SecurityFocal
The investigation results from the Japanese gaming company Capcom attack released recently, have once again highlighted the disadvantages of legacy systems. But what are legacy systems anyway?
Legacy Systems are older applications, outdated firmware, and devices that are end of support from the manufacturer or are not updated for a really long time.
If you think you do not use a legacy device in your home, think again. We are actually surrounded by legacy devices. When did you last updated the firmware of your home router or modem? Your three-year-old android phone is not getting updated as the manufacturer is not supporting the updates since last two years. Yes that’s also a legacy device.
These devices actually put you at a higher risk of a malware attack or a data breach and this is not all. Legacy systems have became a common business bottlenecks for organizations across the world. These outdated systems put a legacy burden on the business and many times affect the business growth.
But why legacy systems are still in use?
Because, it’s too hard to replace them. They may power a critical business process and the risk may be too high if the data get’s corrupted or lost in the transition or upgrade. Further many of them lack any documentation or technical specifications, which means you can not build or re-write them even from scratch.
In this post, we would like to focus on corporate devices and applications. Following are the key disadvantages of using legacy systems and applications:
Change is the law of life and those who look only to the past or present are certain to miss the future.
But why legacy systems are still in use?
Because, it’s too hard to replace them. They may power a critical business process and the risk may be too high if the data get’s corrupted or lost in the transition or upgrade. Further many of them lack any documentation or technical specifications, which means you can not build or re-write them even from scratch.
In this post, we would like to focus on corporate devices and applications. Following are the key disadvantages of using legacy systems and applications:
1. Legacy Systems are a security hazard
A large number of data breaches or security incidents reported in last few years, are a case of exploitation of legacy systems or unpatched devices. Legacy systems use outdated hardware and software designed based on the security standards back a few decades.
To add to this, these systems may have inherent security vulnerabilities, and a lack of support to features like encryption, multi-factor authentication, and role-based access control which puts them at a very high risk of compromise.
If you would like to mitigate the security risks, please refer to our article on how you can mitigate the risk and secure legacy devices.
2. Legacy Systems results in legacy ecosystems
Most of the times legacy systems do not work in silos and need some other legacy systems as well to use. For example, an accounting application may need the use of Windows XP or Windows 8 and Internet Explorer older versions, like Internet Explorer 5.
This in turn gives you three legacy technologies to maintain instead of one.
3. Experienced resources are difficult to find
Managing legacy devices and applications is challenging and even more challenging is to find skilled resources who have experience in working on these legacy systems.
Imagine a system developed on a computer language like Fortron or Cobol. Now finding a developer to maintain the program is difficult to start with. Another idea here may to hire and person and train him, which brings us to our next point.
4. Adversely impact the morale of employees
Your employees and new hires are more inclined towards learning what is latest and new age which will benefit them to advance their career. Using age-old or retrospective technologies will be counterproductive to hire and retain the talent.
5. Very limited or no documentation
These solutions are dependent on people rather than process-driven and well-documented. It can give employees a better bargaining position when they know that a replacement is difficult to find.
Further, there can be events like employees relocating or even deaths, that can create situations difficult to manage.
6. Gets expensive to maintain with every passing year
The cost to maintain these solutions keeps on rising over time, since you may not find a replacement to a weary computer system that is few decades old.
Most often, you need to place a custom order where the manufacturer is going to charge you much more. Not to mention the cost of management, resources, and security risks that comes with it.
7. Legacy systems are inefficient and unstable
These systems seldom are uni-tasking and may crash often, further due to the lack of features like high availability or load balancing, they take much longer time to fix and cause much higher impact.
For example, a few years back, Planes were grounded for several hours at Paris’ Orly airport, one of the busiest in the region due to the crash of a 23-year-old Windows 3.1 system.
8. A Roadblock for digital transformation
Ongoing Covid 19 crisis has become the final push for digital transformation and work from home. In this work-from-anywhere world, legacy applications do not have any mobile or web interface as they are not designed this way.
Further publishing them over internet will aggravate the risk. To add to this, they are not compatible with today’s systems.
This actually holds you back on your path to digital transformation.
9. Not designed for scalability and efficiency
Legacy systems often are not designed for modern day’s workload. These systems can not handle a growing amount of work by adding resources to the system. Which in-turn leaves limited options for organizations except to run many instances of these applications and in-turn increasing the overheads.
Well there are still some points which are considered as advantages of Legacy systems:
1. Familier and easy to use
People and organizations as a whole becomes so used to of the old system, that it just feels very easy to get things done with the legacy systems.
2. They do certain tasks efficiently
While they may not overall be very efficient, the legacy systems perform efficiently for the tasks which they are designed to do, despite being outdated.
3. The price feels right
The only visible cost for legacy systems is usually the maintenance cost which feels like a bargain compared to the usability of the solution and the cost of modernization.
4. Legacy systems ensure continuity
As the existing team is well worse with the solution, it becomes easy to train a new team members and get them started. Switching to a new technology is a sophisticated process that could affect ongoing business operations.
The disadvantages of legacy systems far outweighs the benefits and organizations should look for modernisation and systematic migration from these solutions.
3 comments
Pingback: How to secure legacy systems: An expert opinion | SecurityFocal
Pingback: Hybrid Ransomware Attacks & Ransomware Removal | SecurityFocal
Pingback: What are Web Cookies: Privacy, Security & Compliances | SecurityFocal