Old technology solutions – every organization has a few of them tucked away somewhere.
It could be an old and unsupported storage system or a tape library holding the still-functional backups from over 10 years ago.
This is a common scenario with software too. For example, consider an accounting software suite that was extremely expensive when it was purchased. If the vendor eventually went under, then there's no longer any support for the software – which means that the accounting solution only works on some older operating system that isn't supplied with updates either.
How valuable is it to keep older solutions like this running? Well, organizations don't enjoy running old legacy systems just for the pleasure of it, but they're often forced to keep them running because it's their only option, or at least the only cost-effective option available to them.
If it works, it works…?
From a purely functional perspective, there is usually no problem with old technology. Yes, the technology is outdated, but it can still fulfill its role perfectly adequately. Companies continue to use old physical equipment because, after all, that old storage system is still accessible and the tapes can be read when needed. It just works – and it's been working well for a long time.
The same goes for old software. The software might be outdated, but accounting manages all the invoices and payables using the old software with no issues at all. What's more, anecdotally anyway, older hardware lasts longer than more modern counterparts. Remember grandma's old fridge that lasted 40 years? Yours will have a good run if it lasts 10 years.
The same thing applies to IT, but for different reasons. New hardware is more complex and thus has more breakable parts than older generations. But there is a different risk that's inherent to older hardware: it is commonly no longer supported by new operating systems, which means that running end-of-life operating systems is the only way to keep those old workhorses running.
The argument for replacement
So, why the eagerness to update everything if older systems do, in fact, work that well?
During election season "it's the economy, stupid." In the IT world, on the other hand, "it's security, stupid." Old systems are intrinsically unsecure. New vulnerabilities that affect old systems still pop up all the time, but there are no fresh updates for these end-of-life systems that protect against those new threats.
This introduces complicated consequences beyond just cybersecurity. For example, companies that run unsupported systems can be in breach of compliance requirements because it's impossible to meet compliance metrics for timely patching of vulnerabilities when patches are never released in the first place.
Companies have tried many approaches to bridge the gap between the need to keep legacy systems running and the fact that there's a lack of updates for those systems. It creates a headache for IT practitioners, who have tried everything from air gapping systems to hiding systems behind multiple network-level security layers and implementing restrictive access controls around them.
Fortunately, there's an alternative
All the options we've mentioned impact the regular use of a system, which creates its own set of challenges. The bravest (or less security conscious) IT teams will simply cross their fingers and not do anything at all, hoping for the best.
But let's step back for a moment. What's the real problem with running older, end-of-life systems?
It's simple: it's the lack of available security updates. The system is running fine and it's valuable exactly because it is running as is. The only thing missing is timely security updates.
If we can find a way to apply security updates to an end-of-life system, then running that system is just the same as running an operating system launched last week – because the system fulfills its intended purpose and it does so securely.
Thankfully, extended support is out there, and you can add it to unsupported systems. One option, for example, is subscribing to extended support from OS vendors who provide an extension on the period during which patches are available for their operating system version. This type of solution isn't always implemented when it would be the most useful, however, because it can be expensive.
Affordable extended support
If the story we described sounds familiar or if you rely on older systems as part of your IT infrastructure, and you want to know more about keeping them secure, TuxCare can help.
At TuxCare, we provide Extended Lifecycle Support, without all the extras, at a sensible price. Thanks to TuxCare, you can now solve the issue and keep your valuable systems running as securely as any others, until such a time when it's appropriate to move the workload elsewhere.
Need to buy yourself some time to migrate to a supported OS while still securely running an outdated system, all while receiving security updates? Check out TuxCare's Extended Lifecycle Support.
This article is written and sponsored by TuxCare, the industry leader in enterprise-grade Linux automation. TuxCare offers unrivaled levels of efficiency for developers, IT security managers, and Linux server administrators seeking to affordably enhance and simplify their cybersecurity operations. TuxCare's Linux kernel live security patching, and standard and enhanced support services assist in securing and supporting over one million production workloads.