New data suggests that organisations are extending the life of their assest despite the risk attached.
The total percentage of network devices which have passed last-day-of-support has dropped dramatically from 31% in 2009 to 9% in 2010. However, the total amount of technology late in the obsolescence phase remains high, with the percentage of devices in late stage end-of-life sitting at a substantial 47%. This could be evidence that more organisations are choosing to prolong assets up to the the highest risk lifecycle stage.
That’s according to data in the Network Barometer Report 2011 published today by Dimension Data. The Report covers aggregate data compiled from 270 Technology Lifecycle Management Assessments conducted worldwide in 2010 by the Group for organisations of all sizes across all industry sectors. It reviews the networks’ readiness to support business by evaluating the configuration variance from best practices, potential security vulnerabilities, and end-of-life status of those network devices.
Raoul Tecala, Dimension Data’s global Business Development Director, Network Integration says, “While some organisations appear to be wising up to the financial benefits of intelligently ‘sweating’ network assets, if the cost savings aren’t weighed against the risks, they could also be exposing themselves to serious business continuity issues.
“Sweating assets is a term applied to extending or maximising the useful life of an existing technology asset, and thereby avoiding the need to replace or update it until absolutely necessary,” explains Tecala.
While there’s no definitive way of telling whether the drop in the percentage of devices beyond LDoS means that organisations are choosing to push certain assets further into their lifecycle, the results suggests that clients are more aware of their network assets and are refreshing devices where the risk is highest. Tecala says the assertion that older devices are at higher risk of security breaches is acknowledged by standards and compliance bodies.
Neil Campbell, Dimension Data’s global General Manager, Security says, “If organisations detect a critical asset past end-of-software maintenance, they’re not likely to have access to the latest vendor-supplied security patches. And failing to apply patches would be a direct violation of many compliance standards, including the Payment Card Industry Data Security Standard.”
“The critical question is whether organisations know about their aging assets. Previous research not related to the Network Barometer Report that was conducted by Dimension Data found that clients were unaware of as much as 25% of their networking devices,” adds Tecala.
“Organisations need to know where it is, what it does, and what the implications are when it breaks and becomes unsupportable. In order to achieve this, visibility into the lifecycle status of their assets so that their age and viability can be properly assessed is critical.
“Not only do IT departments leave themselves exposed to crisis management spend in the event of a failure on the network but, from a strategic perspective, they may well find that older devices don’t support new applications and solution investments.”
Other findings in the Report include:
- Over 73% of corporate network devices analysed by Dimension Data during 2010 were carrying at least one known security vulnerability. This is almost double the 38% recorded in 2009
- a single high-risk vulnerability – PSIRT 109444 – which was identified by Cisco in September 2009, was found in a 66% of all devices
- TLM Assessment results showed that if PSIRT 109444 was taken out of the equation, organisations had patched fairly well: the next four vulnerabilities were found in less than 20% of all devices