Why business still fails @ computer security

[simple_gifts]

http://news.netcraft.com/archives/2015/0...erver-2003.html

Curious that with a published end date of support, businesses still can't plan accordingly to move to a new supported OS. While they race to mitigate 'unknown issues' WRT computer security, giant exposures evident on the horizon from miles away are unaddressed.

I have (4) non internet facing machines running w2k3r2 (along with some solaris 9 machines also unsupported); the migration project has been going on for about 9 months.

 

[CarbonSteel]

For current or one generation old OSes, it is much more than the business at fault on this one. Add the software and hardware vendors into the mix and you will be closer to the mark. We have tens of thousands machines in our enterprise and there are times we cannot move to the latest (of anything) due to incompatibility with a software or hardware package and said vendor does not even have that on their radar. While it is easy to say "just move to a different software/hardware package" it is infinitely more difficult than that for a myriad of reasons.

Now, if you mean the businesses who are still running outdated OSes that are more than 2 generations old (such as using XP instead of W7, W8, or W10), then I fully agree--how many years does it take to move forward? Especially when the security updates have effectively stopped, the issues are well known, and the mainstream applications have been updated in the market.

 

[Donald]

While having security holes in a company's computer system is a risk, so is introducing a change to fix it. I can typically only put in computer security changes 2 days a month due to all the blackouts (days no changes are allowed for business reasons). Never during the week. Never near the end or beginning of the month, quarter, year.