24m servers at risk in most significant IT refresh of the 21st century so far

21 Jan 2015

Small businesses are most at risk of security breaches and apps crashing when Microsoft ends support for Windows Server 2003 on 14 July. The issue affects 24m servers worldwide, including 23,000 in Ireland.

Less than 175 days from now Microsoft will end support for Windows Server 2003, leaving businesses vulnerable to security attacks, which in turn could have privacy and data protection implications for customers of these businesses, for example.

The upgrade issue has been described by the CIF in the UK as “the most significant IT refresh of the 21st century.”

According to Microsoft there are 23.8m instances of Windows Server 2003 running on more than 11.9m physical servers.

This accounts for 39pc of the entire Windows install base.

In Ireland there are 23,000 servers running Windows Server 2003 in 2,800 companies, most of whom are SMEs. This suggests many firms are running legacy servers using a 12 year-old operating system.

“From 14 July Microsoft will no longer be issuing security patches for Windows Server 2003,” explained Art Coughlan, business group lead for Cloud and Enterprise at Microsoft Ireland.

“If they are running mission critical apps that are important to a business those apps will immediately become non-compliant.

A key danger of this situation, especially for firms that have begun engaging in e-commerce, is that 11 years ago the four major credit card companies in the world have implemented PCI DSS compliance rules under which if systems are compromised due to non-compliance the businesses themselves will have to foot the bill if customers’ details are stolen.

While many businesses are aware of the issue in Ireland, by the time support for Windows Server 2003 ends in July Microsoft fears there are likely to be 3,000 servers that will still remain exposed because they weren’t upgraded.

“The majority of servers running Windows Server 2003 are aged. The danger is that because firms tend to centralize data on servers, app architectures talk to other servers in other organisations. If any one server in that chain is not up to date then the risk can propagate.

“This could lead to reputation damage, data leakage and even the smallest business in Ireland would have sensitive data on a server.”

E-commerce and privacy risks

Coughlan said that Server 2003 moved out of mainstream support in 2010 so firms had a long time to realise that support would finish in 2015.

He said that in the intervening years data regulations have changed and a big issue under Irish and EU data protection rules is where customer data is being stored.

“The majority of SMEs have a small number of apps sitting on servers and they need to work with their app providers to establish an updated version of apps that will work with Windows Server 2012.”

Coughlan said that there are lots of practical reasons for migrating to a more up to date server operating system.

“Servers today consume half as much power and a server today will run at least 20 virtual machines for the same power footprint as a dedicated server in 2003.

“Anyone still running Windows Server 2003 is running a huge risk, but they are also missing out on the latest mobile and cloud trends,” Coughlan warned.

System crash image via Shutterstock

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years