Adobe has announced that the Flash Player and its respective components will no longer be distributed or updated as of December 31, 2020. While security patches will still be updated as Adobe winds down their management of Flash, it is prudent for businesses and IT professionals to anticipate longer timelines for their deployment, with the exception of critical concerns. Organizations worldwide are being advised to prepare to remove Adobe Flash before the end of life date to mitigate data cybersecurity risks.
Please note that into November and December, there is a good chance that threat actors will take advantage of the less frequent security patch releases and that attacks against Flash will increase following EOL situations. With the discontinuation after December 31, these attacks are predicted to escalate into 2021.
Follow these steps to remove Adobe Flash and ensure a smooth transition:
Perform an inventory.
Understand what systems have Flash currently installed using your software inventory system. Software inventory systems are critical to supporting security patches, pragmatic updates and end of life systems. If an inventory does not exist, security or inventory scanning applications can be used.
Establish a cut-off date.
For example, you may decide to remove Adobe Flash by end of September 2020 to ensure that you have enough time to test your systems post-removal, implement any replacement solution, troubleshoot issues, and acclimatize your end users to the transition before the end of life date forces an abrupt and disruptive change. Examine your calendar for an appropriate day and send a message to all staff that:
- Flash will be removed from all systems
- The reason why
- That it will be black listed
- If you use sites with Adobe Flash – let IT know
- The date of removal
Determine any systems that use Adobe Flash.
This might be a cumbersome task, but it’s important to know if any of your business systems and applications use Flash. You may be surprised by how many do, and by how many have not removed it yet. For each of these systems and applications, contact the provider and ask what their timeline is for removal and what they plan to roll out in its place. Make sure to check your network gear and servers especially.
Remove Adobe Flash.
Remove Flash from all systems using your inventory control or services automation solution. Centralized removal of software followed by blacklisting is critical to ensure continued security. Make sure to run an inventory check before and after the removal of Flash to confirm that your systems are clean, and then validate every thirty days for 90-days to check for rogue installations. Add this validation to your routine blacklist inventory scanning practice.
Storagepipe to the Rescue
Your Backup and Disaster Recovery Heroes
Storagepipe is a trusted global provider of comprehensive cloud, data protection and security services.
Since 2001, Storagepipe has provided these robust and secure managed cloud and disaster recovery solutions from a scalable multi-tenant infrastructure, supported by our first-class in-house technical team. Storagepipe delivers highly flexible and responsive solutions with outstanding value and service, using state-of-the-art technology to offer ultimate protection and peace of mind.
We are driven to be your trusted partner and to ensure that we deliver a Storagepipe Experience that meets your business requirements with the reliability, scalability and support that your business demands.
Contact us today to discover your options around data loss prevention and rapid ransomware recovery with services such as DRaaS Veeam managed appliance for VMWare and HyperV, DRaaS physical server replication, and other Storagepipe DR services. Ensure your business continuity by meeting your operational demands while protecting and recovering your most valuable asset – your data.