Securing legacy systems and protecting your Data

28 Oct, 2021
Nigel Thorpe
Nigel Thorpe
Technical Director
If you ask the question “who is responsible for a company’s cybersecurity,” the answer you’ll most likely hear is no longer the CTO, or the IT department, but instead the CEO. In fact, Gartner believes that 75% of CEOs will be held personally liable for cyber and physical breaches by 2024. That means there’s no more passing the buck on this complex issue. Not doing everything in your power to protect your company’s systems and data is tantamount to shooting yourself in the foot, figuratively. 

That being said, we know it’s not easy - there are endless security solutions on the market and it’s difficult to sift the good from the bad. On top of that, it’s hard to find one that helps CEOs overcome one of their other core challenges - that is, dealing with inherited systems (legacy systems) that were implemented way before your time.

The thing is, as a company evolves and expands through multiple stages of technology developments, mergers, and acquisitions, they collect a mismatch of systems that need to be updated and consolidated. More often than not, today’s CEOs are led to believe that they need to replace these legacy systems to ensure that their business is protected, but we’re here to tell you that that may not be the case.

“Legacy systems still have their place in our modern world. They may be outdated, built with in-house software using obsolete methods, but they still perform valuable services and form a fundamental part of many businesses. Replacement would cause major upheaval, and it is simply more cost-effective to maintain, integrate, and manage existing systems than overhaul them entirely,” said Jerry Ray, COO, SecureAge Technology.

However, as valuable as legacy systems can still be, there’s no denying that these inherited systems also present significant cyber and data security challenges. This needs to be a matter of priority if CEOs want to protect their business (and reputation) against both insider and outsider threats.

What we want CEO’s to know is that with the right security solution this is possible. In this article I want to inform the successful CEO of two things:
1) How to defend old systems from new dangers
2) How to protect what’s actually important - the data.

And if you’re in the healthcare industry, the stakes are even higher so at the end of this article I’ll address that sector in particular.

Step 1 - You can defend old systems from new dangers

The first challenge that CEOs face with legacy systems is that these systems are now working in a more open environment than originally designed for. Legacy systems may be great at protecting data that is stored within their boundaries, but these systems are ill-prepared to extend that protection once the data leaves their system and is visible in public networks.

Fast-forward to 2021 and it’s well accepted that data increasingly needs to be extracted from controlled security silos. But when this happens, the data is thrown into an environment that is no longer controlled, nor protected, by the legacy system - and there’s no chance of us turning back. It’s simply no longer possible for your customers, suppliers, and internal employees to conduct business processes if it cannot be done online. 

The problem is, with data traveling out from the original security silo, and into new external applications, there’s nothing stopping users from extracting and saving that data locally. As a result it’s not possible for CEO’s to obtain a clear view of where your data is being stored - a recipe for disaster. 

While some CEOs out there might think it’s good for customers to have access to their own information, it’s also important to consider the high risk of data theft or misuse by staff within your organization or supply chain who now have access to customer details, company operations data, and intellectual property. Ask yourself, can you guarantee that you will never face a disgruntled employee or an unethical competitor with an agenda to sabotage your business? And is that an event that you want on your C-suite track record?

Step 2 - Protect what’s actually important – the data - with file-level encryption 

The second thing every CEO needs to know is that the very nature of legacy systems makes them unlikely to be updated to accommodate new-age security requirements - and compliance needs. 

In fact, the best practice among leading CEOs today is to assume that by operating on an open network that you will get hacked at some stage, or you will be subject to insider data theft attempts. It’s a scary thought, but a realistic and necessary one. After all, if there’s anything that 2020 taught us is that we must expect the unexpected. 

The good news is, although it might not be possible to add new security measures to a legacy system, it is possible to encrypt the underlying files that contain what’s actually valuable – the data. By protecting the data itself, instead of the drives, systems, and processes (perimeters) that manage and store it, you can ensure your data (and C-suite career) is safe.

Your safe haven is otherwise known as file-level encryption (FLE). FLE is your safest bet against data theft because anything that gets stolen remains unintelligible and useless without a user-and-file-specific key.

File-level encryption - what every CEO needs to know 

While there are many FLE software providers in the market, the SecureAge Security Suite is unique in the sense that our SecureData technology protects data even while it is in use. Instead of decrypting the entire file when any data is requested, it only decrypts the piece of data that is required to be loaded into memory for processing. 

This has the knock-on security effect because even during use, files remain encrypted in storage at all times. This means your customers and staff can work on data live without fear of it being leaked. And even if in-use files are stolen, the cybercriminal will just be the proud captor of something completely ineligible. 

Most importantly for CEO’s, SecureAge’s encryption solution can be deployed without disruption to your legacy systems and applications. This is possible because our technology operates at the file level meaning your applications simply work as normal.  You’ll also be pleased to hear that overall encryption/decryption operations are typically faster than I/O and no disruption is caused to business operations - our encryption software silently works in the background just like your Wi-Fi.

Data-centric security is legacy-proof and future-proof

That being said, today’s cutting-edge technology will always be tomorrow’s legacy system. Which is why, rather than just reacting to cybersecurity threats as and when they pop up, CEOs need to choose a security solution that’s proactive and protects your data today, and tomorrow.

With new ways and places of work, new desktop tools, and increasing demand for live access to data for better intelligence and control, keeping your data locked up in silos is not the best way forward. Rather, a more proactive way to protect your data is to encrypt ALL of it, ALL the time, EVERYWHERE it goes. This is a far simpler and more secure approach since no decisions need to be made about the sensitivity of data.

See our solution in action yourself by getting in touch with us to book a demo.

Our website uses cookies to ensure you get the best experience and can find what you need. Read our cookie policy