Organisations raising security risk by pushing network system lifecycles to the limit

According to the global IT services firm, whilst the total percentage of network devices which have passed their last-day-of-support (LDoS) has dropped dramatically from 31% in 2009 to 9% in 2010, the volume of IT kit has risen significantly in the same period.

The annual analysis reveals that the total amount of technology that is late in the obsolescence phase remains high, with the percentage of devices in the late stage end-of-life category weighing in at a hefty 47%.

This, says the Network Barometer 2011 report, could be evidence that more organisations are choosing to 'sweat assets' up to, but not beyond, the highest risk lifecycle stage.

The survey, which took in aggregate data compiled from 270 technology lifecycle management (TLM) assessments – conducted worldwide during 2010 by the group for organisations of all sizes across all industry sectors – makes for interesting reading.

Raoul Tecala, Dimension Data's business development director for network integration, said that, whilst some organisations appear to be wising up to the financial benefits of intelligently 'sweating' network assets, if the cost savings aren't weighed against the risks, they could also be exposing themselves to serious business continuity problems.

"Sweating assets is a term applied to extending or maximising the useful life of an existing technology asset, and thereby avoiding the need to replace or update it until absolutely necessary. This allows organisations to maximise their return on investment while minimising their capital expenditure", he explained.

Tecala added the assertion that older devices are at higher risk of security breaches is acknowledged by standards and compliance bodies.

Neil Campbell, the firm's general manager for security, meanwhile, said that if companies detect a critical asset past end-of-software maintenance, they are not likely to have access to the latest vendor-supplied security patches.

"And failing to apply patches would be a direct violation of many compliance standards, including the PCI DSS", he said, adding that the door is then not only open to security breaches, but the ensuing nightmare of litigation, punitive damages and reputational loss.

What’s Hot on Infosecurity Magazine?