On October 10, 2023, Windows Server 2012 and Windows Server 2012 R2 will go end-of-life. This means that Microsoft will no longer provide software updates. Any bugs or compatibility issues discovered from then on will not be fixed. The bigger issue is that security vulnerabilities will not be patched. If threat actors discover a vulnerability in these systems, they will be able to exploit that vulnerability until these systems are retired.
If you are an MTSi managed services customer, you were contacted about this in May as we started planning to update any customers who still had this technology in place.
If you have one of these servers in place and didn’t realize it was going end-of-life, this is likely a symptom of a much larger problem. Read on to learn about similar issues you probably face if you don’t have a strong MSP supporting you.
A majority of cyber breaches are related to software vulnerabilities that have already been fixed by the software vendor. The reason the end client is breached is because the patch was not applied in a timely fashion. Many organizations fail to apply patches for months or even longer after a patch is released and this presents a significant risk. For most, the problem is one of priorities. Patching keeps getting pushed off for more urgent tasks, until a ransomware attack or other breach is discovered.
Remember that firmware updates need to be applied as well. Servers, firewalls, and other devices often have important firmware updates released by the hardware vendor.
Hardware and Software Lifecycle
Most technology products have a lifecycle specified by the vendor. The key issue relates to patching, but there are performance, compatibility and reliability issues to consider as well. Is someone on your team monitoring the end-of-life dates for your firewalls, server hardware, switches and other components?
Monitoring Hardware Faults
Well-engineered systems have fault tolerance built in. Systems may have disks in a RAID configuration so they can keep operating if one or two of the drives fail. They may have multiple power supplies. In some cases, they may operate in a high availability configuration with split-second failover to a standby device.
These are great features, but what if a disk fails and no one notices. The second one fails and still no one notices. Then the third drive fails and the system crashes.
It is critical to monitor for failures in a fault-tolerant configuration, otherwise you are just waiting for the nth failure to abruptly take your system down.
Software Subscriptions and Support Contracts
As more and more vendors sell software on a subscription basis, it is critical to know when the software renews. This is extremely helpful for budgeting purposes, but more so if the software will just stop working at the renewal date or after a short grace period. It’s bad enough if your software stops working and your team needs to scramble to process a renewal, but what if your firewall software subscription ends and your firewall stops inspecting traffic and applying rules and you don’t notice? Or, what if your server hardware support lapses and six months later you lose a key component and are down for a week while you source a replacement part?
Managing subscriptions and support contracts isn’t glamorous work, but it is critical.
We have seen many firms that believed they had a backup in place until they had a failure. It is critical to have a backup scheme that supports your organization’s recovery needs and it is just as critical to periodically test to make sure you can restore your systems if you need to. Backup system testing is a great learning opportunity that can resolve an exposure. It can also speed your recovery time in an emergency by giving your team focused time to practice and develop a solid recovery plan that is based on practical experience.
How important is maintenance?
Failing at any of these critical tasks could mean your company being down for days due to a hardware failure or a breach. How much would that cost in lost productivity, sales, and customers switching to competitors?
A good MSP will:
· Remind you when contracts need to be renewed.
· Schedule system updates and patches as they are released.
· Monitor your systems, backups, and network.
· Scan your network for known vulnerabilities.
· Configure systems to deliver performance and reliability.