Mat Clothier explores the key risks end-of-life deadlines pose to local authorities and how they can best protect their systems by preparing for deadlines and starting migration as early as possible
Failing to prepare for end-of-life deadlines can be detrimental for any business, but the unique nature of how local authorities operate can lead them to be particularly vulnerable. In England, local authorities have limited options in terms of how they make revenue, and unlike central government, are unable to borrow money to finance day-to-day spending. The purse strings are therefore incredibly tight, and any expenditure needs to be budgeted efficiently while balanced with the need to provide IT services to the public across areas such as waste collection and transport.
With a need to keep customer facing systems updated to serve its area, local authorities can be susceptible to placing focus on updating these front-end systems as opposed to the back-end processes. While understandable in meeting customer requirements, failure to ensure that these processes are tended for, such as background servers, can create risks, while potentially creating a problematic disconnect between legacy background systems and the newer front-end systems. One such example is Windows Server 2012, which reaches its end-of-life deadline in January 2023.
For local authorities, what risks can arise from failing to deal with end-of-life systems, and how can they best plan to mitigate them?
The risks facing local authorities
Local authorities that continue run outdated servers, such as Windows 2012 following the January 2023 deadline will leave themselves vulnerable to cyber-attack due to the fact that security updates and technical support will no longer be provided. While it’s the case that cyber-attackers don’t specifically target local authorities, they will scan for organisations that are considered easy-pickings, and the financial pressures and need to prioritise front-end systems means that organisations in this sector are susceptible to targeting.
Any breach from cyber-attack can be particularly detrimental due to the possibility of confidential customer data being leaked publicly, which could then result in fines from regulatory bodies. Meeting specific rules and governance is also crucial for local authorities and falling foul of these can be particularly pertinent due to way that systems are usually linked to other councils and the wider government ecosystem. This reliance means that other entities can be affected by an outdated legacy system existing within just one local authority, creating a domino effect in the case of a cyber breach.
It’s also the case that local authorities are under greater public scrutiny due the services they provide, with increased susceptibility to complains or concerns from the general public if a system is unavailable or not working efficiently. Downtime of a back-end system can have catastrophic consequences for the customer-facing systems that it relies on. Taking these factors into account, it’s therefore crucial for local authorities to plan ahead for end-of-life.
Best practice preparation
It’s important for local authorities to be aware of the current state of their system, and benchmarking against other councils that may be further forward in their processes can give them the clarity to know how to plan moving forward. Keeping comprehensive data sets and records throughout the years can also help them make a best judgement for how to deal with an upcoming end-of-life deadline, particularly in local authorities where employee turnover may lead to knowledge and expertise leaving the business. Whether the best option is the ultimate replacement of a system or the shifting of programs and applications onto an updated one, the best solution should be tailored to the organisation’s unique requirements.
With resources and finances stretched for local authorities, updating soon-to-be end-of-life systems to new versions can be fraught with difficulty, despite the best efforts of internal IT teams. To ensure that finances can be directed to the areas of most need, relying on external expertise as soon as possible before an end-of-life date can help local authorities be more efficient in their budgeting. Use of specialist vendor technologies can allow local authorities to have visibility of how best to move business-critical applications to new operating systems to ensure they’re compatible, while tools can update systems to new versions without impacting on the value they provide. Storing data in secure third-party cloud locations can also meet the need for local authorities to protect sensitive information about the public it serves.
Providing an effective public service
With local authorities existing to serve their local public, they have a duty of responsibility to ensure that outward-facing systems provide the best service and are an effective use of public money. Addressing and tackling end-of-life deadlines in background systems such as Windows Server 2012 is therefore crucial to ensure that this remains the case. Opting to work with a specialist provider that shares this moral awareness means that local authorities can rely on guidance and suitable technology that has their customers’ best interests at front-of-mind, while also enabling them to save money that can be directed to other departments that sorely need the investment.
Mat Clothier is CEO at Cloudhouse.