Compliance and Risk: The Time for Migration Is Upon Us

Upgrade Your Server Strategically to Avoid Penalties


Of the nearly 9 million Windows Server 2003 systems still running as of last month, it is estimated by security firm Bit9 that about 2.7 million will still be chugging away after July 14, 2015—the official and final end of support (EOS) date for Windows Server 2003. For some organizations there has been little incentive to upgrade. Others have been struggling with shrinking IT budgets. And many smaller organizations don’t have in-house IT or are completely unaware of the looming EOS date. What does this mean for your organization? In a word, risk.

First, there’s the risk to the servers themselves. Without security patches, Windows Server 2003 will become a primary target for organized hackers looking to benefit financially from uncovering the information stored on those obsolete servers. And since these systems lack the virtualization and compartmentalization tools that can isolate one program from another, clever hackers can remotely encrypt every file on the server and then seek a ransom for the decryption key. 

There’s also the risk of failing an audit related to governance or regulation. Whether consumer credit card information protected by PCI, health information protected by HIPAA, or financial information that’s covered by Sarbanes-Oxley (SOX), regulatory guidelines are nothing to be trifled with. Businesses that cannot demonstrate they are taking the steps necessary to secure protected information could face fines as well as loss of licensing, adding insult to injury.

A third area of concern is older application code. Software written for decades-old operating systems often does not receive the same level of support from developers—both internal and external—as software written for a current OS—such as Windows Server 2012. The result can be orphaned code that is itself vulnerable, with little chance of patches for obsolete versions running on rusting hardware.

So, risks abound and include an infrastructure that can be compromised, aging code that exposes new attack surfaces, and inaction that leads to expensive penalties.  Clearly, the time for migration is upon us.

Begin your upgrade strategy by assessing your current infrastructure inventory to learn what application and middleware workloads are running on which obsolete platforms. Once your inventory is in hand you can rank the importance of each workload to the organization and determine whether or not older custom or orphaned code can be replaced by more modern, off-the-shelf applications. Then, armed with that knowledge you can determine the new target environment—usually a virtual server deployed on a Windows Server 2012 system—for each workload. Simple, right?

For most organizations, turning to a trusted partner for help with migration makes sense. Leveraging years of migration experience can accelerate the process immensely and provide a safety net to ensure the compliance and security for your programs, data, customers, and users.

That’s where Lenovo can help. Working with their industry-leading System x servers, Lenovo teams have managed countless migrations, ensuring the maximum safety of each organization’s data before, during, and after switchover to new Windows Server 2012 servers. Lenovo’s team of experts can help you assess your existing servers and applications and source exactly the right configurations to consolidate server workloads to drive up efficiency—even as you improve your overall application and server security.

To find out how Lenovo can help lower your risk while improving IT performance, reach out to us today.

With the end of support date for Windows Server 2003 fast approaching, there's never been a better time to plan your data center transformation. Our experts have designed this helpful tool to get you started on the right upgrade path for your unique environment, applications, and workloads.
Drexel and CIO.com announce Analytics 50 award winners
View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies