CIF research says almost 60 per cent of UK organisations are yet to migrate
Organisations require practical advice, not scaremongering tactics, to prepare for end of support for Windows Server 2003, says Oscar Arean, technical operations manager at disaster recovery service provider Databarracks.
As the deadline looms (14th July) for the end of support for both Microsoft Windows Server 2003 and Small Business Server 2003, organisations are under pressure to assess existing IT infrastructures. According to the latest figures from the Cloud Industry Forum (CIF), however, almost 60 per cent of UK organisations are still yet to migrate from Windows Server 2003.
Arean suggests that caution, rather than complacency, might actually be the barrier holding back change, and to address this certain actions can be taken:
“As Windows Server 2003 reaches end of life, organisations are under pressure to make changes to their IT infrastructure in order to stay protected,” states Arean. “It’s clear from the research by CIF that a lot of organisations still need to act but are perhaps lacking guidance on the best way to do this.
“From the outset it’s important to communicate the risks of staying with Windows Server 2003. This includes the possibility of security breaches and potential data losses, as security patches will no longer be released to protect against vulnerabilities.
“Certain applications will no longer be supported by vendors, and these could also include your backup or replication software. While they may work fine for a while, if you do have an issue, the vendor won’t be able to help and your data may be unrecoverable. While there are security products available to allow you to keep Windows Server 2003, that option will prove expensive. Additionally, expect IT support companies to increase the cost of support of 2003 boxes.”
Arean continued: “The reality is for those yet to make the move, you must act now. As a starting point, you need to determine whether you have any existing servers running Windows Server 2003, what role they play in the business, and what applications are running on them. Tools such as the Microsoft Assessment and Planning Toolkit are a great place to start with this process.
“Then you have a few options, the first being simply to decommission your 2003 servers and migrate everything over to a brand new server running Windows 2012. Alternatively, you could move your applications onto other existing servers, but this isn’t a neat solution and if you do have difficulties, you might affect the applications already running on that server.
“You’re in a better situation if you’re already virtualised, and better yet if you have cloud services. Spinning up additional virtual machines is extremely low-cost, so it’s fairly simple to add a new server and migrate your applications over. But how much work this is depends on the types of servers and how many you need to move.
“Organisations operating lots of physical 2003 servers or bespoke applications that haven’t been upgraded yet will likely face the biggest challenge. To minimise the security impact, the government’s Cyber Essentials Scheme is a great way for smaller businesses to identify where the risks lie and find practical ways to improve.
“It is important that organisation have a clear view of all the options available to them prior to end of life next month. They need to be in a position now where they are able to make an informed decision for the sake of their business,” Arean concluded.
By Oscar Arean, technical operations manger at disaster recovery specialist Databarracks
About Databarracks
Databarracks provides secure Disaster Recovery as a Service, Backup as a Service and Infrastructure as a Service from UK-based, ex-military data centres.
Databarracks is certified by the Cloud Industry Forum, ISO 27001 certified for Information Security and has been named as a “Niche Player” in Gartner’s 2015 Magic Quadrant for DRaaS. For more information, please visit here www.databarracks.com
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.