Organizations around the world have extremely complex technology environments that depend upon many different components to function properly. Operating systems, hardware devices and applications all play a role in shaping our technology environments and each of these components relies upon current security patches to remain protected against the many threats found on the Internet.  The vendors supplying these products continue to supply patches for older versions of their product still in use at customer sites but, unfortunately for IT teams, all good things must come to an end.  Vendors are only willing to support a limited number of older versions because of the costs involved of maintaining legacy software and hardware.  When a vendor decides to end support for a product organizations using it face difficult end-of-life decisions.

From a security perspective, using current software versions is a critical control.  Many of the issues corrected by vendor patches are major security vulnerabilities that leave an organization open to attack.  When a vendor ends support for a product, any new vulnerabilities discovered will remain unpatchable, leaving the organization susceptible to attack: clearly an undesirable situation!  Adding to the gravity of the situation, hackers often develop and use automated scanning tools that scour the Internet searching out systems containing vulnerabilities.  Leaving an unpatched, out-of-support device connected to the Internet presents a dangerous security risk but it happens every day!

Read the full story: IT and End of Life Issues

Published February 22, 2016 in Certification Magazine