There are many Microsoft technologies reaching End of Support in the near future–Windows 7, Office 2010, Windows Server 2008/R2, and SQL Server 2008/R2. With so many looming deadlines, we get a lot of questions about what the real dangers of not doing anything about end of support are.
As a leading Microsoft Gold Partner and IT Consultant, PEI strongly recommends our clients never run End of Life or End of Support hardware or software within their environment. Whether operating systems, servers, routers, or anything else, the risk of running end of support are large and can affect your entire environment.
When vendors announce End of Support or End of Life statuses, it’s important to re-evaluate your ecosystem and make a plan to start moving off the soon-to-be obsolete technologies to ensure mission-critical systems can continue to run optimally and securely.
When it comes to End of Support or End of Life (which I’ll be referring to as solely End of Support from here on for the sake of brevity), there are always a variety of different options available for organizations to move forward while accommodating their unique constraints.
A strong internal IT team or IT Partner, like PEI, can devise a business plan to mitigate the situation.
Many businesses hear, “End of Support” and believe their only option is to upgrade immediately, but there are actually many paths your business can take. Take Windows Server 2008/R2 End of Support, which gets here on January 14, 2020. Customers with Windows Server 2008 or 2008 R2 have several options for addressing end of support.
As you’ll see from the article, there are five reasonable options outlined, which cover everything from doing nothing—which of course we do not advise—to buying yourself more time on your current operating system or migrating workloads to Azure for increased cost savings.
Let’s focus on End of Support as a whole and discuss why continuing to utilize these kinds of solutions in your environment is overall a bad idea.
Compromised Data Security
This is by far the biggest reason why leaving end of support solutions in your environment is a terrible idea. Once vendors announce a solution is going end of support, hackers will identify it as a target because they know end of support technologies are no longer receiving security patches and firmware updates.
Why is that important?
Well, with the increasing frequency and sophistication of attacks on organizations these days comes the increase of patching and firmware updates to stop these attacks. Once something is end of support it immediately becomes vulnerable to all new attacks from that day forward.
Keeping end of support solutions in your environment means you are jeopardizing your entire eco-system to malicious cyber-attacks. When end of support technology is connected to other pieces of your environment, you’re giving hackers a way in to your entire environment. Essentially, you are leaving a window open for anyone to come in and steal your data.
Compromised Data Security
This is by far the biggest reason why leaving end of support solutions in your environment is a terrible idea. Once vendors announce a solution is going end of support, hackers will identify it as a target because they know end of support technologies are no longer receiving security patches and firmware updates.
Why is that important?
Well, with the increasing frequency and sophistication of attacks on organizations these days comes the increase of patching and firmware updates to stop these attacks. Once something is end of support it immediately becomes vulnerable to all new attacks from that day forward.
Keeping end of support solutions in your environment means you are jeopardizing your entire eco-system to malicious cyber-attacks. When end of support technology is connected to other pieces of your environment, you’re giving hackers a way in to your entire environment. Essentially, you are leaving a window open for anyone to come in and steal your data.
Decreased Productivity & Increased Maintenance Costs
Using end of support solutions can greatly decrease productivity for a variety of different reasons.
First, when something is end of support, it’s most likely older equipment with decreased performance stemming from long-term use as well as a decrease in updates. For Microsoft, technologies typically go end of support ten years after they’ve been released—ten years is a long time in the technology industry.
More importantly, with no technical support available from vendors and no new patches, end of support technology is more likely to fail due to its age. This can result in costly downtime and cripple organizations based on how critical to operations this piece of your environment is. If a mission-critical system goes down and never comes back up, your options are limited. It will be both costly and time-consuming to find an IT partner to fix the problem—meaning you’re losing significant money with the costs of downtime. This can be disastrous for smaller organizations or those not running proper backups or DR.
End of support also means the end of replacement parts and the beginning of ‘band-aid’ fixes. Once equipment reaches end of support, so does the equipment needed to replace it. This leads to purchasing through third parties or finding solutions that only temporarily fix issues.
Over time this happens more often, greatly increasing your maintenance costs and only delaying the need to eventually purchase new equipment. This is all while risking catastrophic failure within your organization’s ecosystem.
Non-Compliance
With each new generation of equipment and solution comes an increase of regulatory standards within the industry. It is imperative for an IT ecosystem to remain compliant with industry standards.
With next-gen equipment comes next-gen protection and functionality. This is vital for organizations that work within the government, financial, or health industries due to the strict regulations and the increased threat of a data breach. A data breach can lead to legal consequences that can have a large blowback or even cripple an organization.
End of support systems are non-compliant and can become increasingly problematic. Organizations not within the government, financial, or health industries may not have strict as regulations but can still suffer from a PR disaster that erodes the public’s trust. Even without strict regulations, your business might still collect customer data—like birthdays or payment information that needs to be protected.
Scalability Issues
End of support technology is also lacking in its ability to adapt as the surrounding technologies gain new functionality. As the volume and complexity of data centers increase, so does the need for newer and more advanced systems.
Utilizing end of support solutions leads to the inability to leverage IT improvements like advanced security, data processing, energy consumption, etc. Big Data and AI have been large trends over the past 2 years but many end of support solutions are unable to utilize the technology due to their age.
We’ve Heard the Why¸ but What About the How?
In short, we can never recommend using end of support technologies in your environment.
Of course, we do realize that there are many situations where business owners feel like their hands are tied. It’s not always as simple as knowing why you should get rid of a risky technology.
We frequently come across customers who are forced to keep an end of support solution because it’s the only platform that supports an essential application. In cases like this, it’s essential to build a plan to ensure protection of the organization and the users from the risks that come along with it. This needs to be a managed risk—think more strategic roadmap than lots of finger crossing–where all your security and disaster recovery bases are covered until you can upgrade your environment.
In any end of support situation, your IT team—internal or external–needs to proactively plan for migration to a current and supported system. It is not just problematic to ignore this, it’s reckless. If you aren’t sure the best way to road map your solutions, you can reach out to an experienced IT Services Partner like PEI.
A good first step from here is to identify if any technologies in your environment are or are soon to reach end of support. There are plenty of scans out there that can help with this—Use PEI’s Insight Assessment to identify any of these technologies. Our Insight Assessment is also helpful for keeping track of your environment if you’re not sure what’s in there.
Organizations like PEI can help ensure you are protected against any issues involving end of support solutions. If you need more information call PEI at 303-974-6829, contacts us online, or email us at info@pei.com.
Adam Lee, PEI