Dec 22 2015

Businesses Face Security Risks as SQL Server 2005 End of Support Looms

Microsoft will end security support for SQL Server 2005 in April 2016, and companies must prepare to upgrade.

A decade ago, Microsoft’s SQL Server 2005 was on the cutting edge of relational database management technology. Now it’s outdated software that Microsoft will no longer provide security updates for as of April 2016. Enterprises still running SQL 2005 face missed business opportunities and potentially serious security vulnerabilities if they don’t upgrade.

According to Tiffany Wissner, senior director of data platform marketing at Microsoft, there are several ways the transition to the end of extended support will affect the enterprise and small-business market. She says that SQL Server 2005 users are not capitalizing on business opportunities “because they are running decade-old technology.”

“While SQL Server 2005 was a great database for its time, the way businesses work with technology and data has changed dramatically,” she says, “and Microsoft has worked to adapt to these needs with each successive version of SQL Server by introducing enhancements to performance, availability, scalability, security and manageability through features like Always On in SQL Server 2012 and In-Memory OLTP in SQL Server 2014.”

Today, enterprises need to better understand their data and get more insights from it to drive their business, Wissner explains. By upgrading, companies can take advantage of the software giant’s latest business intelligence and analytics capabilities.

Secondly, organizations face security risks if they continue running SQL 2005. “Running an unsupported database means customers aren’t getting updates and patches that will protect them against new threats, and they may have trouble meeting corporate or regulatory security requirements,” Wissner says.

Additionally, those that continue to run SQL 2005 will potentially run into compliance issues. “If your company is still using SQL Server 2005, this may result in an officially recognized control failure by an internal or external audit body, leading to suspension of certifications and/or public notification of the company’s inability to maintain its systems and customer information,” Wissner warns.

Taking the Necessary Steps to Upgrade

“If they haven’t already,” Wissner advises, “IT pros should identify which applications are impacted and begin migrating immediately to reduce the risk of running unsupported software after April 2016.” Businesses running SQL 2005 should make an inventory of their applications and databases using something like the Microsoft Assessment and Planning toolkit.

SQL 2005 users should evaluate these applications by how important they are to their ongoing operations. For example, Tier 1 applications are mission-critical ones whose failure could have a serious impact if they go down for hours or even minutes. By contrast, Tier 2 applications, while also important for businesses, could potentially go down for a day or two. All other applications fall into the “Tier 3” bucket and could potentially be down for more than a day without causing a serious disruption.

Multiple Upgrade Options Are Available

There are several upgrade options for SQL 2005 users, depending on their application needs, Wissner says.

Customers can migrate to a physical version of SQL Server 2014 or move to that server in a virtual environment (on premises, with a third-party provider or in Azure).

Another option is Microsoft Azure SQL Database. In addition to security and compliance issues, SQL 2005 users face higher maintenance costs, Wissner says. “Staying put costs more in the end. Maintaining legacy servers, firewalls, guarding against potential security risks and preparing for liability created by out-of-date software will drive up costs.”

SQL 2005 users could also lose their competitive edge. “Failing to take advantage of new technologies and application opportunities can hinder a company’s success, including the increased performance provided by recent versions,” Wissner says. “The software will continue to function, but there are serious risks associated with running applications on an unsupported database,” she adds.

For more on upgrade options for SQL Server 2005, check out this post on the CDW Solutions Blog

Darryl Sebro

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT