Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Still not worried about Windows Server 2003? Think again

Anthony Stevens, CIO of KPMG Australia | Jan. 30, 2015
Anthony Stevens, CIO of KPMG Australia debates why CIOs are delaying the migration from Windows Server 2003

This vendor-written piece has been edited by Executive Networks Media to eliminate product promotion, but readers should note it will likely favour the submitter's approach.

There is an estimated 23.8 million instances of Windows Server 2003 running across 11.9 million physical servers worldwide[i]. The numbers are absolutely astounding, especially when one considers the fact that businesses and CIOs are well aware of the imminent end of support for Windows Server 2003. Due on 14 July 2015; less than 200 days away .

Despite the high awareness of the issue; with trusted national bodies such as the U.S. Department of Homeland Security issuing alerts and reminders on the nearing end of support[ii], organisations are simply not moving off the platform quickly enough.

You would be hard-pressed to find an IT professional who isn't aware of the risks of failing to migrate before the end of support deadline. Telling a CIO that it is dangerous to run unsupported software is akin to telling someone it is dangerous to cross a busy street with their eyes shut.

But let me reiterate them just in case. Windows Server 2003 is a server system which is already on extended support. It has been powering the IT infrastructure of companies, providing computing resources for mission critical applications, email and even general business applications. Let us also not forget that it is a system that was first released when camera phones were considered "new and innovative." To put it in context, CIOs would not expect an 11-year-old feature phone to perform all the tasks the latest smartphone can do today. So much has changed from a business applications perspective which the 11-year-old platform was not designed to support.

On top of that, the risks involved with running a server software application that is no longer supported include: increased exposure to software failure — Microsoft will stop supporting new software add-ons making updating applications a potentially dangerous gamble; heightened security risks — new security flaws will no longer be patched; and finally one runs the chance of falling out of the compliance good books. For example, according to the credit card industry's PCI Security Council standards, if an unsupported operating system is Internet-facing, it will be logged as an automatic compliance failure[iii]. Additionally, should being compliant with standards such as the PCI Data Security standard and the health industry's HIPAA not be an issue within the organisation, it may still result in the company being cut off from partners seeking to preserve their own compliant status.

Denial delays modernisation
Surely the risks associated with software that's not supported far outweigh the need for cost savings. It begs the question, why are there so many instances of Windows Server 2003 still being run in Asia Pacific? According to Spiceworks, a global professional network of more than 5 million IT Professionals, 64.5% of organisations who use its tools in Asia Pacific are still running at least one instance of Windows Server 2003 as of June 2014[iv]. Why not see it as an opportunity to make changes to align to a mobile-first, cloud-first world? I have never met a CIO who was refused funding to modernise infrastructure.


1  2  Next Page 

Sign up for CIO Asia eNewsletters.