Despite all of the investments being made in transforming networks, both those of service providers and the enterprises they serve, legacy equipment sitting in today’s networks will be around for some time. Why?
First, networks are big, complicated beasts and most IT and OT teams are transforming networks location by location, application by application, and cloud by cloud.
Second, the amount of “technical debt” can be too significant to write down given different amortization and depreciation schedules, and given continuing pressure on budgets, even the most enthusiastic advocate of moving 100% into software defined and virtualized networking is loathe to recommend “forklift” initiatives.
Third, there are hundreds of thousands of people who have been trained in, and have mastered the equipment and software in networks made possible by a variety of top original equipment manufacturers, whether Cisco, Dell, HP, and others; related, these same technicians and administrators have gotten into a groove when it comes to moving between various element management systems and other control platforms to keep the network and its end-users up and operating, happy and productive.
There are also very sophisticated network communications systems which support mission critical, real time applications. Take, for example, traders moving billions of dollars each day, and leveraging voice trading systems to reach trading counterparties through “hoot and holler” networks.
In a single, large global bank, with hundreds of trading floors and smaller offices around the world, subject to different regulations in different businesses, a “rip and replace” of their voice trading system could turn into a disaster if not orchestrated and executed perfectly. When seconds matter, and could cost millions or more in losses – those IT teams responsible for ensuring 100% (or at least seven 9’s) availability need to be on top of their game, always. Their bonuses and often the profits and reputation of their firms depend on it.
But what happens when legacy equipment is left vulnerable to internal mistakes or misdeeds, or to external hacking? This, too, can bring the systems down, or leave the data open for poaching, can lead to the loss of proprietary trading algorithms, in the case of black box trading and more.
Even one of the most venerable and trusted agencies in the world, related to financial trading, the US Securities and Exchange Commission, recently disclosed a hack of its corporate filing system that occurred last year. Even as consumers are worried about the massive Equifax breach, now enterprises and government organizations are wondering – what did we miss?
The SEC is America’s federal agency responsible for ensure that markets function properly and are fair investors. After their disclosure on September 21, 2017, they are under fire after given repeated warnings in recent years about weaknesses in the agency’s cybersecurity controls.
The SEC hasn’t fully explained why the initial hack was not revealed sooner, or which individuals or companies may have been affected. The disclosure came two months after a government watchdog said deficiencies in the corporate filing system put the system, and the information it contains, at risk.
When Jesse James, an iconic American robber, asked why he targeted banks he replied, simply “Because that’s where the money is.”
Financial institutions today are rallying behind tighter controls – and this includes legacy systems. It is, in fact, possible to secure those legacy systems with software, even as the long road to total network transformation and cloud computing and communications is in process.
It is possible for banks to set policy on who can – and cannot – get into networks, systems and applications using Privileged Access Management platforms, as well as rapidly emerging Privileged Task Automation solutions. There is no longer an excuse to cross fingers, to wish, hope and pray nobody intentionally attacks legacy network elements, or accidentally causes chaos through an accidental policy change.
Protection of our financial systems – mission critical. If a server, or end-point, application or system can be connected – it can be protected.
To learn more about Krontech’s vendor-agnostic PAM and PTA solutions: