Next week on 14 July, Microsoft will cut ties with Windows Server 2003, ending security and compliance updates for the widely-used enterprise operating system. Despite the risks, 61 percent of businesses globally continue to use Server 2003, and many will continue leveraging the operating system after the fast-approaching end-of-support date, putting their systems and sensitive customer data in danger.
Migrating an enterprise to a new operating system is challenging. However, these challenges pale in comparison to the cost and resources it takes to maintain and protect an outdated platform. To help businesses migrate smoothly and securely, Symantec, a global leader in information security, compiled six Windows Server 2003 end-of-support considerations below.
- Understand the extreme risks of neglecting to migrate. Running Windows Server 2003 past Microsoft’s end of support puts entire enterprise environments at risk. It exposes organisations to cyber-attacks that exploit vulnerabilities in legacy operating systems as well as data breaches. Additionally, systems could become unstable due to compatibility issues with newer hardware and software, and organisations could face compliance issues.
- Security in Place. Migrating is no easy task. In fact, Microsoft estimates it takes 200 days to migrate systems off Server 2003. Companies who can’t migrate before July 14 should harden their systems running Server 2003 by deploying solutions like Systematic Endpoint Protection, which will continue to support Server 2003, and Symantec Data System, which will lock down applications running on legacy systems. This is more secure and cost effective than signing a Custom Support Agreement.
- Map it out. Today’s enterprise environments sprawl across fragmented environments and geographies, and there could be companies using Windows Server 2003 without knowing it. All enterprises should assess their entire environment to capture a full picture of systems that need to be migrated and develop a plan accordingly.
- Complete a pilot migration. Once a migration plan has been crafted, enterprises should consider running a pilot migration to work out pain points in a controlled environment. Small, remote environments are best for a pilot migration, and it’s critical to involve both IT and end users.
- Consider updating the certificate infrastructure. If an enterprise is using a Windows Server 2003 certificate authority or struggling with the transition from SHA-1 to SHA-2 certificates, it’s a good opportunity to consider an alternative solution that’s easier to manage. If it hasn’t already made the switch to SHA-2, the organisation is issuing certificates that Microsoft and Google will soon stop trusting. Solutions like Symantec’s Managed PKI Service can strengthen the company’s security, while reducing the complexities of managing an on premise CA.
- Back it up. Before any migration occurs, enterprises should back up their data to ensure critical information is safe should something go wrong during the migration process. Enterprises could also consider updating their storage systems to newer physical servers, virtual servers or the cloud.
You can find more information on Windows Server 2003’s EOL here.