Weighing the costs and benefits of Microsoft Extended Security Updates:
When to avoid Microsoft ESUs and when they might be a strategic stopgap measure

 In , |

Reading Time: 5 minutes

If you’re running Microsoft software that’s reaching its end of support (EOS) date, you might be considering Microsoft’s Extended Security Update (ESU) program. And for good reason.

When a Microsoft product reaches EOS or end of life (EOL), the company stops providing regular updates and support. ESUs can be a temporary safety net to keep your systems secure without the hassle of upgrading.

You can pay to keep getting those critical security updates for a bit longer, typically up to three years. This can be appealing if you’re not ready to fully upgrade to a newer software version but are concerned about maintaining compliance with various regulations and standards that require up-to-date security.

This buffer period allows IT teams to:

  • Conduct thorough testing and compatibility assessments to ensure a smooth migration without disrupting business operations.
  • Develop a phased migration plan that prioritizes critical systems and minimizes user downtime.
  • Secure budget approval and resources for a successful long-term modernization strategy.

Yet, while ESUs might seem like a convenient solution in the short term, they come with some major drawbacks that can hurt your business in the long run.

The hidden costs and risks of ESUs

First and foremost, ESUs are expensive, varying in cost depending on the product, the number of devices, and the duration of the service. In some cases, it can be up to 75% of the original total license cost per year, every year.

As of the time of publishing, ESUs for Windows Enterprise cost $50 per device for the first year, $100 for the second year, and $200 for the third year. That adds up to $350 per device over three years. In contrast, upgrading to a new license agreement would cost you $228 — the MSRP for a Level A Windows Enterprise Agreement (EA).

For a Level A EA, the MSRP for an ESU for SQL Server Standard is $696 annually. That’s $2,088 over three years. Purchasing a SQL Server Standard License with Software Assurance (SA) outright through your EA would cost you around $1,410 MSRP. Those are big savings, and you get access to all the new features, benefits, and security updates your organization needs today.

And here’s the kicker: Those ESU costs are just for the security updates. You don’t get any new capabilities, performance improvements, or bug fixes that come with the newer software versions.

But the costs aren’t the only issue. There are also notable limitations and risks to consider:

  • ESUs only cover critical and important security updates, meaning you’re still vulnerable to other types of threats, like zero-day exploits or advanced persistent threats.
  • ESUs don’t guarantee compatibility with other software or hardware. Your outdated systems may not work properly with newer applications or devices, leading to productivity and security issues.
  • ESUs can create a false sense of security. Just because you’re getting security patches doesn’t mean your systems are fully protected. Hackers are consistently discovering new ways to exploit vulnerabilities, and outdated software is an easy mark.
  • ESUs can slow down your business and hinder your business growth. Companies get complacent with ESUs, and before they know it, they’re years behind on their technology and struggling to keep up with their competitors.

However, the biggest risk is the long-term impact on your IT infrastructure. By continuing to use outdated software, you’re creating a technical debt that will eventually come due. And when it does, the costs and disruptions to your organization can be disastrous.

Beyond ESUs

So, if ESUs aren’t the answer, what is?

The most obvious solution is to upgrade to the latest versions of your Microsoft products. This way, you’ll get access to all the new features, performance improvements, and security updates that come with the newer versions.

Another option is migrating your workloads to cloud-based solutions like Microsoft Azure. By moving to the cloud, you can take advantage of built-in security features, scalability, and the flexibility of cloud computing. You also don’t have to worry about managing the underlying infrastructure with cloud-based solutions. Microsoft handles all the updates, patches, and maintenance so you can focus on running your business.

If you can’t upgrade to the latest version of Microsoft products, you can still modernize your on-premises infrastructure by implementing virtualization or containerization technologies. Virtualization lets you run multiple virtual machines on a single physical server, helping you optimize your resources and reduce costs. Containerization, on the other hand, lets you package your applications and their dependencies into portable containers that can run consistently across different environments.

Of course, you don’t have to choose just one of these options. Seventy-two percent of organizations are taking a hybrid approach, per Flexera, combining on-premises infrastructure with cloud-based solutions. For example, you might keep your critical workloads on-premises but use the cloud for backup and disaster recovery (DR). Or you might use the cloud for development and testing but deploy your production workloads on-premises. The key is finding the right balance for your organization’s specific needs and goals.

The path to modernization

The decision to leverage (or not leverage) ESUs should be part of a comprehensive IT modernization strategy. Here are some key questions to consider:

  • What are the current security vulnerabilities associated with our existing software versions?
  • How much would a full license upgrade cost compared to ongoing ESU fees?
  • What is the impact of outdated software on compatibility with newer technologies?
  • Can ESUs provide a temporary bridge while we develop a long-term migration plan?

If this feels daunting, don’t worry. You don’t have to go it alone. That’s where SHI comes in.

Our team of Microsoft experts can help you assess your current environment, evaluate your options, and design and implement the right solutions for your company. Whether you’re looking to upgrade to the latest versions of Microsoft products, migrate to the cloud, or implement virtualization and containerization technologies, we have the technical proficiency and resources to make it happen.

We also offer various financial and licensing services to help you optimize your investments and stay compliant with all the applicable regulations and standards. Our Microsoft Licensing Services can help you manage the end-to-end lifecycle of your assets, from planning and procurement to deployment and ongoing management.

At SHI, we take a holistic approach, working closely with you to understand and achieve your unique objectives.

There’s no one-size-fits-all answer

Whether you opt for ESUs or not, you must always first assess your organization’s specific needs, resources, and risk tolerance.

By carefully weighing the pros and cons of ESUs and crafting a well-defined modernization plan, you can ensure a secure and future-proof IT infrastructure and set your organization up for long-term success.

Contact us today to learn more about how we can help you with a more secure, efficient, and future-ready IT infrastructure.

Ready to solve what’s next with SHI? Contact us to get started.