Microsoft will officially end extended support for Windows Server 2012 and 2012 R2 in October of 2023, meaning the company will stop providing users with critical security updates and patches.
Organizations that continue to leverage Windows Server 2012 and 2012 R2 after this date will become increasingly vulnerable to cyber attack and compliance risks.
Any business that is still running Windows Server 2012 and 2012 R2 needs to institute a migration policy as soon as possible. Migrations can take months to years to complete – depending on the number of servers and the size of the company.
IT execs without an upgrade path will soon find themselves at a critical “point of no return” that may leave their business and their executives personally liable for the risk caused by unsupported servers.
The Dangers of Letting Support Expire
When Windows ended support for Windows 7 in January 2021, the US Federal Bureau of Investigation issued a warning to industry users that the platform had become unsafe.
“As time passes, Windows 7 becomes more vulnerable to exploitation due to lack of security updates and new vulnerabilities discovered,” the FBI notice said. “With fewer customers able to maintain a patched Windows 7 system after its end of life, cybercriminals will continue to view Windows 7 as a soft target.”
As expected, hackers thrive in attacking environments that no longer receive security support. These attacks do not just hit the technology product in question, but also serve as an entry point into your entire enterprise.
Related: What IT Pros Need to Know About Windows Server 2022
That was the case in 2018 when Zoll, a medical device vendor, sued Barracuda Networks. Zoll contended that Barracuda failed to manage a server migration properly, leaving the data of more than 275,000 of its users exposed.
As a result of those failures, Zoll is now liable for injury and damages incurred by its patients because of the breach. Failing to ensure all systems remain in compliance can put your company at risk and for senior management, possibly even making them criminally liable in the case of a security breach on unsupported OS’s.
Along with security challenges, there is also the loss of functionality. Your organization relies on Windows Server 2012 or 2012 R2 to run applications and manage data on a daily basis. Microsoft’s Modern Lifecycle Policy calls for an organization to use the most current and updated applications. However, when those applications are updated, they are done without outdated servers. This creates issues in performance, compatibility, and reliability.
The Best Options for Migration
If you find yourself behind on the migration for Windows Server 2012 and 2012 R2 there is still time to act. Microsoft offers four primary ways for users to transfer data and applications to a new server platform. These include:
- An in-place upgrade is where you keep the same hardware (if possible) and all server roles. If you’re moving to Windows 2022 from Windows Server 2012, you’ll have to do this in stages (you can only move up two versions) – migrating first to Server 2012 R2 or Server 2016, then to Server 2022. Note that you can move up three versions from Windows Server 2012 R2 so it is possible to do an in-place upgrade to Windows 2022, as long as all your applications and hardware drivers are compatible.
- A clean install involves implementing new server hardware, server virtual machine, or cloud virtual machine and migrate all data and applications to new environments.
- Utilizing a cluster operating system upgrade rollout for Windows Server 2012 R2 will allow you to keep multiple servers in a virtualized cluster to ensure redundancy. This also allows for continuous service through the process, but can be arduous.
- A standard migration allows server owners to move one feature at a time from a source computer running Windows Server to a destination computer on a new version.
Looking Toward the Future
Microsoft and other technology providers give users plenty of runway to prepare for end-of-life events. Following the decommission of Windows Server 2012, the countdown begins for both Windows Server 2016 and Windows Server 2019, along with their different versions.
While many organizations rely on extended support, organizations should look to migrate servers before the standard end-of-life date. Extended support costs more, and organizations that delay a migration could find themselves quickly migrating data up to the last minute, elevating their risk.
Take a proactive approach to migrating server data. While these migrations offer a significant effort from technology teams, they are critical to maintaining operations and reducing security risk. Create a robust action plan for future migrations, and don’t let end-of-life deadlines sneak up on you.
Paul Deur is co-founder of ReadyWorks, a digital platform conductor (DPC), which collects and aggregates data from IT and business systems and spreadsheets, then cleans and analyzes information about the entire IT estate, including endpoints, users, applications, servers, and all their interdependencies. The company identifies risk/what needs to be upgraded, defines the rules for change, uses artificial intelligence (AI) and intelligent automation to automate and orchestrate all human and system workflows, and reports on results. ReadyWorks provides up-to-date audit trails that can be used to demonstrate security compliance.
Leave a Reply