Obsolete products put schools at risk

One in five schools will be left vulnerable with obsolete products warns Stone Group

Stone Group, the UK-based ICT services provider focused on the education sector, has revealed that up to 20% of schools may face ‘a recipe for disaster’ by not planning to migrate from Windows Server 2003 before the 14th July 2015 deadline.

The company believes that schools may be ignoring the lack of ongoing support from Microsoft in favour of keeping legacy network management and teaching software that they have historically relied on, which is often unsupported on newer server operating systems such as Windows Server 2012. This will quickly leave schools deeply vulnerable to the unique security breaches which can occur, often from within.

Jay Abbott of security consultancy JustASC confirms: “In the context of a school, where an “us vs them” culture exists between the general user base and supporting infrastructure, maintaining strong internal defences is an essential requirement. The ability to attack and exploit known vulnerabilities has literally become child’s play and can even be executed from mobile phones and tablets.

“Due to a combination of free access to the required tools, simple user interfaces, readily available information and video learning on how to use the tools and a general teenage desire to “mess around”, any unpatched and out of date systems accessible from networks that students are attached to is a recipe for disaster.”

While other industries and the private sector are showing positive migration strategies, schools and colleges are demonstrating less appetite to refresh their Windows infrastructure. With Ofsted firmly focused on digital safeguarding, Stone Group believes that schools must prioritise securing their server environments.

Jay Abbott continues: “Microsoft has made itself clear that Windows XP and Windows Server 2003 will no longer be supported, and this includes updates to known security issues that will be quickly and efficiently added to the freely available exploit tools on the internet. It is a hard argument to put forward in any context that being unsupported, out of date and unprotected is a viable operating model, but in the context of an educational environment, failure to understand the threat from within is terminal.”

Simon Harbridge, CEO of Stone Group comments: “We believe that about 20% of schools are still running Windows Server 2003. We are hearing a lot of concerns about applications that they feel they cannot operate without, which is preventing them from migrating.

“I’d urge all schools to think carefully before discounting this migration. Windows Server 2003 will be 12 years old in 2015 and so much has improved in terms of speed and capability. Crucially, without support, you are also without security protection, which a school can’t justify being without when it comes to safeguarding pupils.”