EOL, aka ‘End of Life’, is a fairly common IT term used when a product is at the end of its lifecycle. Users no longer receive updates and therefore security issues can arise. You can also expect poor performance and reliability as legacy apps continue to run but without support. CRIBB Cyber Security is an official certification body and we regularly help clients with compliance. We are now starting to see companies struggle to achieve this when they are using an outdated Operating System (for example). So what exactly are the EOL and outdated OS effects on compliance?
Automatic failures within many certification and compliance frameworks
As a result of recent security breaches, certain certifications now require you to list all equipment that falls within the scope of the assessment. This includes:
- Mobile devices
- Virtual desktops
- Virtual servers
- Hypervisors (virtual server hosts)
You must include the various quantities for each, along with model and operating system versions where appropriate. The Edition and Feature version for Windows 10 devices must also be provided. Those found to be using outdated devices can fail instantly, meaning then you must ensure you are running up-to-date computers and devices.
If anyone in your organisation is an iPhone user, they should aim to use iOS14.6. If you run Windows 10, version 2004 and above, then you are currently compliant. There are many outdated VMWare EXSi versions, although 6.5, 6.7 and 7 are currently compliant until at least October 15th 2022.
It is also very important to carry out regular system updates. They are designed to reinforce security and to help keep hackers at bay. Of course, in some cases, updates alone are not enough and a system migration is in order. These can be very daunting, unless you can enlist the help of an experienced IT solutions provider.
Get help with migrating your IT systems
The team at ICE have specialised in providing IT support and solutions for over 20 years. You can view their full range of products and services here, with a selection listed below:
- ICE Managed cloud services (includes public, private and hybrid cloud, enterprise architecture and implementation)
- Consultancy (includes business decision support & analysis, complex system implementations, system integration and testing)
- Innovation (includes products such as tzChromar for cruise and fit2go, a healthcare data capture solution)
Their IT experts have a proven track record with system migration, implementation and integration. You can view a selection of case studies here, and it is their collaborative approach which truly sets them apart. They will take the time to gain a deep understanding of your organisation, people and processes. They can evaluate your existing tech, to assess whether or not it meets with the demands of your business and is fully compliant. Our cyber security experts can then step in to offer guidance. If you need to migrate to another system, their team has the know-how to ensure a smooth transition. Our eTestware brand can also provide a comprehensive range of software testing services. In short, theICEway ecosystem of companies can provide a full, end-to-end solution tailored exactly to your requirements.
Cyber essentials updated to include EOL
As part of our certifications services, we often help clients with IASME Governance and Cyber Essentials. We are seeing more and more cases where they are failing Cyber Essentials because they have outdated operating systems or virtual hosting. Given that around 90% of companies are in that same situation, it seems likely that there will be more failures. This is where we can step in and work alongside your team, plus the team at ICE if required, to get you back on the path towards compliance. We have taken this collaborative approach a lot in recent years and it has helped to strengthen our security by design ethos. It is an ethos that is shared by all on theICEway – we’d be delighted if you could join us.
EOL and outdated OS effects on compliance are growing steadily. If you are running out-of-date systems, you must consider a change. Cyber-crime is on the rise, and cyber awareness is more crucial than ever before.