WEBVTT

1
00:00:00.000 --> 00:00:01.470
In this lesson,

2
00:00:01.470 --> 00:00:06.470
we will learn about End-of-Life, or EOL, considerations.

3
00:00:06.570 --> 00:00:07.860
Lifecycle management

4
00:00:07.860 --> 00:00:11.790
and data migration are crucial for maintaining security

5
00:00:11.790 --> 00:00:13.980
and functionality as hardware

6
00:00:13.980 --> 00:00:17.460
and software systems approach their End-of-Life.

7
00:00:17.460 --> 00:00:19.740
End-of-Life means that manufacturers

8
00:00:19.740 --> 00:00:22.620
and vendors no longer provide updates,

9
00:00:22.620 --> 00:00:24.750
including security updates,

10
00:00:24.750 --> 00:00:28.440
which leaves the system vulnerable to exploitation.

11
00:00:28.440 --> 00:00:31.470
End-of-Life considerations involve planning

12
00:00:31.470 --> 00:00:35.370
and managing the security implications of decommissioning

13
00:00:35.370 --> 00:00:38.070
or replacing software and hardware.

14
00:00:38.070 --> 00:00:40.770
Specific End-of-Life considerations

15
00:00:40.770 --> 00:00:44.520
include lifecycle management and data migration.

16
00:00:44.520 --> 00:00:47.190
Let's learn more about lifecycle management

17
00:00:47.190 --> 00:00:48.900
and data migration.

18
00:00:48.900 --> 00:00:51.720
First, we have lifecycle management.

19
00:00:51.720 --> 00:00:54.480
Lifecycle management involves the planning

20
00:00:54.480 --> 00:00:57.990
and tracking of a system's entire lifespan,

21
00:00:57.990 --> 00:01:00.420
from deployment to decommissioning.

22
00:01:00.420 --> 00:01:03.810
The goal is to ensure that outdated hardware

23
00:01:03.810 --> 00:01:06.960
or software is upgraded or replaced

24
00:01:06.960 --> 00:01:09.360
before it poses security risks

25
00:01:09.360 --> 00:01:11.910
or operational inefficiencies.

26
00:01:11.910 --> 00:01:13.140
A key aspect

27
00:01:13.140 --> 00:01:16.500
of effective lifecycle management is maintaining

28
00:01:16.500 --> 00:01:19.590
an up-to-date Configuration Management Database,

29
00:01:19.590 --> 00:01:21.360
or CMDB,

30
00:01:21.360 --> 00:01:23.850
and an asset inventory.

31
00:01:23.850 --> 00:01:28.170
An asset inventory and CMDB track all hardware

32
00:01:28.170 --> 00:01:31.560
and software versions within an organization.

33
00:01:31.560 --> 00:01:34.020
This level of tracking allows teams

34
00:01:34.020 --> 00:01:37.620
to forecast when systems will reach critical stages,

35
00:01:37.620 --> 00:01:41.460
such as End-of-Life or End-of-Service-Life,

36
00:01:41.460 --> 00:01:43.950
and plan transitions accordingly.

37
00:01:43.950 --> 00:01:46.200
End-of-Life is generally referred to

38
00:01:46.200 --> 00:01:49.590
as the point when a vendor no longer provides updates,

39
00:01:49.590 --> 00:01:51.870
including security patches.

40
00:01:51.870 --> 00:01:55.740
However, in some cases, patches may be provided,

41
00:01:55.740 --> 00:01:57.840
usually at a premium price.

42
00:01:57.840 --> 00:02:00.360
At this stage of the product's lifecycle,

43
00:02:00.360 --> 00:02:03.660
organizations should already be planning for upgrades

44
00:02:03.660 --> 00:02:05.130
or replacements.

45
00:02:05.130 --> 00:02:07.680
Even though the product remains functional,

46
00:02:07.680 --> 00:02:11.340
the vendor's commitment to it is significantly slowing,

47
00:02:11.340 --> 00:02:13.410
usually because a new product

48
00:02:13.410 --> 00:02:15.780
from that vendor is available.

49
00:02:15.780 --> 00:02:20.040
End-of-Service-Life, or EOSL, is more critical.

50
00:02:20.040 --> 00:02:22.080
End-of-Service-Life marks the point

51
00:02:22.080 --> 00:02:23.370
in a product's lifecycle

52
00:02:23.370 --> 00:02:27.990
when all vendor support stops entirely for everyone.

53
00:02:27.990 --> 00:02:30.690
Once a system reaches End-of-Service-Life,

54
00:02:30.690 --> 00:02:34.020
it becomes highly vulnerable to security risks

55
00:02:34.020 --> 00:02:37.350
as no further official support is provided.

