Legacy systems are outdated technologies still in use for critical business functions, often due to cost considerations. They pose various security risks, particularly as vendors may no longer support them, leading to vulnerabilities and potential exploitation by hackers. Best practices for mitigating these risks include implementing protective measures, limiting access, and utilizing strong authentication and encryption.

2. Legacy Systems:
Old technologies, computers, or
applications that are considered outdated
but are still functioning in the enterprise.

3. 9 of 10
legacy systems
are used to
perform a
critical business
function.

4. of organizations
with legacy systems
say that COST
drives them to keep
outdated systems.

5. Downtime and testing
experienced during the upgrade
of a system
Resources used to build an in-
house system or customize a
purchased system
Price of
purchasing a
commercial
system from
a vendor
+
+

6. Often the vendor no longer
supports the legacy systems,
meaning that no future updates
to the technology, computer, or
application will be provided.

7. RISKY BUSINESS
Weaknesses Widely
Published
Dependency on an
Old Platform Evolving Threats
and Hacker Tools
Vulnerabilities are
made publicly
known with no or
postponed patch
release.
Legacy products
may only run in
legacy
environments,
forcing
acceptance of
additional risks.
New security risks are
constantly being
discovered- risks that were
not taken into
consideration at time of
system creation.
Hackers are creating easier
ways to exploit systems

8. Implement the legacy system in a protected network
Limit physical access to the legacy system to administrators
Deploy the legacy application on a virtual computer
Employ access control lists (ACLs) on the system
Use highest authentication and encryption mechanisms
Best Practices for
Minimizing Risk in a Legacy System:

9. when using legacy systems