Some things are built to last forever. Computer software? Not so much.
After hanging around for a solid decade, Microsoft SQL Server 2008 and SQL Server 2008 R2 have now left Extended Support.
What does that mean exactly?
Once a product has moved beyond Extended Support, Microsoft no longer has an obligation to provide security updates or customer support. And while you might think staying on unsupported databases seems easier than upgrading, we have news for you: Doing absolutely nothing is a risky move. Yes, your servers will continue to function if you hold onto your outdated database. But without Microsoft’s updates and patches, your organization is open to potentially serious security and compliance issues—and it’ll come at a pretty high cost, too.
If you’re still running Microsoft SQL Server 2008 and SQL Server 2008 R2, here are three ways you’re putting your business at a big risk.
The end of Windows and SQL Server 2008 support means that Microsoft has pulled the plug on any further security updates. Older, unsupported software is more vulnerable to exploitation, since it doesn’t receive critical patches. This makes your server a magnet for cyberattacks. And while physical security measures like firewall or antivirus software may provide some protection, it’s likely not enough to give a business peace of mind that their sensitive data is safe.
In fact, a couple years ago, the world saw the risks associated with running outdated Microsoft software firsthand: The outbreak of the WannaCry ransomware in 2017 showed the real-world cost of keeping legacy software—and the unsupported infrastructure that supports it—in place. In a matter of hours, this powerful ransomware spread like wildfire across more than 150 countries, encrypting hundreds of thousands of computers along the way.
Hospitals across the UK declared a “major incident” after they were knocked offline by the malware. Government systems, railway networks, and private companies were also hit. What did a majority of these businesses have in common? Nearly 98% of them were using an outdated version of their Microsoft operating system.
With increased security risks comes the danger of being non-compliant. Keeping old operating systems in place leaves your critical and confidential business and client information at risk and can expose your organization to big fines, company shutdown, and even time behind bars.
That’s why many industry regulations and standards require organizations to use supported platforms. These standards are vital for protecting your customers, employees and business’s reputation. These regulations include:
HIPAA: Health Insurance Portability and Accountability Act
PCI DSS: Payment Card Industry Data Security Standard
SOX: The Sarbanes–Oxley Act of 2002, also known as the "Public Company Accounting Reform and Investor Protection Act"
Dodd-Frank: The Dodd–Frank Wall Street Reform and Consumer Protection Act
GDPR: General Data Protection Regulations
Failure to modernize your infrastructure when end of support hits—and comply with these regulations—can result in reputational damage to your business and high penalty fees. The GDPR, for example, can fine non-complying companies with a bill of up to 4% of their annual turnover.
Maintaining unsupported platforms comes with a high price. Put simply, it’s really not too much different than the ongoing maintenance and tedious upkeep of a very old home or vehicle—except that technology ages at a much faster rate. In fact, it costs nearly double to fix a system that’s older than four years of age when compared to newer systems.
For example, a few years ago, CNN reported that the US Navy would pay Microsoft up to $31 million just to maintain their now-defunct operating system. Why? Because when their operating system was discontinued, Microsoft stopped actively developing security updates and patches for it—even as new major flaws and security holes were discovered. But because the Navy preferred to maintain its legacy systems, Microsoft could name its price ($9 million a year, to be exact). This isn’t even considering the added cost of employee time spent fixing their outdated system.
So what’s the bottom line? Remaining on unsupported databases, while seemingly easier than upgrading and migrating, is not worth the associated business risk. Fortunately, you have options.