Post Title
Watch Video
Shane explores the topic of Unicorn Controls
Few cybersecurity strategies are as impactful as effectively decommissioning systems and eliminating unnecessary data. This practice reduces operational costs, enhances security, and mitigates risks for organisations. Despite its importance, many organisations struggle to utilise this control effectively.
The Overlooked Control
Throughout my career, I have observed that decommissioning systems is a control that can be universally applied across various organisations. Surprisingly, it is often neglected, leading to a buildup of outdated and unnecessary systems that pose significant risks. Organisations typically excel in the initial setup and commissioning of systems, as well as in data collection. However, they frequently lack a structured approach to decommissioning these systems once they are no longer needed.
The Risks of Orphaned Systems
Many organisations end up with large fleets of orphaned servers—systems that no longer serve a clear purpose but remain operational. These servers often run on outdated hardware, older operating systems, and unsupported applications, making them prime targets for cyber threats. The lack of regular maintenance and updates increases their vulnerability, creating potential entry points for attackers.
A Case Study
I once worked with an organisation that managed to decommission 600 servers simply by auditing its existing systems. Despite having mature processes for establishing and managing servers, the organisation had never assigned responsibility for decommissioning unused systems. This oversight inflated its operational costs and heightened its security risks.
The Need for Regular Assessment
Nearly every organisation needs to maintain visibility over their systems and servers. A proactive approach involves assessing these systems at least once a year to determine their relevance and value to the organisation. Key questions to consider include:
- Does this system still provide value to our mission and purpose?
- If not, what is our plan for decommissioning it?
By actively managing the entire lifecycle of their systems, organisations can significantly reduce costs and risks. The day an organisation decides to decommission a system; it can anticipate a substantial decrease in operational expenses and security vulnerabilities.
Conclusion
In conclusion, decommissioning unnecessary systems and data is a critical aspect of cybersecurity that should not be overlooked. Organisations must prioritise regular assessments and establish clear plans for managing the lifecycle of their systems. Doing so can enhance their security posture, reduce costs, and protect their operations from threats.
