Risks of Maintaining SQL 2008 After End of Support

SQL Server 2008 End of Support

Know and Manage the Risks

Risks of Maintaining SQL 2008 After End of Support

On July 9th, 2019 Microsoft concluded extended support for SQL Server 2008 and 2008 R2. The total end of support and security updates for SQL Server 2008 were a huge motivator for some organizations that use this database server to upgrade. However, many organizational stakeholders struggle with complacency and the process was delayed.

To help justify an upgrade to a more modern version of SQL Server, organizations should fully understand the risks that they will be susceptible to as they continue running SQL Server 2008 after end of support. Before we evaluate the risks of maintaining an SQL solution, let’s take a look at why organizations have continued with SQL 2008 instances.

Why Would Organizations Run Out-of-Date SQL Solutions?

According to SoftwareONE’s analysis, 43 percent of all SQL Server instances run either SQL Server 2008 or SQL Server 2008 R2. This begs the question – why are organizations continuing to utilize versions of SQL server that are over a decade old? There are many legitimate reasons why organizations initially chose to delay an upgrade to a newer version of SQL Server.

  • Compatibility Challenges – An upgrade to a new version of SQL server means upgrading a sizeable amount of your software estate. In many cases, SQL workloads are interlinked to business-critical applications and processes. Disrupting this environment could have far-reaching negative effects on day-to-day business activities.
  • Lack of Knowledge – For many organizations, the in-depth knowledge needed to complete an upgrade to a new version of SQL was severely lacking on their IT teams. If organizations do not have teams with the proper skills and knowledge, a poorly executed SQL Server upgrade could be perilous.,
  • Cost and Complexity – When considering upgrading SQL Server instances, many database administrators adhere to the motto, “if it isn’t broken, don’t fix it.” For many organizations, the cost and complexity of these upgrades far outweighed the benefits until SQL Server 2008’s end of service became a reality.

While organizations initially had adequate justification to delay an upgrade, with SQL Server 2008’s end-of-service being a reality, organizations must take action now. Otherwise, they could potentially face dire consequences.

The Risks of Using SQL Server 2008 After EoS

Running any out of date software poses a considerable threat to organizations, and this is especially true regarding the end of support for SQL Server 2008. If your organization chose to delay upgrading, or not upgrade at all, there are some primary risks to be concerned about:

  • Security Risks – With SQL Server 2008’s End of Support in effect, security updates and hotfixes will no longer be offered. While firewalls and antivirus provide some basic protection, hotfixes are necessary to patch application-specific vulnerabilities. By losing access to these patches, your organization will become susceptible data breaches.
  • Compliance Risks – Organizations that avoided upgrading risk losing compliance with existing regulations or software license agreements. For example, many online payment processing platforms require organizations to maintain vendor support. As a consequence, organizations that have not updated are unable to accept payments from customers until an upgrade is performed. Alternatively, standards like GDPR and PCI DSS require that organizations use supported platforms. Maintaining SQL Server 2008 violates this regulation, which could result in legal action as well as steep fines.
  • Financial Costs – If your organization did not upgrade after SQL EoS, then they must pay a premium for extended security updates to stay compliant. This is no small expense, either – the annual cost of SQL Server 2008 extended security updates is 75% of your organization’s current SQL Server licensing cost. This typically represents typically 300 percent of your annual Software Assurance maintenance spend per impacted server.
  • Compatibility Costs – Using a SQL solution that’s over a decade old can cause snags with modernization initiatives. If modern workloads are running on out-of-date SQL solutions, these queries will be run at nonoptimal compatibility levels. Meanwhile, newer versions of SQL provide more efficient compatibility levels. This means that keeping SQL Server 2008 ultimately wastes your organization’s time, resulting in significant opportunity cost.
  • Reputational Risks – When an organization experiences a security or compliance breach, its reputation suffers as a result. This could mean loss of customers, especially in the case of a cyber-attack. After a security breach, 20 percent of companies lose customers as a direct result. However, organizations could also stand to lose faith from stakeholders, investors, and the general public.

Creating a Strategy for SQL EoS

Due to the extreme risks associated with maintaining SQL Server 2008 now that it is unsupported, it is imperative that organizations still running SQL Server 2008 create a strategy to upgrade their server environment now. Unfortunately, it is hard for organizations to determine where to begin when they overhaul their current SQL solution. Here are four general steps to consider when constructing a roadmap for this upgrade:

Step 1: Check Your Inventory

Be aware of all the out-of-date SQL workloads within your network environment, along with configuration, usage, and workload benchmarks. Since your organization’s SQL inventory is spread across the entire organization, it may be helpful to use an advisory service to ensure inventory is taken correctly.

Step 2: Make a Plan

Once information regarding your software inventory has been recorded, create a roadmap that will help find the best migration approach for each workload. Your organization should aim to find the optimal contract at the best price. This is unique for every organization, so be sure to spend an appropriate amount of time constructing a bulletproof plan – or consult the help of a third-party expert

Step 3: Execute the Plan

When executing the campaign, organizations generally plan to migrate or modernize their software environment. Migrating workloads is a simpler plan to execute, but organizations may encounter more long-term issues. Modernizing your SQL environment with a cloud environment like Azure takes more time, but will ultimately future-proof your SQL approach.

Step 4: Continuously Optimize

Once the plan has been executed, it’s important to constantly ensure everything is running as efficiently as possible. After updating your SQL solution, your organization will likely experience a few technical errors. To ensure day-to-day business isn’t significantly disrupted by these errors, continuous optimization is necessary.

Starting Your Upgrade Process

The end of support for SQL Server 2008 has arrived, and organizations must act now. Otherwise, they risk stark consequences that could disrupt day to day business, cause expensive fines, or even tarnish their brand’s reputation.

With such high stakes, many organizations may enlist the help of third-party experts to help plan their upgrade. If you’d like to get started on your SQL Server 2008 upgrade process today, take a look at our Microsoft Advisory Services offering page. Or, if you would like to speak to an expert, contact us today.

Ready to Upgrade Today?

Enlist the help of Microsoft experts to ensure you’re making the most of your investment.

Learn More

Comment on this article

Leave a comment to let us know what you think about this topic!

Leave a comment


Tony Mackelworth, Head of Microsoft Advisory

Tony Mackelworth

Head of Microsoft Advisory

Cloud, Digital Transformation, Licensing, Software Procurement Services

Related Articles