elevated risk [of] cybersecurity dangers, such as malicious attacks or electronic data loss.”

Citing figures suggesting that some 12 million physical servers were still running Windows Server 2003 as of last July, the DHS warning also warned that running EOL software could potentially affect organisations' ability to satisfy compliance requirements.

Microsoft has documented its own migration and is using the mass migration as an opportunity to promote its Azure cloud-hosting platform – most recently citing the experience of water-trading exchange Waterpool in servicing rapidly-changing demand thanks to Azure – but it may still be a hard sell for many organisations.

While 74 percent of the organisations Spiceworks surveyed said they were planning to adopt server virtualisation in their new environments, just 12 percent said they were planning to migrate to a cloud environment – and half of those were only going to move their email to the cloud.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Join the CSO newsletter!

Error: Please check your email address.

Tags automationmigrationMicrosoftSpiceworksDepartment of Homeland Security (DHS)ecurity benefitswindows server 2003CSO Australiaproductivity perspectivesvirtualisationend-of-life (EOL) platforms

More about CSOEnex TestLabindeedMicrosoftSpiceworks

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place