Extended support at an end
‘End-of-life’ means the point at which Microsoft will cease offering software support for SQL 2005. That means no more releases, no more security patches, and no commitment to support for any issues that may arise. Since 2011 Microsoft has been offering extended support for the service, providing basic security and service updates but not implementing any design changes. Despite this, countless organisations are still running the data management system and are now faced with the choice of upgrading their systems, adopting another solution, or migrating to the cloud. One thing that is clear is that doing nothing is not an option.
Without any commitment to support the software, businesses risk becoming exposed– to potential defects which could compromise their solutions or to malicious attacks from hackers which could result in costly data breaches. All it takes is for one hacker to identify a vulnerability in the system. Through this vulnerability they can jeopardise data security, bring down the system, or, perhaps most worrying of all, use the compromised component as a platform to access other systems within the business. This chink in the armour could have serious knock-on effects, potentially even jeopardising an organisation’s entire ICT infrastructure. Such an incident could also have a serious effect on an organisation’s reputation.
In addition, business may be in violation of regulatory or compliance obligations, if they continue to use software which is no longer supported by its vendor.
My organisation still uses SQL 2005 – what do I do?
The most obvious on-premise option when it comes to selecting a new system to succeed SQL 2005 is Microsoft’s most recent release of the software: SQL 2014. Upgrading presents a great return on investment as the suite offers greater functionality and performance benefits and increased security measures.
Another option, and one that will no doubt be popular among businesses already embracing the cloud, is to migrate to Microsoft’s popular Azure platform. Azure offers streamline capabilities, global availability and allows scaling according to business needs. And although data security in the cloud has traditionally been a cause of concern for many organisations, Microsoft has gone to extensive lengths to mitigate these security concerns, and provide tools and services within their cloud platform to enable organisations with fine grained security controls of their cloud environments.
Ensuring database security
Once the new environment is in place, however, it is important not to become complacent about data security. Regardless of which version your systems are on, hackers will always be waiting to take advantage of perceived vulnerabilities in any aspect of your environments. When it comes to ensuring the security of databases there is one phrase to remember: defence in depth.
It is essential to both strengthen your systems against attack, through the use of firewalls, restricted IPs, least privileges principle, and also to minimise the exposure of your systems by keeping them architecturally appropriately layered. For example, servers hosting public facing services such as web portals, should not be hosting their databases on the same server, to ensure that should a public facing server be compromised, direct access to your data isn’t automatically exposed.
Encryption features have been introduced into SQL Server since SQL 2008, such as Transparent Data Encryption (entire database encryption) and Column Level Encryption which can help businesses protect their sensitive data at rest and adds another layer of security to their design.
There is no doubt that the impending end-of-life for SQL 2005 will present a challenge for many organisations. However, with a definitive migration strategy in place, it also offers the opportunity to implement a robust and secure system, which will ensure productivity for years to come.
When it comes to end-of-life systems, planning is vital. Reacting when the software has already reached the ‘end-of-life’ stage wastes time and resources, leaving staff struggling to implement and understand new systems while managing their regular workload. Structured planning ensures ease of transition and organisations can assure clients of continuity of service, support and robust data security.
For industry-leading advice on upgrading existing SQL Server systems or migrating to the cloud, contact Ward Solutions today.