Beyond enabling organizations with content, an ECM solution’s job must remain governed and secure. If an ECM solution does not align with current standards and controls, it will fail. Legacy ECM systems can be a huge liability in this context, though this is often unknown to the organization. Many aging systems don’t meet today’s standards for securing and protecting critical, high-value business data.
Legacy ECM systems are vulnerable even to obsolete threats. Indeed, the top nine security threats that have recently compromised legacy ECM systems consist of malware code that is over three years old. Legacy systems are exposed to risk because they were not designed to address even these aging security threats. When attacked by newer threat vectors that are designed specifically to expose systems, legacy ECM solutions don’t stand a chance, regardless of the number of “band aids” organizations place on them.
Further risk exposure arises because legacy ECM does not generally interoperate well with security and identity management systems. As a result, organizations try to manage ECM security in multiple places. When it comes to user security, legacy ECM solutions can force the hand of organizations to adopt less than ideal administration scenarios. Updates in one location do not replicate automatically in others—creating multiple points of failure.
For example, if admins grant access rights to a user in one legacy ECM system, that user may not have comparable access privileges in other systems. That’s a big problem, potentially, one that might be revealed in an audit. However, by then it’s probably too late. After all, as a user’s job changes, security rights and roles also change, and the complexities are compounded in managing these in more than one location.
Unless an organization is carefully considering and handling its ECM controls, it puts human error squarely in the middle of key security measures. Many of the breaches happening today—particularly on the government side—are related to this. Security concerns are expanded further when legacy ECM systems are left stagnant, making them an easy target for data breaches.