Security and Aging Technology

Technology changes at a rapid pace. Sometimes it is difficult to determine where the line is between being state of the art, status quo, and when you are moving on from perfectly good equipment. Keeping your infrastructure secure should be top priority. So how do you navigate the constantly updated versions of your business hardware, software, and other critical equipment?

“My IT company is trying to rip me off. I use my computer every day and it works just fine. They come into my office and tell me that I need to replace it as well as those of half of my staff. I hate when someone thinks that they can just come into my business and make a buck off of me.”

Ever feel like this? As an IT provider, we have certainly been on the receiving end of this argument. At face value it makes sense. If you can get your work done on the equipment that you have, why spend the money to replace it, not to mention the time and effort to learn/teach the new features? I’ve got your answer.

[img src=”/wp-content/uploads/sites/2/2020/01/img-basic-equipment-lifecycles.jpg” class=”aligncenter”]

What is an Equipment Lifecycle?

Many pieces of technology equipment have lifecycles. These come in various forms but, simply put, are the manufacturers recommendation as to when you should update, upgrade, or replace the equipment. In some cases this can mean that patches and support will no longer be provided. (Examples of this include current events such as the end of life for Windows 7 and Server 2008.) In others, it could be best practice. Where this is the case, professionals have deemed that, by the end of the lifecycle, technological advancements will have made the equipment obsolete or incompatible with other technology with which it will need to integrate. This is often built into the manufacturers roadmap. It is not simply that they have a new version on the market but rather security and, to a certain extent, business process. At some point, the manufacturer cannot continue to support an entire history worth of equipment, or create in a way that all technology throughout time will be able to easily and effectively work together. This would cease to be a quality or affordable piece of equipment to produce or maintain.

Expiration is not Healthy

Technology, in this sense, is not that different than the supermarket. Many foods have lifecycles too. When not as obvious as in produce (rotting, wilting, molding), we put expiration dates on our meats, eggs, and other goods. They are in place to help you avoid getting sick. While you are often fine missing the cut off by a day or two, full ignorance of the recommendation can lead to serious consequences. For example, if you have a carton of milk in your refrigerator and the ‘best used by’ date was over a week prior, you would open it up, smell it, and probably throw it away. Though the signs are not as obvious, your technology has a similar lifecycle. The problem is that once your technology starts to pass the expiration, the “smell” isn’t so obvious.

Expiration is often in the form of vulnerability. A vulnerability is a hole in your security. When not addressed with patches or updates, these lead to opportunity for hackers to infiltrate your environment. The more out of date your systems are, the more potential for an incident. While it is impossible to guarantee an incident free technology environment in any situation, these vulnerabilities create a greater risk.

Lifecycle Management

It’s Personal…

Cost is often one of the biggest arguments not to adhere to lifecycle recommendations. Some people rush out and purchase another smartphone with every release of a shiny new model. This isn’t necessary, especially for a business, where the technology is much more based on functionality than aesthetic. (When was the last time someone came into your office, and said “wow, nice firewall. Is that the new XXX?”) That does not mean, however, that it should be forgotten in the closet to run for all time.

It’s Business…

It is important too to consider the fact that we are talking about a business and not an individual. If an individual takes upon themselves the risk and responsibility of working equipment to the point where it can no longer be turned on, then so be it. We are making an argument for businesses here. There is likely data and documents that you need to protect. That risk is much higher, the loss tied to failure is much greater. While wanting to be fiscally responsible and not push frivolous expenditures, it becomes irresponsible, if not negligent, to ignore best practices. You don’t want to end up in a situation wherein you are unable or forbidden to use/run certain business critical tools because technology advancements no longer support or are compatible with what you are using. Similarly, there is the security risk due to the vulnerabilities mentioned. The cost of replacing a device 6 months prior to its failure versus the cost of a cyber-attack, data loss, or system downtime can be dramatic. In this day and age, losses such as these can destroy a business.

Having a plan to address the lifecycle process

Like any other facet of your business, technology should be budgeted for and have a multiyear plan. Surprises are the last thing that your company needs from a financial aspect. Lifecycles in this sense can be a great tool if you let them. Rather than replacing your entire fleet of devices in a panic or at an End Of Life deadline, you can have a rollout plan that includes portions of the infrastructure at a time. This way you never find yourself scrambling to find funds to overhaul your environment.

Side note: Keeping your infrastructure current is a vital component to your cybersecurity. That is why we recommend that part of this budget should be to plan for a cyber-incident as well. Advancements in hacking are rapid and it only takes one mistake to fall victim. Recent studies have shown that 54% of small businesses have no plan in place for how to deal with a cyber-attack. In addition, 83% of those have no funds put aside to deal with the fallout of an incident (at an average of $120,000 in losses per incident). With over 40% of attacks targeting this demographic, this level of due diligence could help keep your doors open.

Still not convinced? Get a physical

Maybe your equipment can last a little longer. If you have a trusted relationship with your IT provider, and the lifecycle isn’t tied to support or security issues, they can do the “smell test” for you and advise as to how safe continued use will be and whether the best practice may not apply. The misconception is that the IT provider is trying to make a buck. The good ones are trying to protect their clients. The truth is that the margin made from the hardware sale pales in comparison to the charges for engineers to address and combat an incident. Proactive support is about customer satisfaction. Reactive support is where you should be wary. So don’t wait for a problem. That problem will be much more widespread and detrimental than having kept the proper lifecycle management.

Did I mention that Infoaxis can help manage your technology lifecycles on your behalf?
Contact us to learn more.