Who knew that ignoring problems doesn’t make them go away?
This week I finally got to see, thanks to a friend recording the whole thing, a demonstration of something I have known for a long time but never really got to see with my own eyes. While its fresh in my mind I thought I would put pen to paper on the subject.
At the start we need to get something out of the way though. As an IT guy, you end up having to sell products and this poses a problem for customers. At what point does good advice stop and just selling stuff to make money begin. What do I mean? You need Windows to run your business. For most of us that is a simple fact rather than some banal debate between fanboys. So, when I say you need Windows Server, there is a base level of agreement. However, when I tell you to upgrade to the latest version, at some point a question will start to appear in your mind when you ask yourself, “who is really benefitting here, or at least where is the bulk of the benefit going?”. If you were feeling particularly uncharitable you may think 90% of the benefit is to the IT services provider in revenue or maybe worse yet, he was just wanting to play with the latest software. Some of you have had IT providers like both those mentioned above so it doesn’t help when someone like me comes along and says, so far as humanly possible you need to be on the latest version of Windows. Today, I am going to try to explain why leaving stuff like Server 2003 and other legacy products around is a really bad idea.
In my spare time I work as a debt counsellor, so I am well versed in the scenario where you take out a Wonga loan for £100. Before you know it two years have passed and you find yourself handing over the keys to your house to pay off the thousands you now owe. In fairness Wonga are far from the worst. At this point I should stress that these opinions are mine and not Nitec’s. Amigo loans, now there’s an oxymoron. There are insufficient expletives in the urbandictionary.com to describe the utter contempt I hold those folk in. Sorry, I digress. Back to IT. What the blazes does the example of Wonga loans have to do with Windows and IT?
Think back to what you were doing in 2003. Beyoncé was “Crazy in love”, 50 Cent was “In da club” and you were writing a small app to allow sales to tell production what was needed and when. It was far from perfect but over time, even though you built it basically from google searches, it pretty much became the main stay of the company. You or your team promptly forgot about it and moved on with your life.
5 Years later Windows Server 2008 came out and, as you’re an IT guy you like shiny new stuff. After all, most of us are only marginally better–looking versions of Gollum. You tried to move your app to the new windows version and you quickly found out that there were serious problems. What was needed at the time was a bit of a rewrite but it fell victim to the “If it ain’t broke, don’t fix it” paradigm of software development.
When Windows Server 2012 came out 4 years later you had another go but it was worse and if a comprehensive tweak might have worked previously, this time it’s a rewrite for sure. But there’s another issue now. In 2009 someone connected the app to the accounts systems. It was running on 2003 also and while it supported 2008 it needed to work with your app so you decided to leave it on 2003 to be safe.
You get the idea, you spent £1000 on an app a dozen years ago and you’re still using it. You have added to it over the years piece meal and the last time you asked a professional developer to look at it they told you it would take £100K to rewrite.
In the background the world has moved on too. In 2003 “password” was a good password. It’s still the number 2 in the most commonly used list 2017 incidentally. Hardly anything “needed” the web. If you wanted, you could reboot everything and nobody batted an eye.
Today Windows Server 2003 hasn’t been patched since the middle of 2015. It basically has more holes than a swiss cheese.
So, what happens when your mission critical app running on the 2003 Server happens to get a visit from a hacker. The Chinese and Russian military probably could break into your network, however, it’s not really in their interests and the tools they have are kept very dark indeed. The guys who hack your network use standard tools and standard hacks. Thanks to my friends recording I watched the video as this hacker moved his way round the network just hitting a brick wall on Server 2012 and Server 2016. Then the moment comes when he finds the 2003 Server and boom. Within seconds it was completely under control. The guy now had a launch pad to run everything he wanted. Not to mention the server is trashed. Your mission critical one.
In IT we call this technical debt and it’s a bit like a Wonga loan. When it starts it seems perfectly reasonable. After a while it becomes the elephant in the room and people ignore it as it’s hard to tackle and they hope it will go away. One day you wake up and realise you’ve handed the keys to your entire enterprise to the worst kind of low life.
The vast bulk of my customers are personal friends. We care for their businesses and celebrate their successes as we celebrate our own. Why would I want these people I care about to be taking out the IT equivalent of a Wonga loan? I wouldn’t.
We will always try to get you on the latest version. This is not the correct vehicle to discuss all the differences between Windows versions. Every subsequent version has got tighter and tighter. As one example, it used to be the case that when you connected to a server your computer just assumed it was the right one if it was called the same. Until some bright spark added a rogue server with the same name and found your computer sent your credentials across. Subsequent versions asked the server to prove who it was before it sent the credentials. This is one of hundreds of minor changes over the years and they really add up.
Security, as we have said before, is a tedious day by day drudgery. However, you need to do it. The best way, in my opinion, is to treat it to “death by a thousand cuts”. Wake up each day and decide to do one more thing to slightly improve your security. As always, we are here to help, today with a particular focus on helping you get a plan of attack to take out old tat and put it where it should be, in the rubbish bin of history. As one of the owners of the company I would much rather forgo any financial benefit from helping remediate issues and be putting all our effort into tightening your security.
Let’s make 2018 the year you make a concerted effort to get properly bang up to date. It won’t be easy, it will cost some money but it will tighten your security and harden your defences and in the end that’s the difference between a 4% loan off M&S and a 1000% loan from Wonga. You choose. The problem is if you’re not actively choosing M&S you’re choosing Wonga by default and some day they are coming to take what’s theirs. Well, it was yours, but now its theirs.