Overcoming paralysis - why financial services organisations have to race to update their Windows Server strategy

By Dave Foreman | 6 July 2015

Most of the technical support teams we work with know their Microsoft Server operating system inside out and have hardly lifted their phone to call Microsoft support in years.  But this well-oiled machine is about to become IT departments’ biggest headache. With the end of Microsoft’s support for Server 2003 on July 14th 2015, migration from this rather old operating system has escalated from being a niggling worry to a high-risk agenda item.

Only a handful of businesses have started their migration and even they will have to rely on Microsoft extended support. But this is not a cost-effective or risk-free option in the long term.

At some point a new vulnerability in the operating system will be discovered and exploited; businesses will be exposed and the regulators will have a stronger case for non-compliance. According to the credit card industry’s PCI Security Council standards, if an unsupported operating system is Internet-facing, it will be logged as an automatic compliance failure.

CIOs are caught between a rock and a hard place. Nobody wants to be caught in a position where they have to answer tough questions about plans to meet compliance and mitigate risk.

One of the reasons for this situation is that today’s IT agenda has tended to be dominated by high profile crises. Most recently, cyber security has grabbed the board’s attention and resources have been diverted to it. This means that many IT decision-makers have overlooked the Windows Server 2003 end of support issue when they are determining overall risk assessment.

Another reason is that, until the Windows Server support deadline passed and the risk level escalated, there has been a reluctance to resource and scope this huge, complex project and request another million pound budget.

Those organisations that have already undertaken Windows 2000 and NT migrations are fully aware of the headaches involved.

Any organsiation with a large server estate feel the burden of the familiar Forth bridge analogy. In five or six years time they will have to start the entire process again when Windows 2008 goes out of support.

Nevertheless there are a few efforts already underway to move applications off the estimated millions of servers that are still running this eleven-year-old Windows Server operating system. Some are migration applications to a cloud-first or mobile-first strategy.

We believe every cloud has a silver lining. It is possible to look at this migration challenge as an opportunity to overhaul the entire application portfolio with a transformation programme. And with the introduction of full lifecycle management, organisations can minimise the impact of any Windows Server migrations in the future.

A few guiding principles and best practices can make a huge difference in the long term. For example, every time you deploy a new application it should be accompanied by a lifecycle plan which details when the application needs to be renewed or refreshed. At present such a roadmap is only prepared for a few critical applications. Rolling it out everywhere, and giving individual’s responsibility will make everyone’s job easier in the long run.

The first step on the path is to invest time and effort in conducting a thorough audit of Windows Server applications. Then, with a thorough understanding of the scale of the challenge, the key to success is to take a top down, pragmatic approach and create a plan of action for each application. Importantly, this strategy can help to mitigate risk and provide a robust lifecycle management methodology for the future.

Another benefit comes from the opportunity to move certain applications to the cloud. As cloud services have matured and key security issues have been ironed out, the time is right to move Windows services and applications to the cloud. Moving the responsibility to your cloud provider could be a big weight off your shoulders.

By addressing compliance, scalability and momentum, systems that have languished for years can now finally get the revamp they deserve.

But importantly by taking a more holistic approach and getting to grips with the entire server estate, it is possible to overcome the build-up of technology debt, move to the cloud and build a sustainable foundation for the future. And in turn this can feed into enhanced client satisfaction, improved business reputation and shareholder value.


By Dave Foreman, Data Centre Practice Lead, ECS

Become a bobsguide member to access the following

1. Unrestricted access to bobsguide
2. Send a proposal request
3. Insights delivered daily to your inbox
4. Career development