Dec 22 2015

State Governments Face Data Security Rules Ahead of SQL Server 2005 Migration

Local and state governments running SQL 2005 must comply with appropriate laws and regulations.

For state governments running Microsoft’s SQL Server 2005, the clock is ticking to upgrade to ensure they remain in compliance with laws and rules meant to protect the security of citizens’ data that are stored in the relational database platform.

In that sense they are in the same boat as the federal government. Microsoft will no longer provide security updates for its SQL 2005 platform as of April 2016.

Because the end of support for SQL 2005 could lead to security vulnerabilities, state governments should upgrade to make sure they are in compliance with their own laws — and stay ahead of potential security breaches.

For example, California has strict rules businesses must follow if a data breach exposes personal customer information such as Social Security numbers. The state requires that after such a breach, businesses must provide free identity-theft prevention and mitigation services for at least 12 months.

Taking the Necessary Steps to Upgrade

Tiffany Wissner, senior director of data platform marketing at Microsoft, says, “If they haven’t already, IT pros should identify which applications are impacted and begin migrating immediately to reduce the risk of running unsupported software after April 2016.”

State governments need to understand their risks. Agencies that are running SQL 2005 should make an inventory of their applications and databases using something like the Microsoft Assessment and Planning toolkit.

SQL 2005 users should evaluate these applications by how important they are to ongoing operations. For example, Tier 1 applications are mission-critical ones whose failure could have a serious impact if they go down for hours or even minutes. By contrast, Tier 2 applications, while also important for businesses, could potentially go down for a day or two. All other applications fall into the Tier 3 bucket and could potentially be down for more than a day without causing a serious disruption.

Multiple Upgrade Options Are Available

There are several upgrade options for SQL 2005 users, depending on their application needs, Wissner says.

Customers can migrate to a physical version of SQL Server 2014 or move to that server in a virtual environment (on premises, with a third-party provider or in Azure). Another option is Microsoft Azure SQL Database.

In addition to security and compliance issues, SQL 2005 users who don’t upgrade face higher maintenance costs, Wissner warns. “Staying put costs more in the end. Maintaining legacy servers, firewalls, guarding against potential security risks and preparing for liability created by out-of-date software will drive up costs.”

SQL 2005 users could also lose their competitive edge.

“Failing to take advantage of new technologies and application opportunities can hinder a company’s success, including the increased performance provided by recent versions,” Wissner says.

“The software will continue to function, but there are serious risks associated with running applications on an unsupported database,” she adds.

Darryl Sebro

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.