The pyramids in Egypt and the Great Wall of China were built to last forever. Computer hardware and software? Not so much. IT departments typically replace their workstations, servers, and technology infrastructure when they begin to slow down, stop receiving vendor updates, and fall out of warranty. CyberHoot was asked recently why a client should upgrade their aging Windows 2003 server so we looked at it more scientifically and drafted this blog. Let’s take a look at the many reasons behind this common recommendation to upgrade.
First among the reasons businesses should upgrade their hardware and software is when a vendor stops supporting it. That can be from a hardware and replacement part perspective or it can be from a software development perspective.
Windows Server 2003 went EOL/EOS in July of 2015 which means Microsoft has not been developing patches or compatible software for that OS for over 5 years now. Hardware running that age of operating system is very likely to be antiquated, slow, and difficult to find replacement parts should something break. Unlike a car, where parts are available for decades, computer parts stop being manufactured shortly after the hardware is retired by the vendor. CyberHoot is aware of circuit boards for 1980’s mainframes that cost $5000.00 when new but sell today for over $1,000,000 due to their scarcity. EOL and EOS hardware and software become increasingly more expensive to maintain. They cannot be fixed in some circumstances due to parts being unavailable.
Another well-known and cited problem with EOL/EOS software and hardware is the lack of updates and patches, causing those operating systems (OS) to become highly vulnerable to security threats. No software ever written was perfect and businesses must plan on deploying patches regularly and urgently when a security risk is announced by the vendor. EOL/EOS cannot get such fixes leaving companies non-compliant with industry requirements and sitting ducks for a single successful phishing attack which could take the entire network down.
Beyond unavailable replacement parts, security patches, and poor performance, companies will not be able to run mission critical software solutions on aging hardware due to incompatibility. Older operating systems like Windows 2003 Server cannot even run current Commercial Off The Shelf (COTS) software due to its age.
These are the big reasons, but there many other important and hidden risks to not upgrading and staying current with your Information Technology (IT) infrastructure. CyberHoot has researched and documented these for your review. These risks, in no particular order of importance include:
- Easy Hacker target for compromise due to missing/unavailable security fixes
- Older hardware is highly prone to catastrophic failure (power supplies, hard disks etc.)
- Increased downtime duration during recovery activity because HW/SW can’t be found or is not available for download (original media for install may be lost)
- Compliance and audit failures if audited
- Loss of brand/reputation made worse by extended down-time or inability to recover critical data
- Accumulation of technical debt makes future changes and upgrades much more difficult and longer to do (if its even possible)
- Inferior performance and hardware reliability
- Incompatible software you may wish/need to run
- Support is unavailable for troubleshooting
- Prevents digital transformation: Cloud-enabled services cannot be used. For example, Windows Server 2003 cannot talk to Azure AD
- Staff frustration from a lack of investment in their productivity and support