It may seem tempting to squeeze out a few more years of service from an aging application or dusty old website. However, putting off upgrades could be exposing your organization to significant risk and potentially huge expenses. Keep reading to learn about the risks of using discontinued products in your organization.
It’s Time to Move On
Technology, and the web especially, can evolve and change at a very quick pace. Even the most cutting-edge and useful products can eventually fall by the wayside as trends and needs change. Take Adobe’s Flash for example. At one point, we could hardly imagine the web without this innovative and powerful technology. Now, however, Flash is all but extinct, replaced by other technologies and methods that offer a different experience.
Flash was not only discontinued, it had reached what we call “end-of-life”, meaning no future updates, fixes, or improvements would be made available. Organizations that continued to utilize Flash after its end-of-life run into serious issues. It’s almost impossible to get any modern browser to even ran Flash, and many computer security systems simply block it from working even if you could get it installed. Also, new exploits for Flash kept getting discovered, and with no new security updates coming that meant people using Flash could be exposed to serious security risks.
Many of my nonprofit clients at some point relied on an end-of-life product, sometimes not even realizing it. Most organizations without a large experienced IT staff don’t keep close tabs on specific products and they simply don’t realize if and when something they rely on has reached end-of-life.
Understanding the Risks
Now that we have established the difference between a product being discontinued and end-of-life, let’s dive into the three main major risk factors that come with using end-of-life products.
Product security is often a major concern for nonprofits. Organizations want to have a secure website that won’t be hacked or defaced and they want to be able to securely collect information online. There is a need to conduct online transactions in the form of donations or product sales and staff needs reliable access to update content and make changes to the website.
End-of-life website content management systems are often targeted by hackers as an easy way to leverage old exploits and bugs they know won’t be fixed because the CMS is no longer receiving any updates. Many times these older exploits can be automatically scanned for in-bulk, making it much more likely that even a small nonprofit website could be targeted.
It’s very important to make sure that the CMS system your website is built on is not only current and still being updated, but that you are using the most recent version and you're not running any outdated plugins that may contain critical issues. Your website host is also a critical component to your website’s security. Smaller, cheaper, or less well-known hosting providers may not keep their internal systems up to date, so even if you are using the latest website CMS the servers themselves could be at risk and expose your website to security exploits.
The once popular website CMS Drupal 7 has announced it’s end-of-life date which is catching many people using this older website CMS off guard. Many nonprofits have delayed updating their Drupal sites given the very difficult upgrade path inherent in the Drupal system. This could potentially be a major issue as we inch closer to the end-of-life date and hackers start scanning for known vulnerabilities in these sites.
Beyond growing security concerns, reliability can become a huge issue with end-of-life and discontinued products. Most products utilizing a high level of technology are going to have small bugs and issues that over time get corrected with future updates. If the product is end-of-life however, these bugs can live on forever and continue to cause greater and greater problems for users as time goes by.
Reliability can be especially impacted with internet products and services that often rely on connecting to other third party systems to achieve their functionality. For instance, a very popular WordPress plugin for YouTube became end-of-life and when Google updated the YouTube programming system third party developers used it impacted this plugin and the vast majority of the features no longer worked.
As the technological landscape continually changes products need to be updated to remain reliable and compatible with the ecosystem they need to operate in. End-of-life products can provide some value for a time but will eventually reach a point of no return and cease to become viable.
One of the most catastrophic scenarios that can arise with the use of end-of-life products is losing access to functionality or services completely. Going back to our Flash example, I had a client who’s advertising system for their website was extremely old and had ceased being updated nearly a decade ago. This system’s entire interface was web based and used Flash. Once Flash had become end-of-life, staff could no longer log into the system and make any changes as the Flash interface was not compatible with their new computers and browsers.
