My Mom, the Pragmatist
My mom and dad were different in certain respects, especially when it came to household finances. My dad was frugal, which I attribute to the struggles he faced as the oldest of seven kids working on a small family farm during the depression. My mom was frugal, too, but she developed a keen sense of knowing when it was wise to “invest” in a certain aspect of the home or family. Her way of conveying that to my dad was to say: “Vernon (my dad’s name), don’t be penny wise and pound foolish.”
My mom’s advice applies equally well to the issue of whether to update your data security software. As explained below, it is generally wise economically to make timely and regular investments in upgrades, rather than face costly expenditures and downtime when your old software eventually malfunctions.
My Dad’s Mantra
Over the years, we’ve heard a variety of different opinions from customers about upgrading. At one end of the spectrum are those who, like my dad, follow this rule: “If it ain’t broke, don’t fix it.” To these folks, I would suggest they consider the Senate report entitled The Federal Government’s Track Record on Cybersecurity and Critical Infrastructure. It explains why such an approach doesn’t always work, especially when it comes to data security:
While cyber intrusions into protected systems are typically the result of sophisticated hacking, they often exploit mundane weaknesses, particularly out-of-date software. Even though they sound boring, failing to install software patches or update programs to their latest version create entry points for spies, hackers and other malicious actors. Last July, hackers used just that kind of known, fixable weakness to steal private information on over 100,000 people from the Department of Energy. The department’s Inspector General blamed the theft in part on a piece of software which had not been updated in over two years, even though the department had purchased the upgrade.
I’m not trying to scare you, nor am I suggesting that every “mundane weakness” in your data security software will result in a data breach. But it is something to consider when deciding whether to invest in an upgrade of your data security software.
Another recent incident to consider is the Heartbleed bug, which is the term coined to describe security vulnerabilities in the OpenSSL cryptography library. Many folks were taken by surprise when it was disclosed that something so widely used could be exploited in such a manner, and with such wide-ranging effects. Even Symantec, the anti-virus software pioneer, disclosed that its products were affected by Heartbleed.
I guess the point is that in the IT and data security world, there is generally a better way of doing things, especially if you haven’t acted for awhile. Don’t stand pat with what you currently have merely because it’s the easy thing to do. This type of practice often times leads to inefficiency and a loss of an organization’s competitive edge. In our experience, running antiquated software can and should be a concern for both the IT and business professionals.
At the other end of the spectrum are those customers that always want to have the latest version of software as soon as it is released. But not everyone can afford to be constantly on the cutting edge. Besides, how long you wait to upgrade should depend on not only your finances, but also how you are using the particular data security software.
Be a Pragmatist, Like My Mom
So you, too, can be a pragmatist, I offer the following list of considerations to help with the decision of whether to upgrade your data security software:
- Bug Fixes. A maxim of software development is that there is no such thing as perfect software. Bugs are unavoidable because developers are human. So, an upgrade is always advisable in order to take advantage of bug fixes.
- Security Component Enhancements. While bug fixes are an important, equally important are performance enhancements and updates to other components that are made independent of any reported bugs. This can include updates to data security components, so you should keep abreast of developments in that regard.
- Compliance, Compliance, Compliance. Every organization must, absolutely must ensure compliance with applicable internal and external laws/regulations/rules. It is vital to enterprise security that any product used to safeguard data be updated frequently, and that clients be offered the opportunity to satisfy their evolving security requirements (such as FIPS 140-2 compliance).
- Compatibility. Take a look at how your managed file transfer process works. How do you send/receive files? What kind of files do you need to send out? Does the version of managed file transfer software you are running make it difficult or impossible to transmit data with those with whom you work, whether internally or externally? If so, an upgrade may help.
- Platform/OS Changes. People are continually changing either servers and/or operating systems. Sometimes, a few tweaks will allow you to continue using older software with newer platforms/OS. Other times, older versions will not work, and an upgrade is your best and only option.
- Support is Key. Access to quality technical support is essential when running managed file transfer and data security software. Before deciding to upgrade, find out how long the vendor will continue to support your version.
- You can’t afford not to. Please excuse the double negative (i.e., “can’t afford not to”), but I resort to it as a means of emphasizing this point. Things are constantly changing in the world of data security, secure file sharing and managed file transfer. The software used for these purposes is not a commodity; new features are being introduced on a regular basis. Demands are being made for a holistic solution that is available at any time of the day or night. You cannot meet these ongoing needs if you’re running old software.
Contact bTrade About Upgrading
If you want to learn more about whether to upgrade your data security or secure/managed file transfer software, please contact our experts at firstname.lastname@example.org They will be able to answer all your upgrade questions, and make sure that no organization is being penny wise and pound foolish.