I was with a colleague at lunch a few months back and this discussion came up in excruciating detail. The issue specifically had to do with security and compliance for old or “legacy applications” that are sitting on older versions of Windows or Red Hat.
The problem is one we hear often: the application was written by either someone who has moved on to another position, doesn’t work there anymore or was written by a company that went under or decided to end-of-life (EOL) the application.
What do you do when the vulnerability scanner run by your security department detects up to 600 applications that are out of compliance? In most cases, the security organization will want these applications either upgraded or moved off your network.
This isn’t always possible due to the criticality of most of these applications. Often, they are critical to run the day-to-day operations of the company or they are critical to the well-being of the organization.
Continue Reading →