By definition, a software program represents a route to accessing data – including by unauthorised parties. So if the program is correctly deleted, it follows that the data cannot be accessed via that means.
Redundant software is often maintained to provide access to legacy data for business or regulatory reasons. Sometimes, however, organisations are running unnecessary software to access data which could be accessed via an alternative program. It is also not unusual for redundant software to loaded on machines which the organisation is not even aware still exists … and still be running in the background.
In addition to mitigating security risks, decommissioning redundant software can also deliver significant cost savings in support and resource.
• Conduct a comprehensive review of data which is accessed from legacy applications. If it is still required for business or compliance purposes, relocate it another data repository or archive store that can be accessed independently and securely using reporting or business intelligence tools.
• Maintain the same security procedures on services which are planned to be decommissioned, as any other, live services, including penetration testing where appropriate.
• Ensure that software is completely erased from computers and other business systems prior to physical disposal by using a dedicated deletion program or service, or by physically destroying hard drives.