Every device has an end-of-life date, just like the products you buy at the supermarket. Microsoft end-of-life dates are easy to find, but it’s vital to understand what they mean for your business. Computers and servers are the biggest spends associated with Microsoft’s end-of-life. While these two systems are very different, the impact of the end of service life is very similar. Generally, a computer comes with one of two operating systems. You’ll either get a Mac running Apple’s operating systems or you’ll get a PC running Windows. Both operating systems get updates regularly.
You’re Taking on Water
We’ve all seen the pop-ups warning of impending updates. The device will give you the option to install and restart now, set a time for later, or snooze. These updates contain security patches and bug fixes for your operating system. This helps keep your device and in turn your network more secure. A security patch is rolled out when a weak point is found within a system, sort of like welding a leak on a ship. If that leak isn’t fixed it will cause problems later. When a Windows device reaches, one of Microsoft’s end-of-life dates it means the company is no longer patching those weak points.
It’s easy to look at this and go “it’s a small leak, no big deal.” Plugging the leak (think antivirus and firewall) won’t be enough. When an OS reaches the end of service life, a whole army of threat actors is waiting to find and exploit these weaknesses. Suddenly you’re cruising around in a vehicle known to have a weak spot. By not updating the OS, you’re leaving yourself and your company vulnerable to attacks.
It Can’t be that Easy
Once a known weak spot is found, threat actors immediately seek out as many machines still running this OS as they can. Since they already know exactly how to exploit this weakness, they make quick work of gaining access.
Servers are no different. Just like a computer, servers have both a physical housing with accompanying hardware and software that makes them function. The operation system, or software, within the server has an end-of-service life date that looms on the horizon. Currently, Microsoft server life is about five years of regular support with an additional five years of optional extended support, which can be very pricey. After this support comes to an end, your company’s out-of-date server becomes a huge target full of private data.
Remote workers present additional weaknesses to your organization too. Companies with BYOD policies should track the operating system of every device being used to access any part of the business and require those machines to be within their support life.
My Company is Too Small to be a Target
You’re wrong. There’s no sugarcoating this. You’re wrong. Every company should consider itself a target for threat actors because data is valuable. If you can’t see the value in your company’s data, it’s because you are the value. Say you have a data set that is truly lacking in value to the general public. It’s still valuable to you, making it a great ransomware target. Your data is valuable, and your company is not too small to be a target.
Outside of becoming an even bigger target than you already are, failure to update end-of-service life devices will hamper your productivity. Programs work with certain operating systems. Let’s say you buy new accounting software for your tax firm. You’ve replaced several machines recently, and the software works great on your Windows 10 machines, as it was designed to do. However, you’ve got five employees working off Windows 7. They’re struggling because the software isn’t designed for that operating system. You’ve drastically reduced the productivity of 5 of your employees. If one of their devices crashes while they’re working, you’re less likely to recover everything that was on the machine.
Microsoft End-of-Life Costs
As mentioned above, there is regular support and extended support. Extended support is expensive. For an EOL 2012 server, the extended support cost by year goes as follows: one year = 75% of the initial license cost, two years = 100 %, and three years = 125%. The kicker is after three years you still must purchase a new server. It makes far more sense to purchase the new server. It’s important to note EOL 2012 servers are already past extended support and should be replaced asap.
Let’s say you choose not to update, still believing your company isn’t a target. Your company suffers a cybersecurity incident. We’ll say ransomware. A threat actor has gained access to your system and had some time to do some digging around. Now, they know exactly how much cash on hand your company has. They would then attempt to ransom your data for that exact amount of money. Here’s the real kicker, they’re a criminal so you pay that money, who’s to say they return your data? How do you know they didn’t install a foothold in your system to do this again? How do you know the software they’re using will even work? It’s not like hacking software is regulated.
End of Service Life: The Bigger Picture
Another huge cost to consider is your company’s reputation. Both your customers and vendors now have to analyze the risk of doing business with you. “But we have Cybersecurity insurance.” Cybersecurity insurance doesn’t cover relationships and reputation. It also doesn’t insure your data.
Yet another cost: compliance. That’s right; your compliance depends on supported computer and server operating systems. HIPAA Journal gives detailed look at the cost of a HIPAA violation. If you’re keeping track, we’ve now spent the cost of data recovery, the downtime, and loss of productivity, the loss of trust with both vendors and clients and the fines. Don’t forget the hacker knew how much cash you had and leveraged it against you. This is a potentially business-ending incident.
Products You Need to Prepare For and Steps to Take
Microsoft has a well-established End-of-Life policy that outlines the lifecycle of its products. The policy provides businesses ample time to prepare for product retirement and migrate to newer versions or alternatives.
The Microsoft End-of-Life policy affects a wide range of products, including operating systems, servers, software applications, and cloud services. Some of the most popular products that have reached or are nearing End-of-Life include:
- Windows 7
- Windows Server 2008 R2
- Microsoft Office 2010
- Exchange Server 2010
- SharePoint Server 2010
If your business relies on any of these products, it’s crucial to take action to ensure that your systems and data remain secure. Here are some steps you can take:
- Identify the products that are nearing End-of-Life or have already reached it. Microsoft provides a comprehensive list of its products and their lifecycle on its website.
- Develop a migration plan. This plan should include a timeline for transitioning to newer versions or alternative solutions. It’s essential to consider compatibility, training, and budget factors.
- Prioritize security. End-of-Life products are vulnerable to security threats and cyber attacks, as they no longer receive updates and patches. Make sure to implement robust security measures, such as firewalls, antivirus software, and intrusion detection systems.
- Consider the cloud. Many businesses are migrating to cloud-based solutions like Microsoft 365 to address End-of-Life concerns. Cloud solutions offer several advantages, including scalability, accessibility, and automatic updates.
- Get professional help. Migrating to new systems and solutions can be a complex and time-consuming process. Consider partnering with an IT provider that specializes in Microsoft products to ensure a smooth transition.
Microsoft End-of-Life is an essential consideration for any business that uses its products. By understanding the policy, identifying affected products, and taking proactive steps to migrate and secure your systems, you can avoid potential risks and ensure your business continues running smoothly. With the right planning and support, you can make the most of Microsoft’s products and services for years to come.