The clock is winding down on support for some relational database management systems, leaving organizations to make decisions that could possibly move them to the cloud. Though the legacy servers might still function, continued use could leave enterprises vulnerable to cyberattacks. Moreover, if organizations run into technical issues after support sunsets, they will be hard-pressed to find a helping hand. Experts from Clairvoyant and SoftwareONE say that change may be a mandatory next step for some organizations.

In July, Microsoft’s database systems SQL Server 2008 and Server 2008 R2 will see security and technical support come to and end. Operating system Windows Server 2008 will likewise face its support sunset in January 2020. Organizations that use such systems have a variety of ways they can take action, says Tony Mackelworth, head of Microsoft advisory services for SoftwareONE, a platform as a service company.

The easy fix

A quick answer, he says, is to upgrade to newer, on-premise versions of the servers or purchase extended security updates. There are also options, he says, to rehost or refactor to a third-party cloud service provider, such as Microsoft Azure, Amazon Web Services, or Google Cloud Platform. The challenge that business and IT decision-makers face at this end of support has also become a focal point for vendors competing for them.

“AWS and GCP are keen to target that huge landscape of customers that are seeing a fair chunk of SQL going out of support,” Mackelworth says. The offers from GCP and AWS, he says, include taking on legacy software and letting organizations bring their own licensing. Not to be outdone by its rivals, Mackelworth says Microsoft is making offers of free extended support, for a period of time, to organizations that move to Azure. “To make the economics of cloud stack up, vendors are using licensing as a mechanism to make sure what they are offering is commercially competitive,” he says.

Even if organizations are comfortable with SQL Server upgrades, Mackelworth says there is a point where decisions must be made about what makes the most sense for applications that are mission critical. Organizations may want to explore hybrid contracts with for hosting and licensing, yet they also need to maintain security and compliance. He says enterprises might want to see what can be rehosted but also leave the option open to refactor their SQL Server. “No one single option in the market can answer all the questions that need to be asked,” Mackelworth says.

Tony Mackelworth, SoftwareONE

Racing against the clock

End of support is not a surprise but Shekhar Vemuri, CTO with technology consulting and service company Clairvoyant, says there are reasons why organizations might be caught flatfooted. “In some cases, there is a lack of in-house expertise to be able to migrate [sooner],” he says. Changes over time to the IT team may have left the organization without the knowledge set needed to act.

There also could have been alterations made to the database server that are not fully understood by the current team. If the underlying database that needs to be updated is connected to an application, the application must also be updated. These factors must be weighed when organizations decide whether to migrate the databases the functionality somewhere else or to reinvest in the latest version. “Most people are carving out migration teams to address the problem internally or working with providers to both manage software and help with the migration,” Vemuri says.

Spending migration vs. return on investment

Further complicating the issue, Vemuri says, is a perception of limited business value when migrating to newer software if there is little functional difference from a legacy version. “[By migrating] you are removing exposure to risk, but you are not seen adding new value,” he says.

Migrating to new database servers can be inevitable for organizations that operate in regulated industries. Security compliance requirements may leave little leeway when service support ends. “If you risk exposing yourself to a bug, or any hole in the software, that may compromise security,” Vemuri says.

When inaction is not an option

Such a compromise is often unacceptable for organizations that are connected to sensitive data. It is critical to not underestimate security exposure, Vemuri says. Even if the database is not that sensitive, it can serve as access to other parts of the ecosystem that house information that must be protected. “It may be better to throw money at the problem as opposed to doing a nuanced risk analysis and expose yourself to potential liabilities,” he says.

The need to regularly update and migrate to new platforms and database servers is not going to vanish any time soon, even with new methodology and approaches to hosting software in the cloud. Making a change may take a bit of labor, but it is the kind of burden that gets heavier over time. “There are ways to kick the can down the road,” Vemuri says. “The longer you wait, and the more you punt on a certain decision, the greater the effort it takes to get up to date.”