Key Points in This Article:
An often overlooked yet crucial function of IT administrators across industries is to keep their corporate networks up-to-date. When businesses and organizations allow outdated software to languish on their servers, they not only waste valuable resources. They can expose their networks to vulnerabilities that hackers and cybercriminals can exploit. When a developer retires software, they no longer provide patches and updates, which then falls to IT departments to secure. Doing so usually falls to the bottom of the priority list and is often neglected entirely until an incident occurs.
Not only can outdated software inadvertently create backdoors to your network, but the data contained in these applications is also quite vulnerable. You can quickly lose sensitive employee, financial, or client information you forgot was stored in outdated software. And soon enough, you may lose customers, employees, and revenue while potentially facing legal or regulatory action due to negligence.
These systems also increase your network’s overall vulnerability to a ransomware attack. These attacks can be devastating, particularly for small businesses and those with underresourced IT departments. Even a moderately sophisticated ransomware attack that encrypts a few key systems can be enough to put a company out of business.
And the perpetrators of these attacks spare no business or industry. Cybercriminals have targeted corporations and companies of all sizes, government agencies, schools, hospitals, and many other entities in the past decade. Cybercriminals seek vulnerabilities they can exploit to access networks from which they believe they can extract payment. Often, the amount of the payment isn’t what threatens a business’ operation as a going concern, but the consequences of an attack, including:
Even businesses and organizations with a cyber incident response plan on paper will find that an actual attack often unfolds quite differently than it does in scenario planning sessions. There’s invariably a scenario you did not account for, a new staffer who isn’t up to speed on the plan when the attack occurs, or a failing backup system that no one identified. And while you may be quick to respond and mitigate the damage, you won’t always be lucky.
It’s a better strategy to fortify your network and continuously assess it for weaknesses and vulnerabilities. But you don’t need to do a risk assessment to know that retired software should no longer be on your servers. Schedule one now if you haven’t performed a network audit in a while (at least six months). A network audit involves more than just ensuring your software applications are up-to-date. However, using the network audit process and methodology is good practice. During the audit, take the time to:
You’ll also want to develop a plan to retire outdated software applications. Doing so lies outside the scope of a network audit and requires more than just a network auditing tool. You’ll want to reach out to end users still using these programs and determine how best to replace them without data loss, operational disruption, or internal disputes.
But regardless of your budgetary constraints and organizational culture (or dysfunction), you must get outdated software off your network. It poses a liability that, if properly exploited, could spell the end of your business or organization.
If you haven’t performed a network audit in a while and brought your applications up-to-date, you may find the process a bit overwhelming. To avoid the extra stress and work involved in clearing backlogs of outdated applications from your network, plan to phase out applications that their developers are retiring.
Major software developers like Microsoft announce their plans to retire applications years in advance to give users across the globe the time they need to transition to new systems. By keeping an eye on these announcements, you can create a plan to phase them out over time. That way, you can give your co-workers time to adjust to the new system or system update while ensuring your network is as safe as possible from threats.
Microsoft announced plans to retire three products in 2023: Microsoft Azure Virtual Machine (classic), Kaizala, and Scheduler for Microsoft 365. Over half a dozen products will no longer be serviced, including Windows 10 Enterprise and Education, Microsoft Endpoint Configuration Manager, Version 2107, and Windows 11 Home and Pro. Further, dozens of products will no longer receive support, and it’s only a matter of time before they are retired entirely.
Some products will be placed on Extended Support, which will allow users more time to transition from them to more modern versions or alternate products. During the Extended Support phase, these applications will not undergo any panned or requested design changes and will likely be retired in the future.
Microsoft’s blog has a complete list of products slated for retirement, End of Service, End of Support, or Extended Support in 2023. Microsoft strives to make these transitions as easy as possible for corporate and individual customers. So they’ve outlined not only upcoming product retirements and phase-out plans for 2023 but also 2024, 2025, 2026, and 2027.
If you look at the list for 2027, it’s not nearly as robust as that for 2023. But over time, Microsoft will continuously update the blog with its product plans. It’s a good idea to bookmark this blog and sign up for updates so you have the necessary information to revise your own organizational IT plans accordingly. By doing so, you’ll be able to ensure your network’s resources are always up-to-date and keep it as free from potential vulnerabilities as possible.