Credit crunch to force revamp of legacy systems

By

With IT budgets being squeezed many companies will be forced to think about improving the security of their legacy systems, Benjamin Jun, told at the RSA Conference Europe 2008.


With IT budgets being squeezed many companies will be forced to think about improving the security of their legacy systems, Benjamin Jun, told delegates.

But IT professionals must avoid trying to patch up legacy systems that are clearly at the end of their working lives. “If you are being hacked regularly, your system looks like spaghetti, and you have the money, for goodness sake start over,” said Jun, technology VP at Cryptography Research Inc.

Legacy systems, particularly those supporting customer transactions such as credit card payments, are facing tough challenges from new end user devices, said Jun. Mobile platforms are a concern because their technology is increasingly generic, and mobile operating systems can be easier to compromise than other devices, he said.

However, there are incremental changes IT security professionals can make to
legacy systems that will reduce vulnerabilities, and contain breaches if they do occur, said Jun, who has experience in pay TV and mobile phone security.

The first step in a security revamp is to see consider how the most serious security concerns can be tackled within the existing technology infrastructure, and it has to be remembered that changes made now may affect what changes can be made later, said Jun.

It is essential to refresh security documentation for the revamped system, paying particular attention to ambiguity and complexity otherwise important security decisions could be pushed too far downstream. Clear definitions of protocols, data structures, and state machines should be included, he said.

Certain database fields can be encrypted to limit the damage of data theft should it occur, he said. A transaction handler and an audit server are sensible additions, but effective audits of data need judgment or they can become too time-consuming. Overall, it is important to prioritise tasks. “Focus on what it what's hard to change later, maximise the return on the effort,” said Jun.

See original article on scmagazineuk.com
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
creditcrunchforcelegacyofrecessionrevampsecuritysystems

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?