Early 2019, Microsoft announced two impending EOS: SQL Server and Windows Server 2008 / 2008 R2 on July 9, 2019, and Windows Server 2008/R2 on January 14, 2020.
While each version is backed by a minimum of 10 years support (5 years for Mainstream Support and 5 years for Extended Support) EOS means the end of security updates come the dates indicated.
EOS is primarily a way disrupting the old versions of SQL and Windows Servers to match up with the evolving pool of cyberattacks happening recently. This was pointed out by Takeshi Numoto, Microsoft’s Corporate Vice President for Cloud + Enterprise Marketing, in an interview.
“With cyberattacks becoming more sophisticated and frequent, running apps and data on unsupported versions can create significant security and compliance risks.” – Takeshi Numoto.
With the fulfillment of the EOS dates for these servers and the “resourcefulness” every modern IT personnel perhaps has, you are set to face utter damaging nightmares that you wouldn’t want to happen in your organization’s IT posture.
Here are the succeeding nightmares you are about to experience when you use outdated SQL and Windows Server versions:
Open invitation to cyberattacks
The past three years gave birth to several cyberattacks that crippled critical services such as healthcare, transportation, and even traffic systems. One big factor that made these attacks possible is due to the use of an outdated system, including servers and even desktop/virtual OS.
But what are you up against? Here are the three major forms of cybersecurity threats according to Microsoft’s Volume 23 of their Security and Intelligence report:
- Botnets – these are programs that are backed with a network of bots to manipulate computers using command-and-control (C&C) servers. This has infected more than 23 million IP addresses and keeps sprawling with 1,214 domains and IP addresses of botnet C&C servers, 464 botnets, and with over 80 associated malware families.
- Easy Mark Attack Methods – this includes phishing that directly attack security’s weakest link: the users. It comes into different forms such as suspicious email links and attachments, domain spoofs, user and domain impersonation, and links to fake SaaS apps. Microsoft has detected 180,000,000 – 200,000,000 phishing emails in a three-month span (November 2017 – January 2018).
- Ransomware – its primary destructive nature is to infect networks of data and encrypt files to block the access of the data owners and users. To regain the access back, a ransom for a specific amount is required, without any assurance of decrypting the manipulated files. WannaCrypt, Petya/NotPetya, and BadRabbit are some of its known forms to name a few.
And the list of cybersecurity threats goes on as cyberterrorists keep on creating more sophisticated threats that feed on those who are taking constant software support and updates for granted.
Poor compatibility and non-compliance
SQL and Windows Server should always come as complementary IT assets and should always speak to the data being stored or application being hosted.
Thing is, with the rise of newer breed of applications and datasets/formats, compatibility becomes an issue since past versions of these databases no longer have the necessary feature updates to adapt. Compatibility here also speaks as to how fit your SQL and Windows server are in safeguarding your apps and database against cyberthreats and in harnessing your data to your systems.
Moreover, even sturdier regulations were implemented to protect the data, data users, and processes. General Data Protection Regulation (GDPR) and numerous, state-centric data privacy regulations are just some of these laws that tend to be the standards as to how each data should be treated. Failing to provide up-to-date servers first hand is a lost battle already as the company’s and customer’s data and applications are on the line.
Compatibility and compliance are two important elements you should take into consideration especially in deciding to use an outdated version of SQL and Windows Servers. Failing to do so could either cause system downtimes, lawsuits, and even financial damages.
Financial and career damages
In Asia Pacific alone, the potential economic loss was at $1.75 trillion because of the cyberattacks happened in 2017, based on Microsoft-commissioned Frost & Sullivan study.
This also revealed that a large-sized organization in the Asia Pacific that has more than 500 employees could have an average of $30 million; a mid-sized organization with 250 to 499 employees could lose an average of $96,000. Along with this are job losses that could be experienced by seven out of 10 organizations, not just IT-related roles but other business functions as well.
This simply implies that once a cyberattack hits and caught your organization off-guard, it’s on a damage spree, not just monetary-wise but career-wise, and nobody wants that for an organization.
What you can do
You can have two options:
- Upgrade to newer SQL and Windows Server Versions. This gives you the most updated features including a solid security structure. You can get the versions 2017 and 2019 for SQL and Windows Server. This includes the benefit of upgrading to an on-premise version or to an on-cloud platform.
- Migrate workflows to Azure and plan a hybrid setup. This brings the best of both worlds: the backup and file redundancy feature of the cloud and the availability and feasibility of an on-premise server, thus lessening downtimes, keeps data accessible online, and makes workflows safer and faster.
Your post-EOS transition shouldn’t be that complicated. Shift to more updated SQL and Windows Server versions with the right tech partner near you!
Get your FREE Workload Assessment here.