TechRepublic guest post via Chad Perrin. A recession economy can affect more than just your employer’s revenue stream; it can also affect the software you use. It’s time to start thinking about how to minimize any negative effects that may have on your systems’ security. You can find more posts like this on TechRepublic's security blog.
In today’s recession economy, IT industry companies may run into financial trouble. Many smaller software vendors are likely to fail or get swallowed up by larger vendors that have a different vision for the software they provide. Even larger organizations may cut major product lines, or perhaps even disappear entirely, if things get bad enough.
That may not affect most of us very much (aside from saturating the employment market with people in need of new jobs, I suppose), but it may more directly affect some of us. One such possible effect could be the loss of ongoing development and support for software that we use on a daily basis. Part of maintaining the security of our computers and networks is ensuring that security vulnerabilities are identified and fixed. Unfortunately, when the vendor of a closed source, proprietary piece of software disappears or ends support for the software, it’s not only difficult (in many cases effectively impossible) to get needed security patch support; it’s also illegal to do so.
As you consider future software deployment options, consider the likelihood the software will continue to receive support. Companies with large cash reserves such as Microsoft are more likely to survive the recession intact; software lines that are central to a company’s business model such as Adobe Photoshop are more likely to receive continued support; and, ultimately, popular open source projects are more likely on average to survive the recession intact than closed source software vendors, because their continued development is not as dependent on having a lot of disposable income.
Open source projects aren’t even dependent on any organization, because if current developers just give up on it, there’s nothing stopping others from picking up where they left off. In fact, as financial belts tighten, open source software projects may actually get stronger, as tighter finances create opportunities for more open source software deployments.
In addition to making decisions with more of an eye toward the potential survivability of a given piece of software in the face of a failing economy, some attention should be paid to how compatible any software you select is with other offerings that can serve the same purposes for you. Sometimes, when making (hopefully educated) guesses about things like how likely a piece of software is to continue to receive support, we guess incorrectly. There are always likely to be factors we didn’t know about when our guesses were made that will affect the accuracy of those guesses. Choosing for maximum compatibility between applications is one way to hedge your bets.
If you select a piece of software that uses file formats or works with input and output streams according to open standards, and for some reason that piece of software ceases receiving support for security updates, it may be very easy and very cheap to switch to a different piece of software without losing any data or suffering any operational discontinuity (that’s managerial language for “day to day business coming to a screeching, expensive halt”). Even if there isn’t really any set of applications that all use the same open standards in a given case, allowing a one-for-one replacement in case changing software selections becomes necessary, there are still things you can do to make a potential future transition easier. The two biggest aids in that regard are choosing software for which you have access to the source code (whether through licensing deals with the vendor, favoring applications written in interpreted rather than compiled languages, or using open source software) and choosing software that uses easily parsed data formats (i.e., plain text).
When selecting software, especially in what may turn out to be a very volatile next few years for the software industry, add to your criteria concerns over the possibility of what you choose simply going away some day (or at least ceasing to receive security support). Choosing well may help you avoid larger costs later on.
While you’re at it, have a look at what you’re already using and see how future-proof it is. If you can improve that situation without business disruption now, rather than unexpectedly finding business already disrupted later and having to fix it then, you’ll be better off.