Obsolete systems that are critical to your business. They’re abandoned, unpatchable and unmanaged. We’ve all got them, and often upgrading is not an option. What do you do?
Check out this post and discussion for the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest for this episode is Mitch Parker (@mitchparkerCISO), executive director, InfoSec and compliance, Indiana University Health.
Got feedback? Join the conversation on LinkedIn.
Thanks to this week’s podcast sponsor, SecurityBridge

On this episode of Defense in Depth, you’ll learn:
- This issue appears to affect every security and IT person. At one time they’ve all had to deal with it.
- Obsolete technology should not be treated like any new technology. It needs to be isolated.
- Lots of great advice from the community regarding containing the outdated technology through firewalls, air gapping, segmenting, virtual machines, and a jump box.
- Constantly measure the risk of not just intrusion of the outdated technology, but the cost of keeping the thing running as you can’t rely on outside support or updates.
- As you’re reporting the risk, constantly push for solutions to end reliance on this outdated technology.
- The obsolete technology is often an expensive and critical piece of hardware that’s difficult if not impossible to replace.
- The UK National Cyber Security Center has some great guidance on what to do with obsolete platforms.
Creative Commons photo attribution with logo addition to Wolfgang Stief.