Business owners are generally aware that Windows Server 2003 has reached end of life—that is, the product is no longer being produced, marketed or supported by Microsoft. Some of these business owners, however, lack visibility into exactly which of their business applications are still running on this expired server, which can pose serious security threats to their organizations. In fact, the platform is being touted by multiple publications as the “biggest security threat in 2015.”
It’s disconcerting to think that mission-critical applications could be running on Windows 2003 unbeknownst to these business owners. This begs the question of what will happen to these businesses down the road, or even in the near future, when security updates are needed for this system that has been put to rest by its vendor. The answer is relatively simple: massive complications to daily business processes and significant revenue loss in the likely scenario of a security breach. Case in point, the average cost of an enterprise data breach in 2015 totaled $3.8 million, representing a 23 percent increase since 2013, according to the Ponemon Institute’s “2015 cost of Data Breach Study.”
In line with security best practices and protocols, here are three things business owners need to consider with Windows Server 2003 becoming end of life:
Security updates: Regular security updates for the server ended in July 2015. This represents a major security issue for enterprises still running core business applications on the system.
Integration: A lack of end-user knowledge can be cause for severe security concerns. Specifically, employees may mistakenly believe that Windows Server 2003 is isolated from their other technologies when, in actuality, it is network connected. As such, it is integrated with employees’ user networks, appearing as a “trusted server or application” but actually posing the threat of exposing them to security vulnerabilities.
Compliance: After July 2015 (meaning now), businesses still operating on Windows 2003 will not be in compliance with PCI standards. Not only can this negatively impact your business’s reputation, but more importantly non-compliance can lead to a costly data breach that your organization simply can’t afford.
The message for business owners still running business apps on Windows 2003 is simple: Now is the best time to begin strategizing for how to protect your organization against these security risks—in preparation for year-end budget planning. What drove you to invest in Windows 2003 is likely not what is driving your business decisions today. Rather, your business initiatives should be constantly updated as your company evolves. This requires new and better-suited technologies.
So, in which technologies should you invest your IT dollars next year? Stay tuned for Part 2, where I will go over four questions that business owners should ask in order to answer this question.