Every time I purchase new technology, I know unequivocally that it has a shelf life and the software running on the hardware has to be kept up to date. Hardware typically lasts 5-10 years before it becomes so incredibly dated that it’s practically unusable. Software has an even shorter life, usually about 6 to 12 months.
Software lifecycle management impacts our professional and personal lives
Proof in point: I drive a 7-year-old electronic vehicle (EV). A couple of weeks ago, I had to take it to the shop for repair, and I asked the maintenance technician about the end of life of the car. The response I was given was, well, “The battery only has a 10-year warranty.” However, I get a software update on my car’s operating system at least four times yearly. While it was not exactly a direct answer, I walked away with the understanding that I may need to purchase a new car in three years. Oh, and BTW, the maker of my EV has all the historical data on my vehicle, locations I have visited, how often I charge my battery, where I charge my battery, what I listen to, and so much more that I have no idea about. So, I am happy to be obliged to do software updates to keep my information secure.
The Driving Factor
So why do so many companies that store our personally identifiable information (PII) sweat their hardware assets to the maximum extent possible, including the software running the hardware? One reason could be that companies may not even realize that the vendor no longer supports the software or has offered security patches for the software they are running on their critical IT infrastructure. But they should know it. I mean, this should be part of standard procedures. Does software lifecycle (including security patches) and knowledge of end-of-life play a critical role within the IT organization, or does it only become necessary when an unplanned incident such as a data breach occurs? A data breach should not be the driving factor for managing the software lifecycle process.
Accountability is key
I believe it also comes down to being held accountable. Keeping critical IT infrastructure software up to date is one mechanism for safeguarding against data breaches, which wreak havoc on consumer lives. Consumers put their trust in the companies they do business with to keep their data protected, but so often, companies do not prioritize their software lifecycle management practices.
According to the State of Ransomware 2024 report published by Sophos, 32% of data breaches in 2024 are due to unpatched software. One big question that comes to mind is why do we consumers let companies off the hook? This is a huge problem to tackle. So, companies have to be more accountable for how they manage their software lifecycle.
Final thoughts
The bottom line is to sweat the hardware as long as possible (being responsible for adhering to your vendor’s end-of-life policy) but incorporate Software Lifecycle Management, including deploying security patches and new releases, as a critical component of your overall IT Procedure Management.