Guido Vrola - Fotolia
Comparex exposes council server software vulnerabilities
Thanks to a Freedom of Information Request the channel now knows just how widespread the use of unsupported server software is among councils
If you were to play a word association game asking for a quick response to the question about who is still using old unsupported software the answer would be the public sector.
Tales of hospitals using Windows XP have been told for years since Microsoft pulled the plug on support and now thanks to Comparex there is another example to add to the list.
The IT services player put in a Freedom of Information request that revealed that many councils are using unsupported server software and are not receiving security patches.
Just shy of half of those councils that responded revealed they were still using at least one of Windows Server 2000, 2003 or Microsoft SQL Server 2005.
Almost a quarter admitted to running Windows Server 2000 or 2003 and only 13% revealed that they were paying for extended support for Server 2008.
The seriousness of the problem exposed by Comparex is significant because it means there are numerous councils out there that are exposed to security threats.
“By continuing to run out-of-date server software, many councils are exposing themselves to a host of security and compliance risks,” said Chris Bartlett, business unit director – public sector, Comparex.
“The FOI data suggests that matters are slowly improving, as separate FOI requests to London Borough Councils back in 2016 showed that 70% were running unsupported server software. However, with GDPR now in effect, councils need to be even more cognisant of vulnerabilities – especially considering the volume of citizen data they hold. With that in mind, it is important that risks are managed, and councils establish an upgrade strategy,” he added.
There is clearly an educational opportunity here for the channel because the FOI request revealed that many councils were unaware of consequences of using unsupported software.
“The FOI data presents a worrying picture. Only a handful of councils are currently paying for extended support, but it appears most are either unaware or are simply ignoring the risks of using unsupported software," said Bartlett.
"Councils need more detailed insight and greater visibility into their software estates, so they can make better informed upgrade decisions,” he added.
He also suggested that many councils might also have delayed upgrades because they were worried about the cost and disruption.
"However, councils can no longer afford to stick their heads in the sand – they should be looking to upgrade as soon as possible,” said Bartlett.