In the IT world, upgrading equipment is normal. However, businesses often view IT as a cost center, so spending on new equipment is highly discouraged unless absolutely necessary. The existence of better gear is rarely an acceptable reason for a hardware refresh. What about new hardware is that is more secure?
Is better security a good reason to upgrade hardware? Maybe not.
If your hardware isn’t broken, don’t fix it.
If you are anything like me, then you agonize over hardware purchases. There simply isn’t enough time in the world to do a really thorough analysis of the options. To make matters worse, while you were evaluating a new switch or SAN, five new products were released, and they all look great. Still, we give it our best effort, weighing the options and finally compromising on some sort of good-enough solution. The solution we pick isn’t the best, but we can afford it and it meets the essential requirements. We make the purchase and life goes on.
What about when a new product offers some special security advantage? Everyone is getting hacked, so better security sounds great. The problem arises when that shiny new piece of hardware does not meet our essential requirements. Maybe it doesn’t work with something we already have, or perhaps it uses non-standard protocols or patching mechanisms and we can’t see how the team will be able to support it in five years. We all want to be safe, but what about the support cost?
Getting the job done.
The world of information technology has evolved the way it has, through accretion, because it supports other activities. We don’t spend our free time managing Active Directory or racks of PowerEdge servers just because we think it’s fun. (Well, some people do this in their home labs, but that is another story.) We angst and fret over our IT assets because someone out there is depending on our gear to get their job done. It would be nice if all our stuff was designed perfectly, with security built in from the beginning. Unfortunately, that is not the way things are.
So, what to do about security? In the balance between security and convenience, we must keep in mind that convenience is also about compatibility, affordability, extensibility, etc. These things are important. Any security solution that leads you to irreversible technology commitments is probably not a wise investment.