Another alarming example of losing access to critical functionality is the evolution internet security for websites and email has gone through. The SSL certificates and email security certificates that exist to verify the identity of websites and email have gone through a number of changes over the years and some older email marketing systems and website hosting systems did not stay current. As a result, I had a client who’s email newsletters suddenly went from an industry average level of deliverability to almost zero because their outdated security certificate was causing messages to be flagged as SPAM in the majority of email servers.
Example of an outdated website SSL certificate warning.
Also, as browser security standards changed and became more robust, older SSL certificates based on an end-of-life standard started throwing error messages to users and requiring extra action to even view the website at all. Unfortunately, many organizations probably missed out on donations and visibility because they were slow to adopt these new security standards due to using end-of-life products or services.
Avoid Issues By Staying Up To Date
Now that we’ve covered the major issues with end-of-life products, let's take a look at how you can keep your organization’s critical systems running smoothly by avoiding end-of-life issues. We understand that nonprofits usually operate with a fairly fixed budget and can’t always incur large unexpected expenses, so I will cover strategies from the least costly to the most.
Existing Upgrade Path
Usually the most economical and fastest way to avoid end-of-life issues is to continue to use the same provider but move to their latest version of the product or service. Sometimes this is not necessarily easy, but to retain you as a customer many companies will heavily discount the additional cost to upgrade or offer a free migration path provided you sign on for a certain amount of time. Usually very large companies releasing drastically updated versions of their product will have a path for existing customers to retain their business and make the transition as easy as possible.
You may retain some familiarity with the new version
You can continue to do business with the same vendor
The additional cost may be low
There may be incentives to stick with the provider
Your data and legacy information may transition intact
This vendor may have a history of killing off products
You may need to make a long term commitment for an easier upgrade
The new product may have very different features
If there is no upgrade path or the cons seem like they outweigh the pros you may want to switch vendors and products entirely. Even though this is a more dramatic change there still could be a way to make the transition easier. Many times when a once popular product is in decline other vendors step in to capitalize on the situation and make transitioning to their product easier. This is actually the case with Drupal. Drupal users have long been frustrated with the difficulty in upgrading versions and there are many viable tools to move your existing Drupal site into WordPress with ease.
There could be tools to make the transition easier
You may end up with a far superior product
The new system may offer an easier upgrade path for future versions
There may be additional costs associated with transitioning
You could lose some of your data or need to reformat data
There may be additional training needed to become familiar with the new product
Taking Over Maintenance
Taking over the maintenance and responsibility of an end-of-life product is not ideal and considered the “nuclear option”. Many times this is simply not possible, but in the case of open source software or products that you own the code to it can be possible. This puts one hundred percent of the responsibility of maintaining the product on your organization's shoulders which is almost never an ideal situation. There are some benefits, like having total control over the product's features and experience, although this comes at considerable cost. Usually when an organization takes this path they have considerable IT infrastructure and resources, the product needs to integrate into other highly proprietary systems, or they plan on developing and reselling the product to recoup much of the cost.
Total control over product updates and features
Maintain existing knowledge of the product
Retain all existing data
All product support comes from internal resources
Completely responsible for any issues that arise
May miss out on new features in other products you don’t have the resources to develop
How To Go Forward
If you find your organization is relying on an end-of-life product hopefully there is an easy and cost effective way to upgrade. If not, it helps to work with a consultant or agency that has deep technical knowledge in the type of product and can help you explore options for moving forward. Having a reliable partner to forge a new path with is extremely valuable and can actually save you time, money, and lost data.
Although the situation can seem bleak, there are actually upsides to dealing with an end-of-life product or service. For example, often products are killed off for good reason. There may be many underlying issues you aren’t even aware of. Also, many times when my clients make the switch to a new system huge amounts of new functionality and benefits come with the change.
Part of operating in a high tech environment with constant change is saying goodbye to things. I myself was an avid Flash developer and wrote thousands of lines of code in a language that’s now dead. I look back on those days fondly, but we must forge forward onto bigger and better things.