Jun 02, 2015

What are the primary negative consequences for companies that fail to migrate from Windows Server 2003 before it reaches end of life?

Obviously there won’t be updates and patches, but aside from that, how will blowing the migration deadline on Server 2003 impact users? Wouldn’t a firewall help mitigate security risks? It seems to me that missing the deadline by a month or two wouldn’t really make that much of a difference. Am I wrong?
At this point it's clearly time to upgrade or replace Windows Server 2003. Focusing on consequences is really just procrastinating and delaying the inevitable.
You can risk it. We all thought there would be a flood of malware after XP reached EOL and it didn't happen. But do you want to chance it.

As I see it there are two big risks: non-compliance with regulation like HIPAA and PCI. That would bar you from doing business with other companies. Second, you may end up spending more money on workarounds like firewalls than if you just bit the bullet and made a migration.
Let's hope. A lot of people predicted that malware writers were sitting on exploits in Windows XP and would unleash a tsunami of malware on XP once it passed EOL. It never happened.

To me, there are two primary consequences. One, you will be out of compliance with a lot of regulatory laws like HIPAA and PCI because they demand a patched and up to date OS, which Server 2003 won't be. The other is that you spend so much money on workarounds to secure the server, like firewalls and intrusion detection, that you end up spending more money than if you just bit the bullet and migrated.
Answer this