Does my business need IT maintenance?
Nothing lasts forever and that includes your IT and operational technology. When your business relies on critical components it can be tempting to maintain the status quo – after all if it’s not broken why fix it? But if your technology is past its prime, then your business operations may not function properly, so it might need to look into IT maintenance.
Most hardware and software vendors have an end-of-life policy, outlining when a product will reach the end of its life cycle and what that means for users. As well as stating when a product can no longer be purchased, it includes key dates for system maintenance. This ranges from dates when bug fixes will cease, maintenance releases and when security patch vulnerabilities will stop, to when the vendor plans to stop offering IT maintenance and replacement parts.
What happens if systems don’t work properly?
These key dates are out of your control, but represent important milestones when your hardware and software will become obsolete and the level of risk and total cost of ownership will increase.
Think about how this could impact your daily operations. What will you do if a key IT or operational technology component don’t function properly and you can’t get the support you need? What happens if a hacker exploits an unpatched vulnerability and infects your computers with ransomware?
Even if your systems are bespoke, developed in-house or by a third party specifically for your business, eventually the knowledge, skills and tools needed to support these systems will almost certainly be in short supply.
The solution lies in preventative maintenance. You need to prepare for the inevitable moment when your technology becomes obsolete and take proactive steps to manage the consequences. Obsolescence management can help you navigate the pitfalls of running ageing IT and operational technology components. You can make informed decisions based on risks specific to your business and mitigate these risks by putting solutions in place with regular IT maintenance, before problems arise.
Our Challenge for You
Follow our three step guide to assess whether obsolete or unsupported hardware and software can jeopardise critical functions in your business.
Let us know how you get on at firstname.lastname@example.org
Step One: Assess your current IT maintenance
To successfully plan for the future, an accurate and up-to-date assessment of the current environment is vital. Here are some revealing questions to ask yourself:
- What hardware and software components make up your IT or operational technology landscape?
- How are these components integrated and how do they interact with other systems?
- How much are you spending on IT maintenance and is this increasing as components reach the end of their shelf life?
- How much unplanned downtime has occurred and is this because your crucial technology is becoming outdated?
- What details are included in the vendor’s end-of-life policy?
- If you have a bespoke system or your vendor doesn’t have an end-of-life policy, are maintenance requirements, down time or outages becoming more frequent and more difficult to resolve?
- Are you finding it difficult to obtain replacement parts?
- Has a key staff member left, taking crucial systems knowledge with them?
Who’s your vendor?
Strictly speaking, your vendor is the company that makes the component under consideration. Sometimes vendors sell components directly, but often a different company sells you the component. End of Life policies come from the company that makes the component, otherwise known as the Original Equipment Manufacturer (OEM).
Step Two: Risk Analysis
If you don’t plan for obsolescence, you’re risking higher operational costs, unplanned downtime and cyber-attacks – not to mention an impact on the competitiveness and growth of your business. Your next step is to assess your specific risks and make informed decisions on what to do to prevent them.
Follow our checklist to consider all the areas your business could be at risk.
Your Risk Analysis Checklist
How would a failure of a hardware or software component impact your business operations?
- Would an unplanned outage impact your reputation or your bottom line?
- Will the right support company be available when you need it?
- If you encounter a software bug, can you work around the issue?
Are there known problems with your IT and operational technology that you’re having to work around?
- Are you encountering compatibility issues where new technology won’t work properly with other components nearing the end of their functional life?
- Is this making you less competitive?
Is there a skills gap?
- What happens if the people carrying out maintenance services on your ageing IT and operational technology components move on?
- Is your IT maintenance provider still in business?
What’s your cyber-security risk?
- How could cyber-criminals use your IT and operational technology components to gain a foothold in your business?
- Could an infected USB memory stick provide a way into your system?
Step Three: Mitigation
Once you’ve understood the risks facing your business, you can make informed decisions on how to mitigate these risks.
Careful planning is key: IT and operational technology components rarely work in isolation and making a change in one place can have knock on effects. If you replace one component, it might also be necessary to upgrade others and testing is vital to ensure there are no unintended consequences.
Sometimes maintenance services offer an upgrade path from the version of a component that’s nearing the end of its functional life to their most recent version. If your vendor doesn’t offer a suitable replacement, replacing the aging component presents an opportunity to explore new technology options.
In a perfect world, you would always replace the IT or operational technology component before the end-of-support date. Sometimes, however, this might not be feasible because of complexity, required downtime or even the lack of a suitable replacement.
In some environments, the major barrier to an upgrade or replacement is cost. This is especially true in highly controlled and regulated environments where even small changes to an approved solution can be both expensive and time consuming. Even if your environment isn’t subject to regulatory oversight, the ripple-effect of making a change in one place can have consequences elsewhere: what starts as a simple software update can turn into a massive undertaking. In other cases, there simply isn’t the appetite to upgrade or replace a key IT or operational technology component that has served you well for many years.
You still have options, even when upgrading or replacing is not feasible. Depending on your current landscape and possible risks, consider the following:
Purchase additional hardware before the vendor’s end-of-sale date to keep as spares
If the main risk you have identified is the lack of replacement parts, purchasing spares before the vendor’s end-of-sale date can offer you the security of knowing that replacement parts are on-hand when you need them. This still carries a risk. You will need someone with the right skills and knowledge to install the replacement to get you back up and running. Be aware that other risks still remain such as a lack of bug fixes, maintenance releases or security patches for vulnerabilities.
Use virtualisation technologies to run legacy software on modern hardware and operating systems
In many cases it is possible to virtualise your old computers, servers and applications so they are no longer dependent upon ageing hardware but run on modern and fully supported hardware. You’ll no longer need to stockpile replacement parts or worry that a hardware failure could stop your business-critical operations. Some risks remain. You will need to have a preventative maintenance plan in place to deal with unexpected software issues and ensure a hacker can’t exploit vulnerabilities caused by unpatched security.
Implement controls to reduce the likelihood of a hacker exploiting an unpatched vulnerability
Nothing can completely eliminate the possibility of a cyber-attack, but there are steps you can take to reduce the likelihood of a hacker being able to exploit unpatched vulnerabilities to gain a foothold in your business to install ransomware or steal sensitive data. No single control is fool proof so a defence-in-depth approach usually works best. Make sure you have up-to-date anti-virus software and firewalls to limit a hacker’s movement within your network. Restrict the use of USB memory sticks and educate your staff on the latest cyber security best practices to help keep you out of a hacker’s grasp.
Purchase ongoing IT maintenance support from the vendor
If you need technical support from the vendor and want ongoing bug fixes and patches for security vulnerabilities, purchasing an extended support agreement might be a good option. This comes at a price though, these agreements can be very costly and often come with restrictions on the level of support offered.
How Ripley Solutions can help
We hope these tips help you avoid future issues with obsolete or unsupported technology. If you need extra help, we can support you at all stages of your IT maintenance journey, from assessing the landscape, analysing the risks to your business and helping you to mitigate those risks.
We’ll help you future proof your IT, along with sharing information and resources to support your IT and operational technology infrastructure.
Sign up here to make sure you don’t miss our future maintenance tips
When you sign up, we’ll send you an email reminder each month when the challenge is launched so you don’t miss out.