"Once a server has been broken into, an intruder can move sideways to other systems on the network so there are potentially greater risks on a server platform than an end user platform," he warns.
But aside from security, there are plenty of other things to worry about if you are running an unsupported operating system like Server 2003. For example, most software vendors are only willing to validate and support their software on supported operating systems. That means that by staying on Server 2003 you won't get vendor support for the applications running on it, and you won't benefit from any feature enhancements or updates that may make it compatible with other software or services.
That can make it an expensive problem to fix if the application eventually becomes unusable. "The most expensive upgrade to make is the one that is done in a crisis," says Zynstra's Nick East. "If you have time to plan you can look at the options and get the best deal. But if you haven't migrated and you have an outage or a breach then you have to do things in a hurry. That means you have to compromise in terms of agility or technology and you will almost certainly have to spend more money."
The other side of this coin is that companies may be running an application that may not run or may not be supported on newer operating systems like Server 2008 or Server 2012. But Camwood's Shepley says that in his experience most vendors are willing to provide companies with free upgrades to versions of their products that support Server 2012. That's because their support and maintenance costs are lower when customers are running their products on the newest operating system, he says.
Of course, in some cases a newer version of the application may not be available. "If the vendor no longer exists then our recommendation would be to find a functional equivalent and migrate across," says Shepley. "Or as a stopgap measure you can use a solution like AppZero that wraps your app in a bubble and lets you move it to a new platform."
Quocirca's Bamforth says that a common reason that many companies will miss the July 14 deadline is that IT departments have difficulty getting resources allocated to them to do the migration. "Migrating off Server 2003 doesn't obviously add value to a business so it can be hard to make the case to senior management," he says.
Other reasons include the following:
- Underestimating the scale of the project -- including identifying less "visible" servers that may be providing services like DNS and domain control -- and therefore the time needed to complete it.
- Being too busy firefighting other more pressing IT problems to carry out the migration on time.
- Putting the migration off in order to do more exciting projects, or ones that other business departments are demanding and which appear to show bigger business benefits.
Sign up for CIO Asia eNewsletters.