Millions of CIOs are set to miss the July 14 deadline to migrate away from Windows Server 2003, despite the huge risks to their companies.
As of July 15 the operating system will no longer be supported by Microsoft -- meaning that security patches and other updates will no longer be made available to users running the software. Last year the company estimated that there were 24 million instances of Server 2003 running around the world.
Ed Shepley, a solutions architect at migration specialist Camwood, says that while most companies have migrated some of their servers away from Server 2003, only a minority have migrated all of their servers.
"We are not seeing companies making a strategic decision to stay with 2003, but most companies we are talking to are struggling to get the last applications off it," he says. "They thought that they had time to migrate everything but it has taken them longer than anticipated."
This tallies with the results of a survey from Spiceworks in March which found that 61 percent of businesses it questioned were still running at least one instance of Server 2003.
Nick East, CEO of managed IT service provider Zynstra, also expects that many of the companies he has been talking to will miss the deadline.
"I think a significant number of organizations have not and will not make the date," he says. "Probably 30-40 percent of SMBs will be running Server 2003 somewhere in their environment after July 14th."
Risk rising gradually
The most obvious problem with remaining on Server 2003 is the increased security risk. Companies that are involved in regulated industries or activities also run the risk of falling out of compliance if they run an unsupported operating system, but Camwood's Ed Shepley says that most of these companies have successfully migrated from Server 2003 already.
But unlike the Y2K problem, which had the potential to cause unpatched systems to fail on the first day of the year 2000, the security risk of running Windows 2003 is likely to slowly rise from a low base over time as more and more vulnerabilities are discovered and remain unpatched.
That means the security risk may not be as acute as some people are suggesting, says Shepley. "I don't think the risks can be mitigated, but the world won't end on deadline day," he says. "After all, we didn't see Windows XP infrastructure collapse immediately after support for that came to an end," he adds.
Rob Bamforth, a principal analyst at research house Quocirca, agrees that when support for Windows XP ended, it didn't result in a tsunami of attacks on machines running the operating system. But he believes running an unsupported server operating system is a greater security risk than running an unsupported client operating system.
Sign up for CIO Asia eNewsletters.