56
00:02:37.350 --> 00:02:40.680
Relying on systems past End-of-Service-Life

57
00:02:40.680 --> 00:02:43.350
significantly increases the likelihood

58
00:02:43.350 --> 00:02:45.240
of security breaches,

59
00:02:45.240 --> 00:02:47.490
making it crucial to decommission

60
00:02:47.490 --> 00:02:51.450
or replace those systems before this stage.

61
00:02:51.450 --> 00:02:54.480
Second, we have data migration.

62
00:02:54.480 --> 00:02:58.260
Data migration is the process of transferring data

63
00:02:58.260 --> 00:03:01.830
from one system or storage location to another,

64
00:03:01.830 --> 00:03:03.810
typically from an old system

65
00:03:03.810 --> 00:03:06.450
that's being decommissioned to a new system

66
00:03:06.450 --> 00:03:08.250
that will take its place.

67
00:03:08.250 --> 00:03:11.790
Migration needs to account for data integrity,

68
00:03:11.790 --> 00:03:15.060
compatibility, and continuity of service.

69
00:03:15.060 --> 00:03:16.440
During migration,

70
00:03:16.440 --> 00:03:20.820
data should be validated to ensure that no corruption occurs

71
00:03:20.820 --> 00:03:24.630
and that the appropriate redundancy measures are in place

72
00:03:24.630 --> 00:03:26.790
to prevent data loss.

73
00:03:26.790 --> 00:03:29.070
Depending on the size of the data

74
00:03:29.070 --> 00:03:30.570
and the systems,

75
00:03:30.570 --> 00:03:34.650
organizations may use incremental migration strategies,

76
00:03:34.650 --> 00:03:37.800
which allow for data to be moved in phases,

77
00:03:37.800 --> 00:03:41.670
or an organization may use parallel migration,

78
00:03:41.670 --> 00:03:42.990
where both the old

79
00:03:42.990 --> 00:03:45.720
and the new systems run simultaneously

80
00:03:45.720 --> 00:03:48.030
to ensure a smooth transition.

81
00:03:48.030 --> 00:03:51.690
Alternatively, a big bang migration may be used,

82
00:03:51.690 --> 00:03:54.390
where all data is moved in a single step

83
00:03:54.390 --> 00:03:55.860
to a new location,

84
00:03:55.860 --> 00:03:58.560
usually during planned downtime.

85
00:03:58.560 --> 00:04:01.470
These approaches are particularly important

86
00:04:01.470 --> 00:04:03.630
for mission critical applications

87
00:04:03.630 --> 00:04:07.110
that cannot afford extended outages.

88
00:04:07.110 --> 00:04:09.960
Another technical migration consideration

89
00:04:09.960 --> 00:04:12.210
is the format of the data.

90
00:04:12.210 --> 00:04:16.560
Data schemas and file structures may differ between the old

91
00:04:16.560 --> 00:04:18.000
and new systems,

92
00:04:18.000 --> 00:04:22.440
requiring data transformation to ensure compatibility.

93
00:04:22.440 --> 00:04:26.430
This could involve converting old database formats,

94
00:04:26.430 --> 00:04:29.400
ensuring that application programming interfaces

95
00:04:29.400 --> 00:04:31.020
are properly mapped,

96
00:04:31.020 --> 00:04:33.900
and testing integrations thoroughly

97
00:04:33.900 --> 00:04:35.970
in a pre-production environment

98
00:04:35.970 --> 00:04:38.580
to prevent functional mismatches.

99
00:04:38.580 --> 00:04:42.030
Data migration should also include techniques,

100
00:04:42.030 --> 00:04:44.340
such as pilot migrations,

101
00:04:44.340 --> 00:04:47.160
using smaller data sets to validate

102
00:04:47.160 --> 00:04:49.350
that the data is properly handled

103
00:04:49.350 --> 00:04:52.050
before moving an entire data set.

104
00:04:52.050 --> 00:04:54.840
Following a successful data migration,

105
00:04:54.840 --> 00:04:58.650
secure deletion of the old data is critical.

106
00:04:58.650 --> 00:05:02.310
This process goes beyond simply deleting files

107
00:05:02.310 --> 00:05:04.230
and reformatting drives.

108
00:05:04.230 --> 00:05:08.370
For complete data sanitization, secure wiping tools,

109
00:05:08.370 --> 00:05:12.180
such as the National Institute of Standards and Technology,

110
00:05:12.180 --> 00:05:15.330
or NIST-compliant disc erasure tools,

111
00:05:15.330 --> 00:05:19.020
or cryptographic erasure must be used.

