For five years, Microsoft’s SQL Server 2005 has been in its extended support phase, but its end of life is near, which can pose security risks to an organization. The primary risk to not upgrading before the deadline is that there will be no more updates or security hot fixes. “Unless the organization has a costly support contract with Microsoft, they’re on their own when it comes to updates and protection,” said Steve Ragan, senior staff writer for CSO Online.
Without these security protections in place, an enterprise is more vulnerable to threats. “Legacy systems and apps are always going to be a problem, so if an organization can’t move from MSSQL ‘05 to the latest supported versions, they’ll have to adjust their security planning to address this newly opened attack surface,” Ragan said.
Relying on a legacy system instead of upgrading can also mean that the databases are no longer in compliance, a concern for those in the healthcare industry or enterprises that deal with credit card transactions.
Microsoft customer support agreements available through Premium Support can be costly, and some technical workarounds may be limited or impossible.
“The benefits of upgrading to a modern data platform far outweigh the costs of maintaining security, support, and compliance for an unsupported database,” T.K. Rengarajan, corporate vice president, data platform, Microsoft wrote in his blog.
Many organizations have already gone through the upgrade process with the end of life on SQL Server 2003, and for those who are looking toward the next addition to the Microsoft ecosystem, SQL Server 2016 offers enhanced security tools that address the evolving trends in compliance risks.