February 11, 2016 at 8:37 pm
Comments posted to this topic are about the item The Push to Upgrade from SQL Server 2005
February 12, 2016 at 1:10 am
This is the only time I don't miss SQL Server. I am currently in an Oracle shop with few SQL Server instances dotted about the place so rarely get the opportunity to work with SQL Server at the moment.
Good luck to all of you upgrading.
Gaz
-- Stop your grinnin' and drop your linen...they're everywhere!!!
February 12, 2016 at 6:39 am
Gary Varga (2/12/2016)
This is the only time I don't miss SQL Server. I am currently in an Oracle shop with few SQL Server instances dotted about the place so rarely get the opportunity to work with SQL Server at the moment.Good luck to all of you upgrading.
We have mostly SQL Server databases and a few Oracle ones. I'll take a SQL Server upgrade over this Oracle upgrade any day.
February 12, 2016 at 7:20 am
SQL Server is relatively easy to upgrade but unless there's a feature in a newer version that an organization really wants or they want to install/upgrade an application that uses SQL Server there's not much incentive to upgrade.
February 12, 2016 at 7:44 am
ZZartin (2/12/2016)
SQL Server is relatively easy to upgrade but unless there's a feature in a newer version that an organization really wants or they want to install/upgrade an application that uses SQL Server there's not much incentive to upgrade.
Particularly considering the expense of upgrading. We tried to get 2014 last year and got shot down by the bean counters.
____________
Just my $0.02 from over here in the cheap seats of the peanut gallery - please adjust for inflation and/or your local currency.
February 12, 2016 at 7:50 am
You said April 12, 2016 as a date to be out of compliance, but didn't give any details on what makes that date important.
Can you share more info & a link to a site from a government or regulatory body, something a CIO would take as a trusted source?
February 12, 2016 at 7:54 am
Tony++ (2/12/2016)
You said April 12, 2016 as a date to be out of compliance, but didn't give any details on what makes that date important.Can you share more info & a link to a site from a government or regulatory body, something a CIO would take as a trusted source?
That's the scheduled end of life for SQL Server 2005. https://www.microsoft.com/en-us/server-cloud/products/sql-server-2005/
February 12, 2016 at 8:01 am
Is the implication that being on an unsupported platform is out of compliance? Is that written fact by a government or standards body, or a common interpretation by auditors?
February 12, 2016 at 8:07 am
Tony++ (2/12/2016)
Is the implication that being on an unsupported platform is out of compliance? Is that written fact by a government or standards body, or a common interpretation by auditors?
That I'm not sure about. In the past my company had a contract with another company that specified that we can't run any of their processes on unsupported software. I think Steve was talking about PCI and HIPAA regulations, which I don't have to deal with.
February 12, 2016 at 8:33 am
Thanks for this info, Steve!!
- webrunner
-------------------
A SQL query walks into a bar and sees two tables. He walks up to them and asks, "Can I join you?"
Ref.: http://tkyte.blogspot.com/2009/02/sql-joke.html
February 12, 2016 at 9:33 am
PCI Standards, section 5: https://www.pcisecuritystandards.org/documents/pci_dss_v2.pdf
6.2 has been mentioned, but 6.1 notes you must install vendor patches. I have had auditors say that if the vendor no longer supports the software, and does not provide patches, then the software, and system, is out of compliance with PCI. I suppose you could argue that the standard does not say the software must be supported, but I'm not sure how that would go.
There was a lot of discussion about this since WinXP was widely used in PCI environments. I suspect there are people running XP, but a number of auditing companies have said running unsupported software is automatic PCI failure.
As with many things, YMMV. The rules do not specifically state this, and there is some argument that having a risk analysis and plan for dealing with issues is enough. However, I would suspect if this were to come to legal rulings, judges and juries would not look favorably on an organization choosing to run unsupported software, risking new security vulnerabilities being disclosed.
HIPAA is similar. A company was fined for using XP: http://www.emrandhipaa.com/emr-and-hipaa/2014/12/11/firewall-windows-xp-hipaa-penalties/?utm_medium=email&utm_campaign=b4b4dfcebd-RSS_EMAIL_CAMPAIGN&utm_source=Healthcare+Scene&utm_term=0_4092230e89-b4b4dfcebd-61051725
Regarding government agencies, it is probably dependent on your area, but I would bet this is a termination worthy practice if there are issues.
Apr 12, 2016 is the day when extended support goes away. Most people don't have extended support, but MS provides security patches until this date.
February 12, 2016 at 10:25 am
LightVader (2/12/2016)
Tony++ (2/12/2016)
Is the implication that being on an unsupported platform is out of compliance? Is that written fact by a government or standards body, or a common interpretation by auditors?That I'm not sure about. In the past my company had a contract with another company that specified that we can't run any of their processes on unsupported software. I think Steve was talking about PCI and HIPAA regulations, which I don't have to deal with.
PCI requirements tend to focus more on how the data is stored, accessed and transmitted not so much the specific technology. A credit card number encrypted with the proper level of encryption is equally secure regardless of what medium it's stored in.
February 12, 2016 at 11:39 am
What we need are a clique of popular MVPs to start applying negative peer pressure.
"You're still using SQL Server 2000 and 2005??? Ew! Seriously.. dudes, that is like.. so totally gross." :doze::angry::blink:
Ew Seriously So Gross
https://www.youtube.com/watch?v=nzkhXMd1d3U
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
February 12, 2016 at 3:55 pm
Tony++ (2/12/2016)
You said April 12, 2016 as a date to be out of compliance, but didn't give any details on what makes that date important.Can you share more info & a link to a site from a government or regulatory body, something a CIO would take as a trusted source?
Here's something from the US government's Health and Human Services website:
See the second paragraph.
"Moreover, the security incident was the direct result of ACMHS failing to identify and address basic risks, such as not regularly updating their IT resources with available patches and running outdated, unsupported software."
-Tom
Viewing 15 posts - 1 through 15 (of 19 total)
You must be logged in to reply to this topic. Login to reply