Enter data privacy. Exit SQL Server 2008.

SQL Server 2008 and SQL Server 2008 R2 are out of extended support as of July 2019, but the end of bug fixes, security updates and ongoing support has far-reaching data privacy implications, as James Boother from Microsoft Gold Partner, Coeo, explains.

Microsoft products typically have five years of mainstream support, followed by five years of extended support, all of which sounds great until you ask, what happens next?

It’s a relevant question because, as of July 2019, Microsoft no longer has an obligation to provide security updates for SQL Server 2008 and SQL Server 2008 R2. That’s despite the fact that at Coeo we’ve found over 30% of estates are currently running on SQL Server 2008 R2 or earlier.

Even though four newer versions of SQL Server have been launched over the last decade, the popularity of SQL Server 2008 R2 has endured for four main reasons:

  • Application compatibility – moving to a newer version could mean updating far more than the Microsoft data platform itself
  • SQL Server 2008 is good enough – companies find that the server suits their needs and see no need to switch over to a newer version
  • Upgrade cost and complexity – prior to end of life, the cost and complexity of an upgrade may have outweighed the benefits
  • Lack of knowledge or skills – some businesses have been unable to move platforms due to a lack of in-house knowledge.

What are the risks of using an unsupported platform?

Choosing to run applications on an unsupported platform carries several important risks that your organization must consider, particularly at a time when compliance with data privacy legislation has moved from an IT issue to a major business concern.


With SQL Server 2008 and SQL Server 2008 R2 out of Extended Support, they will no longer receive security updates. Without patching vulnerabilities, your data will be at risk from cyber attack. While physical security measures such as a firewall or anti-virus software may provide some protection, this is unlikely to be enough for most organizations to be confident, particularly if they are hosting sensitive data.


With increased security risks comes the danger of becoming non-compliant. Many industry regulations and standards, such as the GDPR and the Payment Card Industry Data Security Standard (PCI), call for organizations to use supported platforms.

Retailers accepting card or online payments, for example, are required to maintain vendor support and an inability to demonstrate this could render them unable to process card payments in line with their obligations. Non-compliance could have real legal and financial implications for your business, along with the risk of a loss of reputation or damaged relationships with your customers.

Financial costs

Maintaining unsupported platforms comes with a high price. Microsoft generally discourages customers from running out of support software by charging a premium for Extended Security Updates to detract customers from this approach. In the first year the annual cost of this is expected to be 75% of the licence cost.


Organizations must maintain their software assets and modernizing the underlying data platform is part of this journey. Many organizations already use database compatibility levels to mimic the behavior of down-level versions to avoid code fixes required by more modern servers.

What can I do now?

To ensure your organization remains supported, we recommend following our proven methodology with the following four-step process:

  1. Identify – create an inventory of your organization’s estate and identify any SQL Server 2008 R2 (and earlier) workloads along with configuration, feature usage and workload benchmarks.
  2. Plan – plan the migration of the workloads identified in the first step. Determine the best migration approach for each workload.
  3. Execute – put your plan into practice. Our team deliver cloud migration projects with reduced risk, cost and complexity.
  4. Optimize – if you move to Azure, you have a 3-year window to upgrade or re-platform to optimize for performance and deliver the best value for your Azure investment. Our Dedicated Support team is currently helping customers with this ongoing activity.

You can find out more about how to ensure your company remains supported by visiting the Coeo SQL Server 2008 Support page.

James Boother is the Sales and Marketing Director at Coeo, a Microsoft Gold Partner providing consulting and managed services for Microsoft data platform and analytics technologies. Founded in 2007, Coeo is Europe’s number one provider of database strategy for the retail, finance and gaming industries.