Software support: risk vs reward

Martin Biggs at Spinnaker Support asks, is your software support package working hard enough for you?

Shifting priorities, perpetual upgrades, rising fees. If you’re a business who relies on your vendor for software support and maintenance, you’ll know exactly what we’re talking about.

Many large software vendors are losing interest in on-premise systems in favour of newer, more dynamic cloud offerings, and many businesses are suffering because of it. 

Some feel like their business goals no longer align with the direction their vendor is pushing them in. Others have highly functional legacy systems that suit their needs perfectly, but they feel pressure to upgrade or migrate.

One thing unites all these businesses: they’re paying a significant annual sum for this support and maintenance package.

This situation might ring a bell with your own business. Many firms feel like they’re being squeezed on software support, and yet IT leaders often choose to stay with their vendor’s support instead of looking for alternatives – often because they mistakenly believe that it’s the only way to stay compliant with necessary data protection, cyber-security and industry-specific regulations.

Many firms even opt to upgrade their entire systems – which comes at a huge cost – just so their software meets regulatory compliance.

Those who choose to stay on their legacy infrastructures can be faced with reducing support and maintenance. This is a huge problem for all businesses, but especially those who must meet stringent regulatory, compliance, and reporting requirements. When the software vendors decide that older versions of their software will no longer be supported fully, your business is left exposed as no new security patches are created. 

Without complex or restrictive practices such as "sandboxing" in place, this lack of patching prevents businesses from meeting certain regulatory requirements. This creates another compliance headache. In this situation, it’s far riskier to stay with the vendor’s software support than to look for alternatives.

The compliance question

Say you’re happy with your legacy software: it’s functional, effective, and works well for your business and its needs. It’s probably also highly customised, with several integrations. In this case, you’d benefit greatly from a bespoke support approach – not a one-size-fits-all solution.

As an example, what happens when a new government mandate is announced, one which affects your financial reporting, data collection, or cyber-security standards? Or what happens when a major new vulnerability in your software is discovered, and regulatory requirements require you to have a patch ready?

If you’re relying on support from your software vendor, you could be in trouble. Legacy support is unlikely to be their priority. Your business will have to adhere to the vendor’s roadmap and timeline to get you up to speed. 

Of course, this is all assuming that critical vulnerability management options are provided when you’re running a legacy system. Oftentimes, they’re not.

Your business may find itself racing against the clock, diverting resources to fixing a software security patch or devising a compensating control. This is something your software vendor should do, but they often reserve this service for customers running the latest software versions. 

This all contributes to time away from business-critical priorities. Your business knows it can’t redirect all its resources to compliance efforts. You still need to remain profitable and productive.

What can you do?

Third-party software support can solve these compliance headaches. Not only does this support address vulnerabilities and fix the complex, time-sensitive security issues so you can stay compliant, it’ll also customise your exact compliance needs in line with your industry and geography.

Expert teams who take a customer-first view to software and security are on hand. They’re continually researching and monitoring the cyber-security landscape, staying one step ahead of emerging vulnerabilities so that you don’t have to.

Crucially, this level of vulnerability management and security support is offered to all customers regardless of what software version your business uses. In fact, working with a third-party partner often improves your security posture far beyond what a vendor can offer.

How? Because your partner will address your entire technology stack, taking a holistic approach to security and compliance. They won’t just offer short-term solutions when a threat emerges. They will work directly with you to find compensating controls for your software when required, keeping you compliant; and they should keep you in the loop on security concerns and monitor for new vulnerabilities.

Third-party software support teams will work with you to understand exactly what your business needs to do to meet compliance, no stone left unturned. So you’ll never be deploying fixes or updates that are irrelevant to your business or industry.

Third-party software support is used by the most highly regulated organisations to improve service and reduce risk.

We’ve heard many times that third-party support can’t offer the same security protections as the vendor’s in-house support, but it’s simply not true. The mantra of third-party software support is "comprehensive protection": when there is a problem, it gets fixed immediately. No more waiting for patches and worrying about staying compliant.

Your business should never be cornered into choosing between its valued, customised software system and regulatory compliance. You can have both – third-party software support will show you how.

Martin Biggs is VP and Managing Director, EMEA & Strategic Markets at Spinnaker Support

Main image courtesy of iStockPhoto.com