Technology End of Life
Organizations need to replace equipment and software when the vendor ceases to provide security and functionality updates. Like a dairy product that has gone bad, devices and software don’t age well after their end of life (EOL) date. Their continued use increases the organizations risk to cyberattack, technical problems won’t get vendor support, and system or infrastructure innovation may be hobbled due to their dated functionality/capability.
Managing hardware and software for your organization requires awareness and tracking of their respective EOL dates. This is done by maintaining a current list of devices/software and their EOL dates, and proactively replacing those items prior to their expiration. This practice, while simple in concept, is much harder to achieve in real life.
Replacing any technology often comes with many hidden challenges. Dependencies amongst network devices and systems need to be addressed, traffic flows may need to be rerouted, and worse case, down times have to be scheduled. Obviously not all devices present the same challenges, so technology reaching its EOL date has to be treated on a case-by-case basis; some projects will take longer than others. So this list, which I hope you have with all your technology and associated EOL dates needs to be prioritized by the level of complexity and time to replace in order to properly gauge their replacement start dates.
Adding to the confusion are how vendors define end of life for their products. There are many related terms used by vendors:
- End of Service/Support/Maintenance – Vendor is no longer providing updates or supporting their product
- End of Sale – No longer sold, however the vendor may still be supporting it
- End of Life – The product is no longer sold or supported
The key item to track is the vendor’s end of support for their product, where they will cease to provide updates that address software bugs and vulnerabilities. For example, as of the date of this article Microsoft sells Windows 11 as their primary operating system, yet they will continue to support Windows 10 until October 14th, 2025. Any Windows 10 system running in the organization after this date will progressively add risk to the network. A dairy product is likely fine the day after the expiration date, however would you dare to try it two months later? EOL in technology imparts a similar gradual rot.
Here are some suggestions to help manage technology expiry issues that are guaranteed by the constant march of time. Where feasibly possible, given everyday business constrains, keep these in mind:
- Inventory and track technologies with end of support dates.
- Select technologies from vendors with proven records of support and business longevity.
- Select technologies with EOL/EOS dates far out into the future.
- Standardize on technologies for use throughout the organization. This reduces the number of make and model of devices thus making it easier to track and manage.
- Create and contribute regularly to a hardware refresh budget that is used to replace sets of hardware after a given period of time; 3 to 4 years typically.
And…don’t forget about firmware! Almost all hardware today comes with embedded firmware that provides the functionality for the device. Firmware update releases are not that frequent, however they do occur from time to time. Upgrading firmware on a device is usually simple, however it may require some downtime or at least a reboot after the update. An update, if available, should be done before placing the technology into production. Afterwords, someone should check on new releases at least once a year. Firmware updates are tied to end of support dates as well, which is another reason to keep all hardware current.
I hope you found this helpful. This is the first technical article of what I hope will be many that we will be providing to this forum. I welcome any and all comments and suggestion for other topics. If you would like to help contribute let me know!
Abel Sanchez (abel@staidworks.com) – BankSafeTech Contributor and Moderator
