I was with a colleague at lunch a few months back and this discussion came up in excruciating detail. The issue specifically had to do with security and compliance for old or “legacy applications” that are sitting on older versions of Windows or Red Hat.
The problem is one we hear often: the application was written by either someone who has moved on to another position, doesn’t work there anymore or was written by a company that went under or decided to end-of-life (EOL) the application.
What do you do when the vulnerability scanner run by your security department detects up to 600 applications that are out of compliance? In most cases, the security organization will want these applications either upgraded or moved off your network.
This isn’t always possible due to the criticality of most of these applications. Often, they are critical to run the day-to-day operations of the company or they are critical to the well-being of the organization.
This problem is one that many companies face, and the answer is never a simple one.
An interesting question was formed: What if we moved the entire legacy workload onto an appliance and wrapped the security controls and policy around the individual workloads?
We helped computer software company Nuance Communications a few months back and had staggering results.
They first ran a Rapid7 vulnerability scan on one of their applications. The report showed vulnerabilities related mostly to the outdated OS it was running (in this case, Windows 2003). We then moved the workload onto the Skyport appliance (which has its own inclusive OS, hypervisor and security stack) and re-ran the vulnerability scan.
This time, the scan came back with zero vulnerabilities. This was the first time in a customer environment that I heard the infrastructure person cheer out loud. This became a major inroad for both the security team and the infrastructure team.
Once it’s determined that a legacy application is critical to an organization and cannot be upgraded yet is vulnerable, companies still have options. Now, they can move those applications to SkySecure and reduce the threat landscape in the organization.
It’s rare in our field when you can solve such a critical problem for an organization, yet very rewarding at the same time.
Although there are several critical use cases for the Skyport appliance such as DMZ, Active Directory and sensitive application, it’s also nice to see that it can solve this real problem for our friends at Nuance Communications and potentially other companies as well.
Executive Vice President