Introduction
Obsolete products and outdated software applications pose significant security risks for organisations. The CES (Cyber Essentials Scheme) framework is designed to help address these challenges, ensuring that businesses can protect themselves from potential cyber threats. One of the key strategies to tackle the risks associated with obsolete products is using MSIX, a modern packaging format developed by Microsoft. In this blog, we will explore the challenges associated with obsolete products in the CES framework and how using MSIX can help your organisation comply with the security guidelines.
Challenges with Obsolete Products in the CES Framework
Obsolete products, including out-of-date smartphones, tablets, laptops, desktop PCs, and software applications, contribute to two main problems:
- Lack of security updates: Unsupported products no longer receive security patches, increasing the likelihood of attackers exploiting known vulnerabilities.
- Absence of the latest security mitigations: older products may not include up-to-date security measures, making successful exploitation more likely and detection more difficult.
Both issues make high-impact security incidents more probable, potentially leading to disastrous consequences across the organisation. To comply with the CES framework, organisations must address these challenges and minimise the risks associated with obsolete products.
The MSIX packaging format
MSIX is a versatile packaging format that supports a wide range of applications, including legacy Win32, WPF, and Windows Forms applications. By using MSIX for deploying and managing obsolete applications, organisations can achieve several key benefits:
- Simplified deployment and updates: MSIX streamlines deploying and updating applications, making it easier to manage legacy software.
- Application isolation: MSIX ensures that applications run in isolated environments, reducing potential conflicts, and improving system stability.
- Clean uninstallation: MSIX allows for the complete removal of applications, leaving no residual files or registry entries on the system.
- Enhanced security: MSIX offers various security features, such as certificate signing and restricted access to system resources.
- Customisation: MSIX enables modifications to application settings and configurations without altering original binaries, allowing organisations to adapt legacy apps to their specific requirements.
Complying with the CES Framework Using MSIX
To utilise MSIX for managing obsolete products in compliance with the CES framework, organisations should follow these general steps:
- Obtain the original installation files for the legacy application.
- Use appCURE Capture and Packager to create an MSIX package from the original installer or application files.
- Test the newly created MSIX package on a target system to ensure proper functionality.
- Sign the MSIX package with a trusted certificate to enable secure deployment.
- Deploy the MSIX package to target systems using a preferred deployment method (e.g., System Center Configuration Manager, Intune, Azure Virtual Desktop (MSIX app attach) or a third-party tool).
Conclusion
MSIX provides a powerful solution for addressing the challenges associated with obsolete products in the CES framework. By adopting MSIX, organisations can better manage legacy applications, enhance security, and comply with the CES guidelines. However, it is crucial to assess the compatibility of each legacy application with MSIX packaging and make any necessary adjustments or seek alternative solutions when needed. By doing so, organisations can minimise the risks associated with using out-of-date technology and work towards a more secure and modernised application management process.