A Different Kind of Vulnerability: 3 Hidden Security Risks of Legacy Collections Systems

It’s an open secret that time is running out for legacy collections systems. With their roots in the pre-internet age, the speed of cloud-native software evolution has left these long-in-the-tooth systems significantly behind the curve and in some cases, no longer economically viable, supportable or maintainable. Why does this matter to you?

When systems are no longer maintained, cybercriminals are able to exploit any vulnerabilities, and if the systems are no longer monitored or receiving updates, these vulnerabilities will not be fixed or patched. This leaves affected organisations with a major decision to make, and I would advise, make without delay. 

While the case for change can easily be made in regard to the vastly increased functionality of modern systems, security should also be at the top of your agenda when weighing up the options. Security breaches represent a financial and reputational disaster, the extent and longevity of which are often not fully appreciated until after the event. What are the most pressing risks?

1. Software vulnerability management

With on-premise (or client-hosted) collections systems, the end-user is normally responsible for ensuring that security patches are applied to the computer systems that host the software, as well as managing the updating cycle of the software itself. Even with a software support contract that includes the application of updates, much of the disruption and effort of running an onsite update project will naturally rest with the user. To aggravate matters, there is often a significant lag between a security patch being made available and the painful process of software updating and testing. During this period, the software may be vulnerable to security attacks that could significantly compromise the confidentiality or availability of highly sensitive personal data belonging to organisations and their customers.

With SaaS services such as Flexys Control+, software patching and updating is managed centrally by security experts and is a seamless improvement to the security status of the service without significant and risky delays and without costly investment in time and resources by the client. Of course, security issues around the lack of timeliness of on-premise upgrades are only part of the story. The lack of ability to easily take advantage of the speed and agility of an ever-improving product feature set makes continuing with on-premise systems a questionable choice from the outset.

2. Compliance

Security and data compliance is becoming ever more complex, and it may be difficult for clients to remain informed about and ahead of data security compliance requirements, particularly in the complex field of computer software and operations. This can be a significant risk, especially in the highly sensitive world of collections and financial services. 

For traditional on-premise or hybrid software services, much of the responsibility for this compliance management lies with the end user and not the software provider. For example, ensuring that the hosting computer’s operating systems are always updated, that local storage of data is effectively protected against attackers and confidentiality compromise, and ensuring the hosting computers are fully supported by the operating system provider. These are just some of the complex compliance responsibilities that rest with the software user. 

With SaaS systems, the software provider is responsible for almost all aspects of data security and related compliance requirements because the data is stored off-premise. In managed cloud storage and processing systems, the software and service provider’s compliance experts can be leveraged by the end user at little or no additional cost, and much of the associated liability and risk is transferred to the provider.

3. Support challenges

Many traditional on-premise systems are either very slowly updated or, in some cases, never updated. They often rely on old versions of operating systems, browsers, or other legacy and unsupported software. Not only is this a significant security and compliance risk, but over time it becomes very difficult to support this software and to find internal resources who understand how to manage such tangled systems effectively, leaving you dependent on expensive external resources. Legacy software is literally ageing itself out of support. 

Not only does SaaS software overcome this issue by always leveraging the latest and most secure software technology, but it also removes the need for local support completely; planning for long-term support of outdated legacy systems simply disappears. In most scenarios, the reduced TCO resulting from removing support costs from the user is enough of an advantage in itself to justify the move to a managed SaaS solution, and this is without the additional benefits of easily and transparently controlling security and compliance risk.

As your current collections platform reaches the end of its useful life, there are three realistic choices:

• keep running outdated and unsupported software– a significant operational and security risk

• pay for a costly upgrade to legacy software that temporarily delays rather than solves the issue, or

• safely migrate to a futureproof, cloud-native collections system that offers vastly improved performance, cost-effectiveness and security.

Read more