Our Blog



Mitigating the risks of SQL Server 2008 and Windows Server 2008 End of Support

Support for Microsoft SQL Server 2008 ends on July 9, 2019, followed six months later with support for Microsoft Windows Server 2008 ending on January 14, 2020. This means from those dates you won’t receive the regular security updates and patches you’ve been used to receiving from Microsoft. New vulnerabilities however, will certainly continue to be found.

MItigating the risks of SQL Server 2008 and Windows Server end of support

As with any situation, you have a number of choices you can make. One is to do nothing – and it’s an option we have been asked about, so I want to address it head on.

With current climate of malicious attacks and code being distributed, this is not an acceptable risk profile for any organisation.

Given that systems running SQL Server 2008 and Windows Server 2008 are usually old systems – they’re ten years old now – I think it’s safe to assume they must be fairly critical to the business, otherwise they would have been replaced already. From our experience, the most bedded-in systems are usually the most significant systems, with longer update cycles.

Would you want one of your integral systems, potentially financial systems, customer information, personally identifying information, internal intellectual property or a functional system supporting other areas of the business – to be the most vulnerable to attack? The answer, I’m sure, is no.

Databases and websites are often ‘soft’ spots for hackers. One of the main services for Windows Server 2008 is supporting websites. Meanwhile, SQL is a database service and is often holding critical data - that’s pretty significant, especially when you consider Australia’s Mandatory Data Breach Notification laws. If data is stolen you have to disclose the breach, with a lot of potential for reputational damage and loss of customers following it.

And that’s before you even consider the ramifications of intellectual property being stolen.

The scary thing is, we’ve been doing a lot of audits for customers, and in every case, they’ve had more Windows 2008 or SQL 2008 servers than they originally thought.

You probably know of the bigger, more obvious systems, but we always seem to find some older ones, often support systems. These are often low hanging fruit when it comes to upgrades.

It all sounds like doom and gloom, but the good thing is there’s a fairly easy remedy, with Microsoft having thrown a number of lifelines out.

Microsoft will keep supporting Windows Server 2008 and SQL Server 2008 if you move the workloads to Microsoft Azure. That means you don’t have to make immediate, big spending decisions about replacing your entire financial system, customer system or whatever it might be. If you ‘lift and shift’ into Azure it will all still be supported. That’s the out for most companies to buy themselves some more time if they don’t have the budget now or don’t want to replace it today.

It’s important not to ignore End of Support for Windows Server 2008 and SQL Server 2008. These are critical from a risk mitigation point of view. How you’re going to address it is a decision that needs to be made now.

At Empired we can run a full assessment and provide you with a report on what your exposure risks are and all the possible mitigating actions, from moving ‘as is’ to Azure, to modifying, updating or platform transformations.

As well as extensive experience and knowledge in deploying Azure and migrating systems to Azure, we have expertise in areas such as modern apps and data insights, application modernisation, data platform migration and solution design to improve your application.

Contact us today to discuss your next step in mitigating the risk from end of support for SQL Server 2008 and Windows Server 2008.

Posted by: Jaen Snyman, National Business Manager Cloud Design and Integration | 17 June 2019

Tags: Cloud Platform, Data Analytics, Microsoft Azure, Data Migration, Microsoft SQL Server

Top Rated Posts

Blog archive

Stay up to date with all insights from the Empired blog