For the past couple years we’ve been helping organizations across the US rid their environments of Microsoft Windows XP. That’s gone very well and has provided a launch board to ensuring more HIPAA Covered Entities are using fully Encrypted Workstations.
The next big operating system slated for retirement is Microsoft Windows Server 2003. While that product name may lead one to believe that the retirement of something this old will be of little consequence, Server 2003 actually continues to be an incredibly popular platform. Alas, Microsoft has communicated that support for this product will end on [highlight]July 14, 2015[/highlight].
When faced with a loss of software producer support organizations generally have three options 1) do nothing, 2) abandon the platform altogether, or 3) upgrade to a supported version.
#1. Do Nothing
Many organizations can and simply will do nothing about this. Similar to what we’ve witnessed with Windows XP, Windows 2000 Professional, and Windows 2000 Server, Microsoft’s warnings aren’t enough to ensure that every instance is eradicated. Innumerable instances of Windows Server 2003 will live on for many years to come.[one_half]
• No cost
• Nothing to do (except maybe cross your fingers)
• No way to patch systems in the event that a security vulnerability is found
• May be incompliant with your documented HIPAA Security systems patching policy
#2. Abandon Windows Server
Take a look at the rise of services like Dropbox, Google Cloud Print, Box.net, Chromebooks, Google Apps, Office 365, OneDrive, etc. While none of these are direct 1 to 1 replacements for the features offered in a traditional Windows Server they’re gaining ground fast and chipping away at some hearts, minds, and wallets of Windows Server small business customers. If your needs are basic, your users are flexible, and you’re ready to undergo the task of regulatory compliance checking, this can be a great route.[one_half] Good:
• Immediate modernization
• New features
• Introduction to infrastructure wherein you’re inclined to always have the latest and greatest
[/one_half] [one_half_last] Bad:
• New costs, licensing fees, training
• Unlikely to be a 1 to 1 feature match; some internal workflow may need to change
• Cloud service / storage / authentication may not comply with internal security policies
#3. Upgrade to a Supported Version
This option refers to completing either A) a traditional operating system upgrade procedure or B) a project that eventually results in migrating data and services to newer version of Windows Server.
This path can get a bit in depth. Organizations need to work with their software providers and IT support providers to choose an appropriate version of Windows, striking a balance between modernity and compatibility. In other words, organizations are incentivized to implement the most modern of versions, but most application developers don’t support the latest and greatest. Additionally, organizations get to look forward to a whole new round of software licensing to remain compliant with Microsoft. This can include new Windows Server Client Access Licenses fees, new Windows Server license fees, new licenses for applications that aren’t compatible with the newer versions of Windows, etc.[one_half] Good:
• Staying within Microsoft’s support lifecycle
• New features
• Microsoft licensing costs
• Migration / upgrade labor costs
• Continued participation in a cycle that will have you repeat this process in 5 to 7 years
Whatever route you choose, be sure to that your IT support provider is fully aware of all requirements surrounding your critical business processes. Additionally, know that this will come down to a balance your organization must strike between risk and cost.