112
00:05:19.020 --> 00:05:23.700
These methods ensure that data is rendered irretrievable.

113
00:05:23.700 --> 00:05:25.170
For hard disc drives,

114
00:05:25.170 --> 00:05:29.160
degaussing or even physically destroying storage media

115
00:05:29.160 --> 00:05:32.070
may be required for sensitive environments

116
00:05:32.070 --> 00:05:33.510
and sensitive data.

117
00:05:33.510 --> 00:05:35.910
Data sanitization guarantees

118
00:05:35.910 --> 00:05:40.410
that any residual data on an old system cannot be recovered,

119
00:05:40.410 --> 00:05:44.100
eliminating the risk of data breaches from discarded

120
00:05:44.100 --> 00:05:46.050
or repurposed hardware.

121
00:05:46.050 --> 00:05:48.150
To see how lifecycle management

122
00:05:48.150 --> 00:05:50.430
and data migration work together,

123
00:05:50.430 --> 00:05:54.450
consider a scenario where a server upgrade is taking place.

124
00:05:54.450 --> 00:05:57.450
If the old server is nearing End-of-Life

125
00:05:57.450 --> 00:06:00.750
and data needs to be migrated to a new system,

126
00:06:00.750 --> 00:06:03.840
the process should begin with a full backup

127
00:06:03.840 --> 00:06:06.630
and verification of data integrity.

128
00:06:06.630 --> 00:06:08.760
Tools such as Rsync

129
00:06:08.760 --> 00:06:12.030
or the Azure Data Migration Service

130
00:06:12.030 --> 00:06:15.870
can facilitate the transfer of large volumes of data.

131
00:06:15.870 --> 00:06:17.820
After migration is complete,

132
00:06:17.820 --> 00:06:21.570
the old server's discs should be securely wiped

133
00:06:21.570 --> 00:06:23.520
using the Department of Defense

134
00:06:23.520 --> 00:06:28.520
or DoD 5220.22-M method,

135
00:06:28.830 --> 00:06:32.460
or another industry standard approach to ensure

136
00:06:32.460 --> 00:06:35.160
that no residual data remains.

137
00:06:35.160 --> 00:06:39.960
The DoD 5220.22-M method

138
00:06:39.960 --> 00:06:44.070
is a three-pass wipe process designed to ensure

139
00:06:44.070 --> 00:06:46.620
that data is completely overwritten

140
00:06:46.620 --> 00:06:49.260
and rendered unrecoverable.

141
00:06:49.260 --> 00:06:52.260
As part of the lifecycle management strategy,

142
00:06:52.260 --> 00:06:53.850
it's also important

143
00:06:53.850 --> 00:06:57.390
to properly manage software licenses and update

144
00:06:57.390 --> 00:07:00.990
the organization's configuration management database

145
00:07:00.990 --> 00:07:05.430
to reflect the decommissioning of old server resources.

146
00:07:05.430 --> 00:07:08.790
So remember, lifecycle management

147
00:07:08.790 --> 00:07:11.790
and data migration are key processes

148
00:07:11.790 --> 00:07:13.530
for ensuring the security

149
00:07:13.530 --> 00:07:18.240
and functionality of systems as they approach End-of-Life.

150
00:07:18.240 --> 00:07:21.240
End-of-Life occurs when a vendor stops selling

151
00:07:21.240 --> 00:07:22.980
or supporting a product,

152
00:07:22.980 --> 00:07:25.650
leaving it vulnerable to security risks

153
00:07:25.650 --> 00:07:28.020
due to the lack of updates.

154
00:07:28.020 --> 00:07:31.050
Lifecycle management involves planning to upgrade

155
00:07:31.050 --> 00:07:34.440
or replace outdated hardware or software

156
00:07:34.440 --> 00:07:37.890
before End-of-Life vulnerabilities arise.

157
00:07:37.890 --> 00:07:41.280
Lifecycle management includes tracking assets

158
00:07:41.280 --> 00:07:44.070
in a Configuration Management Database

159
00:07:44.070 --> 00:07:47.550
to forecast when systems approach End-of-Life

160
00:07:47.550 --> 00:07:49.560
or End-of-Service-Life.

161
00:07:49.560 --> 00:07:54.510
Finally, data migration is the pre-decommissioning process

162
00:07:54.510 --> 00:07:57.360
of transferring data to a new system,

163
00:07:57.360 --> 00:08:01.320
requiring careful consideration of data integrity,

164
00:08:01.320 --> 00:08:02.670
compatibility,

165
00:08:02.670 --> 00:08:05.400
and the secure deletion of old data

166
00:08:05.400 --> 00:08:08.283
to prevent unauthorized access.