“If things still work, why bother changing them?” This is perhaps the point-of-view of any resourceful person out there who would choose to stick with the old stuff, tried and tested to get things done.
But old tricks do not usually make a cut for IT, especially when your servers are about to be on end of support lifecycle.
Early this year, Microsoft announced Impending EOS for SQL Server and Windows Server 2008 / 2008 R2 on July 9, 2019 and for Windows Sever 2008/R2 on January 14, 2020, respectively.
While each version is backed by a minimum of 10 years support (5 years for Mainstream Support and 5 years for Extended Support) EOS means end of security updates come the dates indicated.
EOS is primarily a way disrupting the old versions of SQL and Windows Servers to match up with the evolving pool of cyberattacks happening recently. This was pointed out by Takeshi Numoto, Microsoft’s Corporate Vice President for Cloud + Enterprise Marketing, in an interview.
“With cyberattacks becoming more sophisticated and frequent, running apps and data on unsupported versions can create significant security and compliance risks.” – Takeshi Numoto.
With the approaching EOS dates of these servers and the “resourcefulness” every modern IT personnel perhaps has, you are set to face utter damaging nightmares that you wouldn’t want to happen in your organization’s IT posture.
Here are the succeeding nightmares you are about to experience when you use outdated SQL and Windows Server versions:
Open invitation to cyberattacks
The past two years gave birth to several cyberattacks that crippled critical services such as healthcare, transportation, and even traffic systems. One big factor that made these attacks possible is due to the use of an outdated system, including servers and even desktop/virtual OS.
But what are you up against? Here are the three major forms of cybersecurity threats according to Microsoft’s Volume 23 of Security and Intelligence report:
- Botnets – these are programs that are backed with network of bots to manipulate computers using command-and-control (C&C) severs. This has infected more than 23 million IP addresses and keeps sprawling with 1,214 domains and IP addresses of botnet C&C servers, 464 botnets, and with over 80 associated malware families.
- Easy Mark Attack Methods – this includes phishing that directly attack security’s weakest link: the users. It comes into different forms such as suspicious email links and attachments, domain spoofs, user and domain impersonation, and links to fake SaaS apps. Microsoft has detected 180,000,000 – 200,000,000 phishing emails in a three-month span (November 2017 – January 2018).
- Ransomware – its primary destructive nature is to infect networks of data and encrypt files to block the access of the data owners and users. To regain the access back, a ransom for a specific amount is required, without any assurance of decrypting the manipulated files. WannaCrypt, Petya/NotPetya, and BadRabbit are some of its known forms to name a few.
And the list of cybersecurity threats goes on as cyberterrorists keep on creating more sophisticated threats that feeds on those who are taking constant software support and updates for granted.
Poor compatibility and non-compliance
SQL and Windows Server should always come as complementary IT assets and should always speak to the data being stored or application being hosted.
Thing is, with the rise of newer breed of applications and at the same time datasets/formats to aid modern functions, compatibility is an issue waiting to happen, since past EOS versions of these databases no longer have the necessary feature updates to adapt. Compatibility here also speaks as to how fit your SQL and Windows server are in terms of safeguarding your apps and database against cyberthreats and at the same time harness that data as a bearing for future IT decisions.
Moreover, even sturdier regulations were implemented to protect the data, data users, and the processes. General Data Protection Regulation (GDPR) and Data Privacy Act of 2012 (DPA) are just some of these laws that tend to be the standards as to how each data should be treated. Failing to provide up-to-date servers first hand is a lost battle already as the company’s and customer’s data and applications are on the line.
Compatibility and compliance are two important elements you should take into consideration especially in deciding to use past-EOS version of SQL and Windows Servers. Failing to do so could either cause system downtimes, lawsuits, and even financial damages.
Financial and career damages
In Asia Pacific alone, the potential economic loss was at $1.75 trillion because of the cyberattacks happened in 2017, based on Microsoft-commissioned Frost & Sullivan study.
This also revealed that a large-sized organization in the Asia Pacific that has more than 500 employees could have an average of $30 million; a mid-sized organization with 250 to 499 employees could lose an average of $96,000. Along with this are job losses that could be experienced by seven out of 10 organizations, not just IT-related roles but other business functions as well.
This simply implies that once a cyberattack hits and caught your organization off-guard, it’s on a damage spree, not just monetary-wise but career-wise, and nobody wants that for an organization.
What you can do
You can have two options:
- Upgrade to newer SQL and Windows Server Versions. This gives you the most updated features including a solid security structure. You can get the versions 2017 and 2019 for SQL and Windows Server. This includes the benefit of upgrading to an on-premise version or to an on-cloud platform.
- Migrate workflows to Azure and plan a hybrid setup. This brings the best of both worlds: the backup and file redundancy feature of the cloud and the availability and feasibility of an on-premise server, thus lessening downtimes, keeps data accessible online, and makes workflows safer and faster.
To read more resources on EOS, Download your free eBook and datasheets here for free.