Are You an IT Manatee, or an Electric Eel? Depends On Whether You Keep IT Up-to-Date (You Should Be An Eel.)
When it comes to your IT infrastructure, are you still running tools and equipment from 3, 5, 8, or 15 years ago and assuming all is well because everything seems to work? Do you know what a CVE is? Have you heard of US-CERT? Are you familiar with Microsoft’s Patch Tuesday? What about Spectre, Meltdown, WannaCry, Miranda, VPNFilter? No? Mostly no? Then you, my friend, are an IT manatee: floating along, minding your own business, waving at passersby. Then BAM! A powerboat’s propeller shreds your back.
You need to be the IT Electric Eel: mostly friendly, but ready to pounce and shock all attackers. The electric eel monitors CVE feeds for products both in active use or in evaluation for deployment. The eel checks every second Wednesday of the month to see what Microsoft has released for its servers. The eel knows not only what hardware and software is in daily use, but also when service contracts are coming due and when it’s time to order new equipment. The eel tracks usage patterns and performs anti-phishing training with all levels of the organization, and more.
Don’t be an IT manatee. Be an IT electric eel, and stay ahead of your updates from both a software and a hardware perspective. That alone will significantly strengthen your position of defense.
Keeping Software Up-to-Date
Before we get into the details of keeping software up-to-date, let’s differentiate between upgrades and updates. In simple terms, an upgrade is a complete change of versions or lines. For example, if you take Windows from 8 to 10, it’s an upgrade because you’re changing major versions of operating systems. Same for Mac OS—if you have 10.10 and you go to 10.11, you’re changing to a completely different version of the OS.
An update, in contrast, covers minor points and patches to the current version of the software. Now that we’ve got that covered, let’s talk about the primary areas of software updates and upgrades you should be staying ahead of.
Any given program is written at a specific point in time. Software is built with many different moving parts: code from different places, libraries, varying versions of languages, etc. As time goes on, people discover vulnerabilities in those libraries, or they discover the code they wrote for a specific version of the software leads to exploitation, and rewrite that code to patch it. Those patches are released in the form of updates, which means that people who don’t keep pace with updates lend themselves to become open to known vulnerabilities. Attackers are always looking to take advantage of weaknesses in software, and if you don’t patch, you will get exploited. That’s a gamble.
Change management controlled updates and upgrades are stricter in a sense. Sometimes, updating or fixing one thing can end up breaking something else, so organizations need to be aware of unintended side-effects. Part of the process for updates on a dev environment or a staging environment should ensure that nothing mission critical gets broken. If you update the program and something breaks, you can’t just say “Let’s not update.” You have to fix your code to work with the updated library, which closes the door you needed open in order to do something, and you have to figure out a new way of doing the same thing. Security updates drive improvement in coding because developers have to keep fixing the app. Sometimes making something work is an exploit, and they’ll have to figure out another way to do it.
As libraries evolve, they’re usually optimized to the current hardware that people have available at that time. Let’s say an app was written five years ago and could only use certain processing directives. The developers only had specific actions that the processor was allowed to do, so they were limited to the technology of the time. But hardware, processors, and memories evolve and components get better, faster, and more capable. Software does more with a given machine, including faster computations, thanks to more CPU cores or memory, or the ability to use a function that wasn’t available to the previous hardware. As hardware gets better, software starts using more of it. You have a bigger playing field.
*Here’s another point to keep in mind when it comes to small updates: when developers write specific programs, they’re trying to accomplish something precise. Later, someone might present another use case that the app can solve and add some code to integrate the functionality. As a result, the app does X and Y where before it just did X. So, if you keep using the old version, you’ll miss out on new functions that could benefit your team.
Today, we have 64-bit processors, whereas ten years ago everything was 32-bit. This means that now you can write software that uses a bigger memory space – more data can be processed in parallel on the CPU. When you had Windows 95 or 98, you could only get up to 4-gb of memory to use because 32-bit apps had a limit on memory space. You have a much wider range of address space to use. You can have terabytes of memory – RAM you couldn’t handle before. Today, the overwhelming majority of programs have been optimized to run on 64-bit processors. Software can use new features and equipment to talk to peripherals and get faster transfers. Software has to be rewritten to use USB 3 ports because as the hardware evolves, the software gets updated to take advantage of what the hardware can provide.
Keeping Hardware Up-to-Date
When it comes to hardware, the terms “upgrades” and “updates” can be used interchangeably.
In the case of hardware, as technology improves - like the ability to miniaturize components, improvement in chip fabrication, etc. - the performance cap of each component jumps. Now, we have chips that are tiny with a lot more power than chips the size of desks. They have more cycles and are able to squeeze more computations than ever before. Machines are faster, running more powerfully, more efficiently, and give off less heat. You can put more things inside the box, which allows for more hardware in the same space – or you can just make smaller components that can fit anywhere.
If your server is using less power and generating less heat, it won’t cost as much to cool down your server room, and your electric bill will be lower because you’re drawing less power out of the wall. Thus, it’s often cost effective to replace older hardware simply for the savings in cooling and electricity. If I tried to buy a new server today and put it in my house, I’ll spend a lot less on electricity than if I go to eBay and buy a 6-year old server that would cost me 3-4x as much just to keep it running.
Because of improved technology and how chips and circuitry boards are made, modern components allow you to take advantage of more cycles and have better performance than hardware from five years ago. If you buy a server today, you have a processor that wasn’t available back then, so you’ll get a faster server for a lower price because of the advances of build processes and technology overall. It’s cheaper to produce, thus cheaper to purchase.
Depending on your available resources for making sure your IT is current, especially when it comes to pulling off major version upgrades, the process can be easier said than done. We can help you there. August Schell’s professional services team can work with you to ensure your IT is up-to-date, and we’ll help you manage any obstacles that arise along the way. Reach out to us now, or call us at (301)-838-9470.
Speaking of upgrades, do you use vSphere? If you haven’t moved over to vSphere 6.5, now is the time. In general, you should keep upgraded with the latest versions of any software you’re running. It’s important to be compliant with relevant security patches and updates, plus you should be ensuring that you’re taking advantage of the latest features and their associated benefits.