End-of-Life - What is it and how to avoid

We use the term "End-of-Life" (EOL) or End-of-Support (EOS) in IT and specifically in security certifications, but what does it mean?

DEFINITION

The 'End-of-Life' date for an Operating System (OS) or Application is the date of which the device will no longer be actively supported or patched for vulnerabilities and security issues by the manufacturer / software creator. 'End of life' could be talking about both software or hardware, and both pose a security risk and mean that the device becomes more and more vulnerable to attacks over time.

PREVENTION

Ensuring that you continue to use software (Operating Systems and Applications) that are fully supported by the manufacturer will ensure that your software will remain supported.

Patching your software and keep it up to date, will ensure your device is supported and receiving the latest security fixes for issues that have been identified.

Hardware (your devices) can also become unsupported by manufacturers and when vulnerabilities or issues are identified with their hardware/firmware, these wont be patched, leaving you vulnerable to attack.

Caution: We have seen manufacturers stop support (for example on their mobile devices) even when they appear to have a recent and "currently supported" operating system - these devices will themselves be EOS/EOL and therefore not compliant for Cyber Security Certifications.