in

Microsoft Sunset Party: Preparing for End-Of-Life Deadlines

Gordon Davey, General Manager – Azure Cloud Services at SoftwareONE

Digital Transformation among businesses during the pandemic was a watershed moment – and in 2022, businesses are still grappling with the persistent nature of managing a digital transformation.

Many IT leaders are realising that this transformation will be a continuous part of their scope of work for years to come and that nothing regarding IT is built to last forever. This is especially true for enterprise-grade computer hardware and software, and keeping programs that have surpassed their End of Life (EOL) is extremely hazardous – something that is now impacting more and more businesses every year.

Last month Microsoft reminded its users of the end-of-life deadline date on August 8, 2022. It means that the semi-Annual Channel (SAC) version of Microsoft’s server no longer receives updates including security patches. In fact, running EOL software on enterprise networks increases risk in several sectors, including security and compliance, raises costs, and can leave businesses hobbled as support becomes limited and feature sets atrophy. 

Therefore, many organisations are increasingly looking to mitigate EOL risks and issues by seeking support from Microsoft partners to understand their options.

Time is running out and businesses are making options under pressure.

The headache of dealing with EOL software is an issue that many organisations are currently facing as the extended support on both Microsoft’s SQL Server 2012 and Windows Server 2012, begin to expire: 12 July 2022 and 10 October 2023, respectively.  

The options available to businesses, in this case, illustrate well the strategic decisions that have to be made when it comes to EOL software in general. 

  • Option 1: Stick with an on-premises approach. This means paying for Extended Security Updates now and being ready to address the problem in a few years when that deadline arrives. 
  • Option 2: Migrate to the cloud, stick with Microsoft software, and move your company data to SQL Server 2019. Migrating to Azure Virtual Desktop for example enables an organization to benefit from Platform-as-a-Service technology that handles automatic patch and maintenance updates saving operational time and effort.
  • Option 3: Migrate to the cloud, and explore application modernization options. Much like the discontinuation of Windows 7 and 8.1, Microsoft and its partners are at hand to help users understand the benefits of upgrading to newer products and services. The greatest benefit is the heightened security of upgrading to new Microsoft products. Highlighting the security risks of outdated and unpatched software is a sure-fire way of persuading users to look at newer upgrades. As well as the retirement of version 20H2, the Windows Server SAC will be axed as the company moves towards its Long-Term Servicing Channel (LTSC) “as the primary release channel.

Microsoft is recommending that its customers upgrade to Windows Server 2019 or Windows Server 2022 for the latest LTSC experience, however for more frequent updates, it recommends moving over to Azure Stack HCI.

The risks and issues of running EOL software  

The headline reason running EOL software is highly undesirable concerns the range of security issues it creates. Once software falls off its provider’s support list, that means that all security fixes and enhancements cease. Given the constantly evolving security threat that companies are facing this is a huge problem. New threats are emerging on an almost daily basis — cybercrime is forecast to cost the world $10.5 trilliona year by 2025 — and software that is not constantly being patched and maintained is vulnerable to hackers. That threat encompasses everything from ransomware attacks to breaches that could compromise sensitive customer information and proprietary business data and the resulting impact on your global brand. 

While businesses may think they have some time before they need to take action when an EOL date is announced, it’s strongly suggested that they create a plan immediately. For example, when Microsoft announced it was ending support for Windows 7, many organisations struggled to upgrade to Windows 10. As a result, complications arose for those who didn’t prioritize upgrading. This is because EOL software poses various major security threats if left unchecked. When a particular software is retired, manufacturers no longer supply patches, bug fixes, or security upgrades that threat actors use as backdoors into networks and systems. Think about it this way – if your organisation is your house, EOL software is the easily evadable, out-of-date security system you put in place 10 years ago.

During the pandemic in 2020, digital transformation was imperative. Organisations everywhere had to figure out how to pivot their transformation strategies and as a result, EOL software often fell off the to-do list. However, identifying and removing any instances of EOL or EOS across the board is the only way to ensure cybercriminals won’t leverage vulnerabilities within retired software. Hackers have become more sophisticated than ever and finding a weak spot in EOL software is easier than one may think. This is exactly why your organisation should avoid giving threat actors the opportunity in the first place by discontinuing the use of EOL software.

Prevention is the best cure – but it’s never too late.

Creating and nurturing a mature Software Lifecycle Management (SLM) strategy is the key to helping businesses intuitively understand the best way to manage contracts and costs, mitigate risks, and fine-tune their governance processes. This will allow IT leaders to act quickly the moment EOL is announced, and even anticipate it ahead of time. However, if it’s a little too late for that, don’t hesitate to undergo penetration testing.

For example, we offer Vulnerability Assessments and Penetration Testing that are designed to provide our customers’ teams with an in-depth analysis of discovered vulnerabilities across internal and external networks. This, in turn, helps mitigate the risks associated with your current EOL software. Whether they need to take a proactive or reactive approach, our experts are always standing by to assist every step of the way.

Businesses might feel blindsided and overwhelmed by an EOL announcement as it likely requires their organisation to completely reorient its entire software estate. Proactive action will help them create a clear path forward to ensure ongoing security, compliance, and performance. And when a business stays ahead of EOL dates, their entire organisation will always benefit.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Loading…

0
Web Scraper, Proxy Server, And All In One Tool!

Web Scraper, Proxy Server, And All In One Tool!

Digital Element Enhances Nodify™, Providing Security Teams With Industry Leading Insights Into Criminal VPN Usage