Legacy Systems create a cyber-security loophole
Chris Pace, head of product marketing, WALLIX, explains how outdated systems leave privileged accounts vulnerable
In July support for Windows Server 2003 came to an end. Softchoice, a company based in Toronto analysed nearly 90,000 servers at more than 200 organisations discovering that outdated technology is widespread across data centres. Nearly a month before Microsoft’s July 14 deadline ending support, Softchoice found that 21% of servers scanned in the first half of 2015 were still running on that operating system. It doesn’t help that upgrading from Windows Server 2003 to 2010 or 2012 used to be a linear upgrade yet today the migration path is more complicated.
Aging hardware and software poses a risk in the data centre. When systems like servers, networking equipment and operating systems are no longer supported, customers are exposed to data security vulnerabilities, reduced server and storage performance and increasing costs to maintain the old equipment.
The justification for hanging onto these old systems isn’t just the potential disruption caused by upgrading. Many legacy applications may not be supported on the upgraded infrastructure or perhaps a device is “only” being used as a file or print server. It’s clear that the focus for businesses is to ensure that IT systems are “good enough” to do the job and not necessarily at the bleeding edge.
However this approach is more problematic than it initially appears. Let’s examine the increased concerns around security and compliance as these legacy operating systems are more vulnerable to attack from outsiders. Many regulations do require compliant devices to be running supported software, so upgrading those may be vital. Shoring up external defences like firewalls and intrusion prevention might go some way to addressing these risks.
Given that the goal of every malicious outsider is to become a privileged insider, how access to these outdated systems is controlled becomes very important. You can reduce the attack surface significantly by ensuring that older servers are only connected to those other network resources that are absolutely necessary. The number of users who can access them should also be tightly controlled. A privileged access management solution will help you remove access for those that don’t need it as well as hiding away any old service accounts that may have been shared around in the past. A tool like this should obviously be able to work seamlessly and unobtrusively with any older operating systems, meaning you can increase security without having to interrupt or put businesses processes at risk.
If upgrading outdated systems isn’t an option in your infrastructure then it’s vital to consider all of the options available to increase your security and compliance posture to reduce your ultimate risk.