Let’s get one thing straight — legacy technology isn’t bad.
Legacy computer systems and software have withstood the test of time for a reason: they get the job done consistently, predictably, and reliably.
Many executives run operations from a “if it ain’t broke, don’t fix it” framework. Why spend money replacing something that works just fine?
The problem is when leadership is under the illusion that things are fine when the house is about to burn down. Unfortunately, unplanned legacy breakdowns often lead to costly downtime, logistical complications, and disgruntled customers.
As mounting server hacks have shown, perimeter-based networks are particularly vulnerable to data breaches. In this article, we’ll look at an industry that could have benefited from reducing its dependency on legacy technology sooner rather than later. We’ll also review the top four things organizations should do to approach Zero Trust implementations most pragmatically.
Why Switch from Legacy Tech to Zero Trust
In 2016, Southwest Airlines experienced that moment after a single router failure delayed hundreds of thousands of fliers. The airline’s monolithic architecture couldn’t adapt quickly enough to accommodate large fluctuations in the environment.
As reported by USA Today, Southwest’s CEO expected the incident to cost the company up to $10 million. But Southwest isn’t the only airline experiencing IT growing pains.
According to The Wall Street Journal, several U.S. airlines have felt the weight of aging legacy systems in recent years. The infrastructures simply aren’t designed to handle high-server traffic, attempted hacks, and remote work policies.
Security researcher Noam Rotem further exposed the travel industry’s technology shortcomings after hacking into Amadeus in 2019. The travel reservation system contained a significant security breach that allowed anyone to access and change private information on bookings.
Considering the system’s integration with 200 airlines, the security oversight left vulnerable the private information of millions of passengers!
How to Ditch Legacy Technology (With Less Stress)
The best way to avoid unforeseen legacy letdowns is simple: embrace cloud-based technologies and adopt a Zero Trust (ZT) security model. Agile cloud systems, applications, and technologies go hand in hand with ZT best practices.
The biggest mistake SMEs make when making the switch? Not planning to complete the implementation in incremental steps. Follow these four guidelines to slowly leave legacy systems behind:
1. Triple-Check Your Tech
Before forging full steam ahead, look under your network’s hood. You may find outdated servers, unused licenses, unsecured assets, and architecture holes that aren’t ZT-friendly.
Make a list of everything you find that isn’t Zero Trust compliant. From there, prioritize both short-term and long-term solutions for tackling items. Depending on circumstances, you may decide some architectural elements are too expensive or complex to cut out right away. Alternatively, you may find various tools in your stack fall short in providing the automation you need for Zero Trust implementation.
Just remember: the longer you sit on noncompliant elements, the further behind the organization becomes in fulfilling evolving security standards. So, seek long-term solutions that upgrade, fix, or replace noncompliant technologies.
The cost of maintaining legacy systems will only increase as they become less relevant. As vendors stop producing parts, inventive repairs will fall on the shoulders of IT staff. Want some help determining what your team should prioritize first?
The automated assessment is designed to reveal your baseline, before providing targeted suggestions for next steps. It took us months to build, but it will only take you about 5 minutes to complete.
2. Safeguard the Important Stuff
Before you update anything in the legacy environment, it’s essential to protect organizational data. Schedule time to complete the following tasks:
- Quarantine data: Use an air gap, VLAN, or firewall rules to protect essential in-house data. Microsegmentation helps prevent lateral movement in case of breaches.
- Back up data: Always maintain backups in a separate location to ensure the organization won’t permanently lose data if hacked.
- Use cloud storage: Consider migrating your most sensitive data into a secure, reliable cloud solution.
Once your team has safeguarded organizational data, it’s time to begin the Zero Trust implementation.
3. Execute Zero Trust Elements (Slowly)
Don’t expect to establish your new Zero Trust architecture overnight. Forrester, the industry analyst firm that gave birth to the concept of Zero Trust, estimates that most organizations’ journey can take up to three years. Prioritize the measures that will have the greatest impact at the lowest cost. Then, work toward completing more time-consuming, resource-intensive, and complicated tasks.
Ask yourself: which resources require the most protection, and which measures are most essential to achieving that end? Answering questions like these supports incremental technology licensing as opposed to mismanaged overspending.
Most organizations should prioritize implementing ZT protection around personal identifiable information (PII) and IP data, core business operations, customer data, and financials.
Limit the number of users that have access to these resources. Adopting a principle of least privilege (PLP) framework can also help save on licensing costs. For example, the marketing department doesn’t need access to the same applications the financial department does.
Consider only purchasing licenses for the few employees who absolutely need them. Finally, conduct a cost/benefits analysis to determine where the cost of protecting a breach far outweighs the cost of the security protecting it.
Enabling remote lock and wipe for noncompliant devices, tightening access controls with multi-factor authentication (MFA), and enhancing patch management are areas that often provide solid ROI for beginners.
Reach for these low-hanging fruits to significantly enhance security, while your IT department ramps up its budget for Zero Trust.
4. Secure Total Organizational Support
Lastly, don’t expect to achieve success without stakeholder buy-in. Executive leadership must understand the financial risks associated with maintaining legacy technology.
That means IT managers are responsible for compiling data around the latest breach statistics, potential losses of not adopting Zero Trust, and the resource commitment involved in switching.
IT team members may also require education on how to manage foreign ZT elements. And, finally, non-IT colleagues should receive periodic security training on best practices. With everyone on the same page from the beginning, you’re less likely to encounter resistance and have a smoother rollout.
Save Time (and Reduce Errors) with JumpCloud
As mentioned earlier, legacy systems aren’t bad — they’re just no longer the best option. Protecting customer privacy, avoiding outages, and providing smooth user experiences is more important than ever before.
Instead of cobbling together several tools to support Zero Trust, why not consolidate your efforts with one centralized platform? JumpCloud Directory can handle the functionality of several Zero Trust point tools at a fraction of the cost. Look no further for a simple solution that combines identity and access management (IAM), single-sign on (SSO), and patch management.
Take JumpCloud’s Zero Trust Assessment to identify your next best steps. Our team of expert engineers designed the quiz to help IT managers determine how prepared they are to implement ZT best practices. It only takes about 5 minutes to complete.