Legacy systems such as mainframes may be considered outdated by today’s standards but they continue to play major roles in many sectors, primarily finance, government, retail, healthcare and insurance. In these industries, they are crucial parts of day-to-day operations, because of their large-scale batch and transaction processing capabilities.
Don’t ignore Legacy Systems!
Legacy systems may seem like an anachronism in 2020 when the world is talking about modern workplaces, digital transformation and the Internet of Things (IoT). Yet, like it or not, even the most future-ready organization must understand that the mainframe is an important part of its infrastructure and hence requires a similar level of cybersecurity planning. While endpoint security and laptops are also important, it is foolish to believe that legacy mainframe systems are not at risk even if conventional wisdom suggests that they were built during an era when cybercrime was not as prolific as it is now.
The crux of the matter is cybercriminals remain very aware and seek to take advantage of vulnerabilities caused due to legacy systems. An example of this was found in 2014 when an unsecured Amazon S3 server was left online by FedEx. The server belonged to Bongo which had been acquired by FedEx. It was a legacy server that had gone unnoticed during FedEx’s acquisition of Bongo.
Part of the neglect towards legacy systems arises from a lack of understanding about what they constitute. In a note, the United States Computer Emergency Readiness Team answered this question by outlining a few types of legacy systems, some of which are mentioned below:
- Terminal Mainframe Systems
Terminal systems were the first type of computing devices which consisted of a large central processor mainframe, accessed by users through simple, directly attached terminals. It emerged in the 1960s and remained popular till the 1980s.
- Workstation (Client/Server) Systems
From the 1980s onwards, personal computers (PC) were being used with local area networks (LANs) connecting these PCs.
- Browser (Internet) Systems
The Internet heralded a new era of enterprise connectivity by allowing a universally available browser program running on a connected workstation for users to access and upload data.
With the emergence of modern-day Advanced Persistent Threats (APT) and emulation tactics, it has now become critical to concentrate on securing legacy systems as they may be susceptible to vulnerabilities. Enterprises can no longer ignore legacy systems but must start exploring ways to secure them.
What sort of Legacy Systems are there in the enterprise?
The first step is the most difficult but is the most necessary. Especially for enterprises which have had an IT system for decades, creating a list of legacy systems may seem like an impossible task but it is important to create one to understand how to secure them. Even creating a list like this will throw in information which was not available earlier – an enterprise may discover they use outdated legacy systems for essential tasks which may cause a security incident
Assess and take action
Once an enterprise knows the specifications of the legacy systems that exist within its perimeters, it can then move on to the next steps which include assessment and action. An assessment should include the risk potential of the systems. Depending on these assessments, enterprise systems can consider the actions they can take to mitigate these problems. These solutions could include up-gradation of the system or application of enhanced security solutions to mitigate the problem.
Seqrite’s range of enterprise security solutions could help you to secure legacy systems. Explore products such as Endpoint Security (EPS) and Unified Threat Management (UTM) to understand how we can meet your enterprise security needs.