Almost a fifth of businesses in Australia and New Zealand may still be running Window Server 2003 despite support ending on July 14, a Telsyte study has found.
The study was commissioned by Dell and involved surveying with 250 IT managers at A/NZ businesses.
The end of support for Windows Server 2003 means that Microsoft will no longer provide automatic fixes, updates or online technical assistance. Security updates will also end.
“When support ends in 2015, bug fixes will be at a cost to the customer and many IT managers will not take action until an issue has been raised. Not receiving timely bug fixes and patches will put organisations at increased risk of security breaches, especially as attackers will know about the potential security holes,” said Dell data centre and cloud practice lead Dean Gardiner.
According to the survey, 27 per cent of IT managers did not believe they would be liable for a lack of compliance once support ends for Windows Server 2003.
“To meet legal and regulatory requirements, many organisations will have to pour resources into monitoring and isolating any servers that run Windows Server 2003 or older," Gardiner said.
"Audits of systems running outdated software can often cost more than the licenses for newer software. Sometimes auditing tools can run into several hundred thousand dollars depending on large the environment is and how many users there are," he said.
The study also asked IT managers why they have not migrated to newer versions of Windows Server. Reasons given included application support requirements, cost and time the systems would be offline.
On 12 January, mainstream support for Windows Server 2008 ended, which means businesses have five more years of extended support.
Thirty one per cent of respondents said they were unaware Windows Server 2008 support had ended and 40 per cent did not know that extended support ends on 14 January, 2020.
"The challenge with 2008 is that there is a difference between the 32-bit version and the more current 64-bit versions," said Gardiner.
“The 32 bit version of 2008 went out of support a while ago. IT managers should continue the migration process because it doesn't make sense to be stuck with the same problem in three years' time."
Many IT departments are challenged by support demands and leaving operating system upgrades for the “best time", said Telsyte senior analyst Rodney Gedda.
“The problem with leaving server upgrades languishing is it opens a larger window of risk – everything from malware attacks to inadequate data protection. Businesses should keep their software updated to focus on using IT to add value,” he said in a statement.
Seventy per cent of businesses intended to upgrade their server operating system in the next 12 months, with 77 per cent intending to upgrade to Windows Server 2012.
Of those looking to upgrade to Windows Server 2012, 85 per cent of respondents said it presents an opportunity for a hardware refresh and 55 per cent expect to conduct a significant overhaul of their systems.
Symantec senior principal systems engineer Nick Savvides said that migrating off Windows Server 2003 is no easy task and could take up to 200 days.
“Companies who can’t migrate before July 14 should harden their systems running Server 2003 by deploying solutions like systematic endpoint protection, which will continue to support Server 2003. This is more secure and cost effective than signing a custom support agreement,” Savvides said.
He added that today’s IT environments sprawl across fragmented environments and geographies.
“There could be companies using Windows Server 2003 without knowing it. All enterprises should assess their entire environment to capture a full picture of systems that need to be migrated and develop a plan accordingly,” Savvides said.
Once a migration plan has been crafted, enterprises should consider running a pilot migration to work out pain points in a controlled environment, he said.
“Small, remote environments are best for a pilot migration and it’s critical to involve both IT and end users.”
Before any migration occurs, enterprises should back up their data to ensure that critical information is safe should something go wrong during the migration process.
Enterprises could also consider updating their storage systems to newer physical servers, virtual servers or the cloud, Savvides added.
Follow Hamish Barwick on Twitter: @HamishBarwick