While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
Microsoft will no longer provide security updates for its SQL Server 2005 relational database platform as of April 2016. For federal agencies that looming deadline means they need to upgrade to ensure they are in compliance with data security laws and regulations.
Federal agencies need to make sure they comply with applicable IT laws, including the Federal Information Systems Modernization Act.
Further, federal government agencies have had to pay Microsoft in the past for failing to upgrade their systems. For example, the U.S. Navy’s Space and Naval Warfare Systems Command agreed in June to pay the software giant around $9 million a year to continue supporting its systems that run on Windows XP, an operating system Microsoft stopped supporting in April 2014.
Tiffany Wissner, senior director of data platform marketing at Microsoft, says, “If they haven’t already, IT pros should identify which applications are impacted and begin migrating immediately to reduce the risk of running unsupported software after April 2016.”
Government agencies need to understand their risks and those running SQL 2005 should make an inventory of their applications and databases using something like the Microsoft Assessment and Planning toolkit.
SQL 2005 users should evaluate these applications by how important they are to their ongoing operations. For example, Tier 1 applications are mission-critical ones whose failure could have a serious impact if they go down for hours or even minutes. By contrast, Tier 2 applications, while also important but could potentially go down for a day or two. All other applications fall into the Tier 3 bucket and could potentially be down for more than a day without causing a serious disruption.
There are several upgrade options for SQL 2005 users, depending on their application needs, Wissner says.
Customers can migrate to a physical version of SQL Server 2014 or move to that server in a virtual environment (on premises, with a third-party provider or in Azure). Another option is Microsoft Azure SQL Database.
In addition to security and compliance issues, SQL 2005 users face higher maintenance costs, Wissner cautions. “Staying put costs more in the end. Maintaining legacy servers, firewalls, guarding against potential security risks and preparing for liability created by out-of-date software will drive up costs.”
SQL 2005 users could also lose their competitive edge. “Failing to take advantage of new technologies and application opportunities can hinder a company’s success, including the increased performance provided by recent versions,” Wissner says.
“The software will continue to function, but there are serious risks associated with running applications on an unsupported database,” she adds.