There are tens of thousands of servers still using Windows Server 2003 despite the fact that it’s past it’s end of life. This means that security services are no longer supported by Microsoft.
We wanted to ask some leading consultants in the industry why they thought some businesses were taking a while to move away from Windows Server 2003. Here are their interesting responses!
Reason #1 — Lack of Funds
This one is obvious. Financial reasons are a major culprit behind many IT bottlenecks. While large corporations can afford to upgrade, smaller organizations, such as non-profits, can’t afford to upgrade software and hardware.
Sometimes this is application related too. In fact, Nick Espinosa, the CIO at the IT consulting firm BSSi2, said that some companies he works with in niche industries are “still using Windows 2003 because their databases are highly specialized for their industry and often times extremely expensive.”
Reason #2 — Compatibility Concerns
Julian Jacobsen, IT Consultant and Owner at J.J. Micro LLC IT Consulting, alluded to the fact that some teams might not upgrade due to software requirements and compatibility concerns with niche applications.
While upgrading might look promising, the bottom line is if it stops your business, you’ll have to wait for the application to be updated. This might unfortunately mean more cost as well.
Reason #3 — Internal Complexity
Nick Espinosa also hinted that a reason people are sticking with Windows Server 2003, for now, is that their internal processes, software and hardware might be too complex and time consuming to migrate quickly.
These projects are often still in the planning stage at this point or deemed to be not worth the money of upgrading for security purposes.
Using Windows Server 2003 Going Forward
The bottom line is that Windows Server 2003 is surpassing it’s end of life, whether it’s supported or not. If you find yourself in an organization or with a client in this situation, what can you do?
Nick Espinosa had 4 tips that were very useful for dealing with Windows Server 2003 from now on:
2. We recommend configuring firewalls and networking to not allow internet traffic to and from the Windows 2003 server, only local workstation access. This way the server cannot directly be routed into from the internet and if it becomes compromised cannot connect to the internet to send data.
3. If the server requires internet access to do tasks like send reports or query other locations, then on top of the enterprise level Virus Scanner that should be already installed by default we will install a dedicated DNS based web filter to ensure that if the server is compromised it cannot be routed to malicious websites.
4. Whenever possible we will encrypt the data stored on the Windows 2003 server so that only registered computers on the network may access the data. No data can be captured due to this and as these servers move further and further away from their last security updates, this will become more critical.
Overall, although best practice is to move on from Windows Server 2003, some companies and organizations are stuck for numerous reasons. Hopefully, with the help of this article, you’ve learned how to handle this situation going forward.