<img alt="" src="https://secure.inventive52intuitive.com/789747.png" style="display:none;">
End of Life software – is it a cyber security issue, or a business issue?

End of Life software – is it a cyber security issue, or a business issue?

Posted by Stephen Hackers

If a piece of software is End Of Life, should you upgrade immediately - is it an instant cyber security risk, or a business issue, or both? To understand the challenges, you first need to conduct a risk assessment.

Consider the scenario

You host a vSphere Farm internally running 6.7 which has gone End of Life. The management network hosts reside on are internal network and only accessible from a specific secure workspace. Maybe this is a low cybersecurity risk. So, do you hold off the upgrade, how does the business see the issue?

An End of Life product means end of life software support too – no security updates, patches or bug fixes. Consider what will happen if the hosts had a glitch and caused an outage. Your systems could be down and that would mean a cost to your business. So maybe this is a high business risk – can you really hold off the upgrade? What happens when a zero-day vulnerability is announced or discovered? 

More questions to consider

Does the underlying hardware support a newer version of the software going End of Life? If not, you need to add in the cost of upgrading the hardware before you can upgrade the software. Yes it’s another cost, but it’s likely to be much more cost effective than the cost of a business outage and security breach ransomware incident.

Digging a bit deeper than the End of Life hypervisor, there are further impacts too: 

Virtual Servers running on the Hyper Visor

  • VMware Tools version (supported?)
  • Virtual Server Operating System version (limited versions available and supported?)
  • Virtual Servers, some internet facing (Inbound and Outbound), older OS but still supported?

You can see how the cyber security risk has now risen to high, due to the internet-facing elements, and the likelihood of hackers jumping onto a zero-day vulnerability and publicly exploiting it. All of this means technical debt and risks are almost certainly about to cause you trouble.

As cybersecurity experts we would strongly recommend further and immediate mitigation controls at this point, along with tactical interim remediation costs. It will pay off in the long term as well as reducing the potentially high risk to the business.

Conclusion 

Running end of life software is a very bad idea. Please don’t wait until it’s too late.

  • Build the business with technology, cyber strategy and IT security at the forefront
  • Plan and prepare a 12-month roadmap, including End of Life software best practice, and continually update it
  • Work with expert partners such as HTG to develop a three to five-year technology and cyber strategy
  • Don’t let systems go End of Life stage - upgrade or replace before things get critical
  • Plan, budget and evolve the technology – don’t let technical debt build up

 

If that all sounds daunting, it needn’t be. We have decades of expertise in helping our clients create a protective IT roadmap to prevent them inadvertently exposing their organisation to risk.

 

Get in touch for a chat and to see how we can help you too.

Share

Contact

Want to partner with us?

Get in touch to learn more about our services or arrange a free 30-minute consultation with one of our Secure Cloud Experts.

Get in touch
HTG - Contact CTA