Are You Willing to Take It?
So, you got lucky and squeezed an additional three more years out of the software package you’re using to run your company…but now you find yourself hacking apart the security on certain systems to make it work, resetting protocols during every update and ultimately breaking the entire system because of something you did on that last “questionable” update.
Still, you continue to believe you’ve achieved victory by exceeding the lifespan of your software (and hardware).
This isn’t the right mindset you should have.
We’ve actually encountered many a client that continued to run software that had reached its end-of-life (i.e. software no longer supported by the manufacturer), and our response was always the same: Most of the time, it isn’t a good idea. Here, we’re going to explain why taking the risk of running end-of-life software isn’t one you should necessarily engage in.
The Dangers Associated with End-of-Life Software
We know what you’re thinking: The Egyptian pyramids and the Great Wall of China were built to last virtually forever…so why not my computer hardware and software? Well, those two wonders of the world are not the same thing as computer equipment and associated programs; with considerably short lifecycles, most IT departments, from our experience, replace their workstations, servers and phones regularly when they grow slow over time, stop receiving operating system updates and/or fall out of warranty.
In other cases, end users may be forced to move on due to liabilities caused by product end-of-life (also referred to as EOL). Two good examples of this are Windows XP and Windows Server 2003, which effectively became “orders of magnitude” more vulnerable to security threats when Microsoft ceased issuing updates and patches. A similar occurrence took place in the Blu-ray Disc player market, wherein lack of firmware updates to players’ internal software systems rendered most of them unusable after a certain period of time; of course, this isn’t on the same level of critical application status as a computer system that runs a company, but we’re just making a point about end-of-life in anything electronic.
Here’s why ignoring EOL timelines is a bad idea:
- Vulnerabilities to Software – A firewall and anti-virus are not enough protection against unpatchable vulnerabilities, which hackers are quick to exploit.
- Incompatibility in Software – New applications are optimized for the most recent operating systems; that means that when using EOL operating systems, you can’t upgrade to the latest and greatest so you’ll be forced to hold on to “legacy” applications (which are also likely to reach end-of-life).
- Issues with Compliance – Entrusting your critical information to a decade-old OS or an unsecure application is a terrible plan; in addition to security lapses, it could result in big fines, company shutdowns or possible jail time in extreme situations.
- Through-the-Roof Operating Costs – The costs of maintaining and bug-fixing any post-EOL software can be steep; consider that the expense of paying Microsoft to patch an EOL operating system can greatly exceed the price of simply replacing Windows Server 2003, as an example.
- Poor Reliability and Performance – Chances are good that if you’re still running legacy apps or old versions of Windows, you’ve got some aging servers and workstations hanging around the office, as well. You know what this does? It adds to your risk, because these likely out-of-warranty devices are prone to breaking down. Consider this: That downtime alone could be more costly than an overdue upgrade.
The bottom line is that there is no sure-fire way to run end-of-life software. The potential risks typically outweigh the rewards, even if your budget is ridiculously tight. Compliance, compatibility and security are all big concerns with EOL software.