In prior posts on FTI, we shared videos from Senior Director of Product Management at SolarWinds Mav Turner’s series about prioritizing IT modernization and mitigating the impact of legacy IT on modernization progress. Mav’s video series aims to share tips and insights for federal IT leaders about the most sensible approaches to tackling IT modernization.
In part three of his video series, Mav explores how legacy IT systems can affect information security and what precautions should federal IT leaders take to keep those risks under control.
This is particularly important as, depending on the age of the system in use, most of them cannot be properly secured or don’t support modern sign-on interfaces compared to newer technologies in use today. Mav notes, “Often these encryption algorithms and the standards that are used [in legacy systems] don’t meet today’s standards.” In fact, many are still operating unencrypted.
In addition to the obvious security vulnerabilities that come with weak or no encryption, older systems operating on outdated operating systems (OS) can be impossible to patch or update. Depending on the age of the OS that’s in use, the vendor may no longer be updating the product and that’s where the crux of the vulnerabilities lie. Even if new applications or programs running on the OS can be updated, the OS itself might not be, increasing chances for cyber threats.
Mav also suggests that IT leaders consider system access points, as older systems don’t often minimize the number of ports being accessed or properly segment out access. This leads to increased vulnerability in underlying systems and an increased attack surface for hackers.
Watch the full video below to learn from Mav about information security considerations and vulnerabilities that come with legacy systems and threats of which federal IT decision makers should be aware.