Lack of Legacy Security
It’s highly likely your IT infrastructure includes legacy systems – old hardware, applications, and computer systems that may be no longer supported by your technology vendors. They might be as seemingly inconsequential as a few PCs running Windows 95 on a loading dock, or as vital as an end-of-life minicomputer running your organization’s accounting system. But what all legacy systems have in common is lack of security. Legacy systems often are under-patched or no longer patched at all, yet they can’t easily be replaced or updated by an organization. (Sound familiar?) This endangers your entire IT environment.
Most legacy systems remain in place for a variety of reasons, including:
- They continue do their job
- Replacement costs may be too high
- They are not planned to be replaced until later
Maybe you’re retaining some legacy technologies because they simply work well for the job. They are efficient and “finely tuned” to the task at hand, making replacement more of a disruption than it is worth. Taking down your ordering system for maintenance and replacement, for instance, could result in a major revenue hit that would render the move too costly to consider. You also may feel locked into your legacy systems because alternative, modern solutions are more expensive to run and time-consuming to implement. Or maybe you’ve been planning for some time to replace your legacy systems, but the timeline keeps getting pushed back, thereby leaving systems vulnerable. The last reason especially may be likely if your business has been disrupted by the global pandemic and resulting recession.
Regardless of the legacy loophole, you need protection for your legacy systems. One alternative to replacing legacy systems is patching. Unfortunately, many enterprises find that without through-testing, patches may cause instability in their finely tuned systems. And in the case of legacy systems near “end of life,” manufacturers no longer provide you with reliable security for functional upgrades or patches, leaving users to “get by” with their old, unsupported systems.
When legacy systems cannot be upgraded or replaced, Unisys Stealth® protects your business processing and the devices themselves by isolating them, while avoiding the pitfalls of traditional network segmentation techniques.
Unisys Stealth® Secures Legacy Systems
Unisys Stealth® is software-defined security. It simplifies yet improves network security and serves as the backbone of your entire network Zero Trust strategy. Stealth™ blankets every corner of your organization’s computing environment with one holistic, consistent, and unwavering security policy—from mobile phones and desktops, to servers, to cloud, and even IoT. In fact, Stealth™ orchestration and deployment are highly automated and centrally managed. As your security policies evolve, changes can be made once and instantly propagate across the enterprise. Meanwhile, Stealth™ monitors and enforces all your Zero Trust policies, automatically isolating violations and alerting administrators. With Stealth™ Zero Trust, security is seamlessly woven into the fabric of your entire network. It’s the engine that drives your speed to security and speed to market.
The Stealth™ Zero Trust architecture secures users and applications based on identity and roles, meeting a common requirement in many compliance frameworks. Stealth™ enables you to achieve cost-effective compliance faster by limiting data access only to those users, devices, servers, and applications that absolutely must have it. By limiting user access, you reduce the number of devices and connections
that audits need to examine. Stealth™ achieves this network micro-segmentation and compartmentalization by deploying highly secure IPsec tunnels that meet requirements for encrypting data in motion.
Stealth™ encrypts traffic, shields endpoints from unauthorized access, and provides you with the capability to conceal systems and users anywhere on the Stealth-enabled network.
This paper explores how you can use Stealth™ to isolate legacy endpoints (such as servers, workstations and other devices) that can’t be upgraded, patched, replaced or decommissioned. Isolating these endpoints and allowing only required business access protects your trusted network from vulnerabilities introduced by these systems and also protects your endpoints themselves from compromise.