It is important to carry out regular reviews or audits of all software programs (applications) on all computers and information systems in your organisation, and ensure that redundant software is decommissioned, or retired.
Get Safe Online's top tips...
- Regularly review the software your organisation has loaded on all of its computers and systems - even if not in regular use - and decommission programs which are no longer required.
By definition, a software program represents a route to accessing data – including by unauthorised parties. So if the program is correctly deleted, it follows that the data cannot be accessed via that means.
Redundant software is often maintained to provide access to legacy data for business or regulatory reasons. Sometimes, however, organisations are running unnecessary software to access data which could be accessed via an alternative program. It is also not unusual for redundant software to loaded on machines – and actually be running – which the organisation is not even aware still exists.
In addition to mitigating security risks, decommissioning redundant software can also deliver significant cost savings in support and resource.
Safe decommissioning
- Conduct a comprehensive review of data which is accessed from legacy applications. If it is still required for business or compliance purposes, relocate it another data repository or archive store that can be accessed independently and securely using reporting or business intelligence tools.
- Maintain the same security procedures on services which are planned to be decomissioned, as any other, live services, including penetration testing where appropriate.
- Ensure that software is completely erased from computers and other business systems prior to physical disposal, using a dedicated deletion program or service, or by physically destroying hard drives.