It may be hard to believe, but there are still a large number of outdated systems, such as Windows 7 for clients and Windows 2008 for servers, which are running key areas of companies' businesses. Worst yet, some are still using Windows XP, Windows Server 2003, Office 2007, Outlook 2007 and other proprietary software that have gone end of life, and there is no support for the software. It is challenging to keep track of all IT assets (software/hardware)—especially for businesses that are geographically segregated or do not have an enterprise-level asset management program, or a proper change management process. We often find that it is the critical systems that run the unsupported software or hardware.
While most IT teams know the importance of unsupported systems and lifecycle management, competing priorities and the approach of “if it’s not broken” is often taken with legacy systems because it is challenging to find windows of time for maintenance. Once these systems lack support, manufacturing operations become vulnerable and are no longer safeguarded from risks. Manufacturers should know that security, compliance, and compatibility are fundamental parts of business operations. Software and hardware EOL (end of life) should be part of an asset management and change management process to reduce business interruptions and financial risks.
Putting off the inevitable because of other priorities and not managing the assets could lead to a greater impact on your manufacturing operations. Not addressing unsupported assets can be a major risk to your business. For instance, it could cause incompatibility issues and/or hinder a manufacturing competitive edge. In addition, it could lead to a critical security issue, or worse a data breach.
Planning for assets' end of life is never an easy endeavor, especially for proprietary systems. From a security perspective, once the software or hardware vendor stops providing support, bug fixes, and security patches, security can be easily compromised by bad actors who prey on these vulnerable systems to find exploits, knowing the vulnerabilities cannot be patched. And it’s not just the systems running the unsupported software that are vulnerable, it’s the entire infrastructure that becomes vulnerable at that point. When an un-patched system is compromised with an infected virus or malicious code, it becomes the ‘evil intruder’ on your infrastructure and can quickly be compounded on the network. Viruses or malicious code often move laterally. They can impact even the latest operating systems if those systems have not been patched or do not have the latest virus/malware protection. For example, if you leave one outside door open in a building, all other offices in that building that are not locked are now at risk. Doing nothing can lead to extended operational outage and financial loss.
Compliance and audit is another concern for manufacturers. In fact, that is why there are written requirements in many governmental regulations that relate directly to the concept of keeping software solutions up to date. For manufacturers, equipment must adhere to required levels of certification and is subject to either industry body or government regulations around privacy and security. Businesses that continue to use the unsupported software may now find themselves out of compliance with regulated industry or regulated data mandates, and further discover they may fail their audits. Removing software and hardware that is no longer supported greatly helps in meeting compliance and audit objectives. Often businesses focus on compliance after the audit, which translates to having some sort of a corrective action plan, and can possibly lead to severe legal consequences or penalties if not addressed.
Then there is the compatibility issue. New versions of applications are innovative and are being continually released as well as optimized to work with the latest operating systems (OS). This means using the latest applications on an old OS such as Windows XP or Windows Server 2003 will not always perform as intended or may not function at all. In which case, continuing to use a legacy application on an unsupported OS may lead to vulnerable systems and foregoing the latest features—ultimately producing both poor performance and poor reliability.
Asset management and change management, along with planning, are key success factors to decommissioning an asset that is going end of life. Part of the program should be to look forward and keep a pulse with your vendors to ensure you are aware of when assets will lose support. As part of the planning, it is important to have the business stakeholders involved early to ensure they are aware of the risks and are committed to the migration planning process.
First and foremost, safety for both employees and the environment is paramount for every plant site. The devil is in the details. The following factors must be considered when planning: pricing models, types of licenses, training required, frequency of upgrades, annual maintenance, implementation timeframes, consulting services, hosting infrastructure, upgrade cycles, and total cost of ownership, to name just a few.
Process resiliency and operational efficiency are key factors in safeguarding a manufacturer’s productivity and to ensure production runs at full capacity. Production downtime translates to financial loss and even greater loss when critical process failure occurs, given the time to rebuild and restart. Any malfunctions or production issues at a plant sites can cause harm to the company's reputation by delayed deliveries or problems with product quality. This is why changes in an IT environment should be proactive and planned out from start to finish.
Planning for End of Life Keeps the Business Running Smoothly
In conclusion, manufacturing engineers are trained to meet quality production schedules but are not expected to have the same level of expertise in IT. This is often why an end-to-end, otherwise known as a turnkey IT outfit, can ensure everything is done correctly from beginning to end.
It’s paramount for manufacturers to address their unsupported systems early on and to work with the vendors and partners who can provide guidance and handle operability, reliability, and integrity for multiple technologies, equipment, software and hardware. This is further impacted by interoperable systems that support the use of multiple vendors and application versions.
For many manufacturers, a software/hardware migration can represent a massive business investment, making a migration project an inevitable consequence of aging software systems. With the right planning, this can become a worthy improvement to the business, achieving the manufacturer's key objectives in terms of better performance, security, reliability, seamlessly integrated operations and competitive edge.
Afzal Bashir is CISO at Versatile Inc.