Windows Server 2008. In 2021. Its time to move on ...
Are you still running End-of-Life (EOL) Windows Servers? Because I am seeing a lot of these servers still out in the wild, and many are running core applications and services on them.
Windows Server 2008 and 2008 R2 went EOL in January 2020, because time moves on and its not 2008 anymore, and hasn’t been for quite some time. So, what does this mean? Well, any instances running these versions of Windows Server are no longer supported by Microsoft—no more automated fixes, no more updates, no more technical support. That should be all you need to know. That should be the red flag to migrate or upgrade to something a little more recent. That should be the end of this blog even…
… still here? I shall continue then...
Why can’t I just keep running an unsupported OS?
Well you can, but that doesn’t mean you should. Here are some reasons:
Your server will be a prime target for cyber crime
An operating system end of life date is a landmark date for those in the business of cyber crime. Hackers and the like will be all over it, because they know there will still be plenty of organisations now operating with no patch support. They'll have a field day exploiting vulnerabilities that will no longer be fixed. This leaves you with a higher risk of a data breach and the costs and inconvenience that come with it. Unpatched vulnerabilities are one of the largest causes of data breaches that organisations experience. You are essentially a sitting-duck for hackers.
Possible breach of data security compliance
If you’re subject to some form of data security compliance … our organisation has ISO27001 for example, but there are many others, you’ll find that storing and accessing data with unsupported operating systems means you’re now out of compliance and could face stiff penalties as a result. Data privacy regulations require that you take safeguards against a data breach and one of the basic ones is keeping your devices updated with security patches to prevent exploits of vulnerabilities.
Difficulties with software upgrades
Software applications often have updates that provide not only helpful new features but also keep you in sync with others that use the same types of technology. When you’re running an outdated operating system, there will come a time when you click to apply an update and the software tells you that your operating system is no longer supported.
Support will be harder to find
The longer you take to upgrade, beyond the EOL date, the more difficult it will be to find support for an operating system. Some providers may not want to work on outdated operating systems because they know how vulnerable they are to viruses, exploits and other attacks. And you won't endear yourself to any IT engineers who are called upon to support such systems when they break. You're getting an eye-roll and a large dose of sarcasm coming your way at the bare minimum.
You’re being left behind
Newer operating systems come with new features and different ways and approaches of doing things. And an updated OS will protect your data in more robust ways than its predecessor. When you stay with an outdated operating system rather than upgrading, you end up missing out on advances that could save you, your users, and your customers time and productivity.
Last resort
There is a last resort if you want to kick the can down the road a bit more, which involves drinking the Microsoft Kool Aid and splashing some cash. This from the Microsoft website:
Customers who use Windows Server 2008 or Windows Server 2008 R2 products and services should migrate to Microsoft Azure to take advantage of three additional years of Critical and Important security updates at no additional charge and modernize when ready. For environments other than Azure, we recommend customers upgrade to the latest version before the deadline. For customers who cannot meet the end-of-support deadline may purchase Extended Security Updates to keep server workloads protected until they upgrade (some restrictions apply).
Of course you could do this, but you are delaying the inevitable. Much better to put the effort into upgrading or migrating on your own terms, or be forced to do it when your IT system(s) are compromised, which is the worst time. Or you will be simply left behind.