New data suggests that organisations are sweating assets… but have they weighed the risks?
The total percentage of network devices which have passed last-day-of-support (LDoS) has dropped dramatically from 31% in 2009 to 9% in 2010. However, the total amount of technology late in the obsolescence phase remains high, with the percentage of devices in late stage end-of-life sitting at a substantial 47%. This could be evidence that more organisations are choosing to sweat assets up to, but not beyond, the highest risk lifecycle stage.
That’s according to data in the Network Barometer Report 2011 published today by Dimension Data, the global specialist IT services and solutions provider. The Report covers aggregate data compiled from 270 Technology Lifecycle Management (TLM) Assessments conducted worldwide in 2010 by the Group for organisations of all sizes across all industry sectors. It reviews the networks’ readiness to support business by evaluating the configuration variance from best practices, potential security vulnerabilities, and end-of-life status of those network devices.
Raoul Tecala, Dimension Data’s global Business Development Director, Network Integration says,
“While some organisations appear to be wising up to the financial benefits of intelligently ‘sweating’ network assets, if the cost savings aren’t weighed against the risks, they could also be exposing themselves to serious business continuity issues.
“Sweating assets is a term applied to extending or maximising the useful life of an existing technology asset, and thereby avoiding the need to replace or update it until absolutely necessary. This allows organisations to maximise their return on investment while minimising their capital expenditure,” explains Tecala.
While there’s no definitive method of telling whether the drop in the percentage of devices beyond LDoS means that organisations are actually choosing to push certain assets past a certain lifecycle stage, the results certainly suggests that clients are more aware of their network assets and are refreshing those devices where risk is greatest. Tecala says the assertion that older devices are at higher risk of security breaches is acknowledged by standards and compliance bodies.
Neil Campbell, Dimension Data’s global General Manager, Security says, “If organisations detect a critical asset past end-of-software maintenance, they’re not likely to have access to the latest vendor-supplied security patches. And failing to apply patches would be a direct violation of many compliance standards, including the Payment Card Industry Data Security Standard (PCI DSS). Then the door’s not only open to security breaches, but the ensuing nightmare of litigation, punitive damages and reputational loss.”
“The critical question is whether organisations know about their aging assets. Previous research not related to the Network Barometer Report that was conducted by Dimension Data found that clients were unaware of as much as 25% of their networking devices,” adds Tecala and points out that full visibility of the technology estate is a fundamental prerequisite to intelligent asset management and targeted sweating.
“Organisations need to know where it is, what it does, and what the implications are when it breaks and becomes unsupportable. In order to achieve this, visibility into the lifecycle status of their assets so that their age and viability can be properly assessed is critical, or they’ll continue to run with issues that could have a devastating effect on overall business productivity and efficiency.
"Not only do IT departments leave themselves exposed to crisis management spend in the event of a failure on the network but, from a strategic perspective, they may well find that older devices don’t support new applications and solution investments.”
Other findings in the Report include:
- Over 73% of corporate network devices analysed by Dimension Data during 2010 were carrying at least one known security vulnerability. This is almost double the 38% recorded in 2009;
- a single high-risk vulnerability - PSIRT 109444** – which was identified by Cisco in September 2009, was found in a staggering 66% of all devices;
- TLM Assessment results showed that if PSIRT 109444 was taken out of the equation, organisations had patched fairly well: the next four vulnerabilities were found in less than 20% of all devices.
To download the Network Barometer Report 2011, visit www.dimensiondata.com/networkbarometer
**A PSIRT is a software vulnerability that has been identified by Cisco’s Product Security Incident Response Team. Each PSIRT identifies a unique IOS vulnerability based on extensive lab testing and research by Cisco.
About Dimension Data
Founded in 1983, Dimension Data plc is an ICT services and solutions provider that uses its technology expertise, global service delivery capability, and entrepreneurial spirit to accelerate the business ambitions of its clients. Dimension Data is a member of the NTT Group. www.dimensiondata.com