Application security is not necessarily necessary

Application security is not necessarily necessary

Often times applications have reached end-of-life, or are no longer supported by the vendor.

In this case organizations tend to weed out or replace such applications simply due to this fact.

I was confronted with this organization while performing a due diligence for an investment company.

The course after of the organization in question was outdated, and therefore presented a significant risk to operations.

Replacing the software would’ve meant significant costs for the organization, therefore reducing the overall value of the company.

This afternoon question did not rely on the Internet to function, however the computers in question had to be connected through a local area network.

We ended up choosing a virtualised solution, by containing the application in question within the virtual environment, thereby allowing network access to persist, and were able to cut off this contained environment from Internet access entirely.

This way we achieved to reduce the risk of this software falling victim to outside attacks to near zero.

Intern we managed to avoid the cost for having a new software developed as a replacement for the existing one.

While they do present a risk to the network and the data of an organization, weeding them out and replacing them with new applications Is premature. often they don’t perform as well, and there is the option of running such applications within virtual containers Cut off from the network, and the data of an organization; mainly though being cut off from Internet access, thereby significantly reducing the threat of these applications being attacked due to their lack of maintenance.

(Part of the ACRAC Project)

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.