Exchange 2003 was a great email server. It did the job, and arguably did it better than any other system that was available… 11 years ago. In the IT world where your new smartphone is obsolete by the time you manage to get it out of its box, 11 years is a very long time.
Despite this, a lot of organisations still take an “if it ain’t broke, don’t fix it” approach to upgrades. The problem with this is what worked in 2003 may still work… but it may not be a good idea anymore.
Other people could read your emails
If you’re using Exchange 2003, then you’re doing the electronic equivalent of school children passing notes in class. You’re writing down a bunch of information and then handing it unsealed and fully visible to someone you may or may not know and asking them to pass it along the desk via a bunch of random people until it gets to the intended recipient.
Just as with a note in school, anybody along the way can read your message, steal it, or modify it. There’s also the ever-present risk that the teacher will grab it and read it out in front of the class.
Email is a technology designed in 1982, from a time when security just wasn’t an issue. Everybody knew everybody in the classroom, so why would they want to look at each other’s notes? Today our classroom has more than 2 billion people in it, and not all of them are nice.
That’s not to say that you can’t communicate securely with Exchange 2003… but it’s hard work. You’ll need your IT team to talk to the IT team of every person you want to email and do a bit of work with each of them to make it happen. Newer versions of Exchange will do their best to secure your messages right out of the box using opportunistic TLS, and technologies such as Data Loss Prevention and Information Rights Management can be used to automatically detect and secure any messages containing confidential information.
Security holes won’t get fixed
Microsoft aren’t releasing security fixes for Exchange 2003 anymore – it’s too old. That means if somebody figures out a new way to break into your data there’s not a lot you can do to stop them. It may sound harsh, but the fact is Microsoft can’t keep retrofitting security fixes for every piece of software for all of time. There comes a point where every software vendor has to call time on a product, and that time for Exchange 2003 was April 2014. Anyone using Exchange 2003 right now is taking a gamble that hackers won’t find a chink in its ageing armour before they can move off it.
There's no support
“If it ain’t broke…” you’re fortunate. Because if it does break, you’re going to struggle to get help. Microsoft stopped providing non-paid, non-security support for Exchange 2003 in April 2009; and stopped providing any support as of April 2014. Most third party support providers have followed suit. There are still some providers (like Waterstons) who’ll do their best to help, but a fix can no longer be guaranteed.
It doesn’t work with Office 2013
Most people use Microsoft Office on a daily basis, whether at work, home, or school. The last version of Microsoft Office that worked with Exchange 2003 was Office 2010. That means when you buy a new computer you won’t be able to use Outlook to access your emails, calendar, contacts, tasks, etc. If you've got an old version you can just keep using it, but you can’t force the whole world to stay behind with you, so you’ll eventually have a compatibility problem with someone else instead.
What about the Cloud?
You may have heard a lot of fuss about using 'the cloud' to deliver messaging and collaboration services. You may even have heard about hybrid cloud technologies which allow you to mix and match for the most flexibility. Unfortunately to use a lot of this stuff you’ll have to be running Exchange 2010 or 2013. Not only is Exchange 2003 unable to integrate with the cloud, but a lot of the systems which talk to Exchange 2003 can’t either. If you want to leverage the cloud then it’s holding you back.
It won’t talk to your partners
Exchange is about a lot more than just emails. You probably use it as a calendaring system and contact manager as well. Exchange 2003 will let you send a meeting invitation to an external partner, but that’s about it. Later versions support federation between organisations, letting you view and share your diaries with each other.
Where’s my voicemail?
Exchange 2003 was an 'email' system. Later versions of Exchange are 'messaging' systems. That means they can handle more than just emails. For example, what about your voicemail? Why do you have to log in somewhere else to get that – can’t it just arrive in your inbox too? In fact, wouldn't it be easier if you could give people the option of trying your mobile or speaking to a colleague, rather than just bouncing them to voicemail when you’re not at your desk? Later versions of Exchange can connect to your phone system to make this happen. This is 'unified messaging', rather than 'just email'.