Estimated reading time: 4 minutes
There are various aspects of technology risk management that every business needs to track. If you are in business, you are in the technology business. Vulnerabilities and obsolescence have been a growing focus for many organisations and have become a key metric for regulators.
In this article, we will look at both these areas, why they are essential and what you can do to manage these risks.
Technology Risk: Vulnerabilities
Cyber-attacks are growing and becoming more sophisticated. As a result, threat Actors continually seek ways to extract sensitive information or cause disruption.
One of the ways this is achieved is by exploiting weaknesses in software and hardware. Unfortunately, these weaknesses are generally code that unintentionally allows the threat actor to perform an action they should not. Ultimately, this could provide access to sensitive information your company wants to avoid falling into the wrong hands.
Keeping control of vulnerabilities is a crucial risk for organisations. Personal or sensitive data loss leads to reputational, financial and regulatory risk. Breaches devastate a company and can lead to substantial financial remediation plans. With vulnerabilities, prevention is always better than cure and requires active management.
How do you manage vulnerabilities?
Many solutions exist to manage the detection of vulnerabilities. These all broadly consist of scanning the environment and cataloguing software which contains exploitable vulnerabilities. Once identified, the software owners must update to a new version, removing the weaknesses. The critical takeaway is timely identification and rapid remediation. As a result, scanning needs to be regular and a process to address well understood.
You can see the most exploited vulnerabilities in 2022 in the short article from Tech Monitor. You can also understand the sheer volume of exploitable vulnerabilities in the Cyber & Infrastructure Vulnabiltes catalogue. The two links underline the importance of getting ahead of the curve and robustly managing vulnerability risk.
Technology Risk: Obsolescence
Obsolescence is ensuring that your software and hardware are up-to-date. Developers constantly update their code with new features, and hardware manufacturers utilise the latest technology in their kit. However, these updates also include enhancements for performance, stability and security. As a result, operating on the latest software or hardware makes all-around good sense.
There is another overlooked but important angle to obsolescence – namely, support. Developers and manufacturers can only handle backward compatibility for a short period. So as their products and services evolve, they look to retire legacy iterations and reduce their support offering. If you remain too long on an older version, any support will likely be on a best endeavours basis. In the worst case, you may be without support for your most critical services.
As you can see, obsolescence is multi-faceted and remains a critical part of technology management. Failure to get on top of this will result in problems and problems that don’t have an efficient remediation path.
How do you manage Obsolescence?
Software and hardware providers are always keen to furnish you with the latest features, enhancements and security improvements. Typically, when an update is required, the supplier will notify you, and from there, you can take action.
However, obsolescence management becomes an unwieldy beast in the enterprise or more extensive organisation. This is because thousands of servers can exist globally, and software is ubiquitous. In this case, active and regular scanning for obsolete software and hardware is the best approach for detection. Trying to do this manually will increase human costs and result in a poor understanding of the risks.
We cannot emphasise the importance of testing before any software update, especially if you are updating a client-critical service. Keeping your environment updated has many benefits, but implementing new software or hardware can introduce bugs. In terms of hardware, it more than likely causes unexpected behaviour.
Testing is a challenging area to tackle. To succeed, you will need a parallel environment and solid post-change testing (preferably automated) to ensure the service works as intended. In addition, complex services require robust testing due to the thousands of permeations that can trigger an issue. Without automation, you will be heading for a very long upgrade path.
However, testing is essential and something that you should pay attention to. Studies show that many unplanned incidents are directly related to change and update activity. Therefore, ignore testing at your peril.
This article shows you the importance of vulnerability and obsolescence management. It is not someone else’s problem; it is your problem and requires robust processes to protect stability, performance and security.
If you need any help, you can always reach out to the SaneChoice Team.