Gartner Blog Network

Save $200,000. Keep Using Windows 2000 Securely.

by Neil MacDonald  |  July 21, 2010  |  Comments Off on Save $200,000. Keep Using Windows 2000 Securely.

Just because Microsoft stopped providing security patches for Windows 2000 last week, don’t assume that it can’t continue to be used securely in your environment.

One option is to pay Microsoft $50,000 per quarter ($200,000 per year) for a Custom Support Agreement (CSA) for continued access to critical Windows 2000 patches. A lower-cost alternative program called “Custom Support Essentials” (CSE – starting at $75,000 for a year which includes access to a single patch, additional patches are charged separately with a per device fee) was made available to customers in May 2010 and is another alternative for organizations with a small number of Windows 2000 devices with definitive plans to migrate off over the next year.

However, these aren’t your only choices. All systems — supported or not — carry risk. The discussion of whether or not Windows 2000-based systems can continue to be used securely is a discussion of acceptable risk to the organization.

I’ve just published a detailed research note for clients Securely Using Windows 2000 After Support Ends that provides a strategy and specific guidance for continued use of Windows 2000 in low, medium and high risk scenarios.

Purchasing a CSA or CSE is an option, but there are other potentially significantly lower-cost options.

Category: information-security  microsoft-security  

Tags: information-security  microsoft-security  windows  

Neil MacDonald
VP & Gartner Fellow
15 years at Gartner
25 years IT industry

Neil MacDonald is a vice president, distinguished analyst and Gartner Fellow in Gartner Research. Mr. MacDonald is a member of Gartner's information security and privacy research team, focusing on operating system and application-level security strategies. Specific research areas include Windows security…Read Full Bio

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.