In July support for Windows Server 2003 came to an end. Softchoice, a company based in Toronto analyzed nearly 90,000 servers at more than 200 organizations discovering that outdated technology is widespread across data centers.
Nearly a month before Microsoft's July 14 deadline ending support, Softchoice found that 21% of servers scanned in the first half of 2015 were still running on that operating system. It doesn’t help that upgrading from Windows Server 2003 to 2010 or 2012 used to be a linear upgrade yet today the migration path is more complicated.
There are risks that aging hardware and software pose in the data center. When systems like servers, networking equipment and operating systems are no longer supported customers are exposed to data security vulnerabilities, reduced server and storage performance and increasing costs to maintain the old equipment.
The justification for hanging onto these old systems isn’t just the potential disruption caused by upgrading. Many legacy applications may not be supported on the upgraded infrastructure or perhaps a device is “only” being used as a file or print server. It’s clear that the focus for businesses is to ensure that IT systems are “good enough” to do the job and not necessarily at the bleeding edge.
This does increase concerns around security and compliance though, as these legacy operating systems are more vulnerable to attack from outsiders. Many regulations do require compliant devices to be running supported software, so upgrading those may be vital. Shoring up external defences like firewalls and intrusion prevention might help to address some of these risks too.
Given that outside attackers are looking to get access to resources on the inside controlling access to these outdated systems becomes important. You can reduce the attack surface significantly by ensuring that older servers are only connected to those other network resources that are absolutely necessary. The number of users who can access them should also be tightly controlled. A privileged access management solution will help you remove access for those that don’t need it as well as hiding away any old service accounts that may have been shared around in the past. A tool like this should obviously be able to work seamlessly and unobtrusively with any older operating systems, meaning you can increase security without having to interrupt or put businesses processes at risk.
If upgrading outdated systems isn’t an option in your infrastructure then it’s vital to consider all of the options available to increase your security and compliance posture to reduce your ultimate risk.