Windows Server 2003 End-of-Support: Security Implications of Not Migrating

You’ve heard it before. You will probably hear it again. The end-of-support timeline for Windows Server 2003 is rapidly approaching.

As we mentioned in our recent blog post, migrating off of these dated servers should be made a priority for anyone who hasn’t already done so. Of the reasons to prioritize your server migration, one stands out above the rest as a serious concern with failing to migrate: security.
Server systems have historically thought to be isolated from external attackers, but the attack at the end of last year against Sony Pictures put an end to that illusion. Even a server with ZERO public facing services that is entirely behind a firewall is not safe from hackers or viruses. Sony’s internal financial and employee systems were compromised and employee pay status, personal emails, and social security information were leaked to hackers. What was exceptionally disturbing with this specific instance is that the attack was successful because Sony was using an outdated firewall. And they knew it.

Once July 14, 2015 hits and Windows Server 2003 instances are no longer supported, security vulnerabilities will increase, as will the cost required to keep these legacy systems operational and secure. In this blog, we are going to cover some of the specific security concerns that are in-play as the Windows Server 2003 reaches end-of-support.

  • System Vulnerability Implications – Once Windows Server 2003 reaches end-of-support status; Microsoft will no longer be making patches to address new vulnerabilities within the system. This means that as time goes on, your system will become increasingly vulnerable. And remember, as we mentioned in the last post, if your system falls victim to viruses, hackers, or other serious errors after the end-of-support date, you are on your own. Microsoft Customer Support cannot help you.
  • Regulatory Compliance Implications – if your business operates in a heavily controlled industry, you should already be aware of the importance of security compliance standards. As mentioned above, Windows Server 2003 will no longer be receiving security patches after the end-of-support date arrives on July 14th. This will leave you non-compliant with multiple industry regulations, including:
    • Sarbanes-Oxley
    • HIPAA
    • PCI (2&3)
    • ISO 27001
    • Cloud Security Alliance
  • Disaster Recovery Implications – Obviously, anytime you are dealing with a system that is more than likely only going to be experiencing increasing problems as time moves on disaster recovery and business continuity requirements need to be calculated in. Once the Windows Server 2003 is no longer supported, how do you plan on not only maintaining the servers but having a comprehensive disaster recovery plan?

These security concerns are major. While the concerns and risks associated with any server migration are significant, they are in-arguably tiny compared to the costs of what happens if your organization experiences a data breach because of an outdated system. Just having systems that are out of compliance alone could cost thousands of dollars in heavily regulated industries such as finance or pharmaceuticals where watchdogs are looking to impose fines.

With all of this in mind, why would anyone take that risk and not migrate? If you haven’t started your planning process, why are you still waiting? Get started on planning your migration process today. Contact Orion for help!

By | 2017-03-24T13:47:55+00:00 March 17th, 2015|Security|

About the Author: