- Business is unable to keep pace with the ever changing versions of application and operating systems. This can result due to the financial, resource or technical implications.
- Manufacturers will no longer issue fixes and patches for vulnerabilities that could be exploited by viruses, spyware and other malicious code.
- Develop new ways to protect legacy systems and applications from vulnerabilities without impacting current operations.
- MUST Use Organization Project Management process
- That the application/OS is required
- That the application/OS cannot upgrade
- Document the agreed to decommission date and what the plan is to replace the application. (This information will be forgotten otherwise.)
- Identify current environment capabilities:
- Understand what you have so you can determine what you need
- Include an Incident Management Plan for each app as part of the deliverables – risk can be reduced, not eliminated
- Work from Basics to More complex
- Apply to high risk systems first and low risk systems last
- Include DR/BCP
- Apply in Test and UAT environment first when possible
- DR/BCP should be tested first as it is not always possible to test the changes and rebuilding from scratch is not usually an option
- Be adaptable and be prepared for a few bumps along the way
- This will be a cyclical process.
- All applications will not be able to be changed at once
- There will be multiple hardening activities. They should be segregated in order to identify any issues that might happen and identify the cause.