Dec 22 2015

Federal Agencies Face Compliance Issues by Sticking with SQL Server 2005

As the U.S. government prepares for the end of support for SQL 2005, laws and regulations on data security could spur upgrades.

Microsoft will no longer provide security updates for its SQL Server 2005 relational database platform as of April 2016. For federal agencies that looming deadline means they need to upgrade to ensure they are in compliance with data security laws and regulations.

Federal agencies need to make sure they comply with applicable IT laws, including the Federal Information Systems Modernization Act.

Further, federal government agencies have had to pay Microsoft in the past for failing to upgrade their systems. For example, the U.S. Navy’s Space and Naval Warfare Systems Command agreed in June to pay the software giant around $9 million a year to continue supporting its systems that run on Windows XP, an operating system Microsoft stopped supporting in April 2014.

Taking the Necessary Steps to Upgrade

Tiffany Wissner, senior director of data platform marketing at Microsoft, says, “If they haven’t already, IT pros should identify which applications are impacted and begin migrating immediately to reduce the risk of running unsupported software after April 2016.”

Government agencies need to understand their risks and those running SQL 2005 should make an inventory of their applications and databases using something like the Microsoft Assessment and Planning toolkit.

SQL 2005 users should evaluate these applications by how important they are to their ongoing operations. For example, Tier 1 applications are mission-critical ones whose failure could have a serious impact if they go down for hours or even minutes. By contrast, Tier 2 applications, while also important but could potentially go down for a day or two. All other applications fall into the Tier 3 bucket and could potentially be down for more than a day without causing a serious disruption.

Multiple Upgrade Options Are Available

There are several upgrade options for SQL 2005 users, depending on their application needs, Wissner says.

Customers can migrate to a physical version of SQL Server 2014 or move to that server in a virtual environment (on premises, with a third-party provider or in Azure). Another option is Microsoft Azure SQL Database.

In addition to security and compliance issues, SQL 2005 users face higher maintenance costs, Wissner cautions. “Staying put costs more in the end. Maintaining legacy servers, firewalls, guarding against potential security risks and preparing for liability created by out-of-date software will drive up costs.”

SQL 2005 users could also lose their competitive edge. “Failing to take advantage of new technologies and application opportunities can hinder a company’s success, including the increased performance provided by recent versions,” Wissner says.

“The software will continue to function, but there are serious risks associated with running applications on an unsupported database,” she adds.

Darryl Sebro

Zero Trust–Ready?

Answer 3 questions on how your organization is implementing zero trust.