Retiring Adobe Flash Will Make the Web More Secure—Eventually
ANALYSIS: Adobe’s decision to retire Flash will bring complications for businesses that haven’t already upgraded but it will also make the web more secure
This will require some advance notice to your employees. It will also require you to perform a survey of the websites that your organization actually needs to use to do business.
For most organizations, the list should be a fairly small number of commercial sites, a few news sites and perhaps a couple of social media sites. Ask your employees to make a list of the sites they visit every day and if necessary what business purposes the sites serve.
Note that this list is probably a small subset of the sites that your staffers actually visit, since it’s not uncommon for employees to do everything from shopping on Amazon.com to visiting dating sites on company time.
Adobe Flash
While your personnel policies may allow your staff to do things like shopping, there’s no reason that this activity should risk your organization’s security. That translates into a clear path to eliminate Flash, even if it annoys a few people who spend their lunch hours involved in adult activities.
If you do find instances where a few employees need access to sites that require the use of Flash, perhaps a supplier who has yet to convert, then you can limit the use of Flash to specific business functions and still eliminate it from the other computers and mobile devices with access to your network. While you’re at it, you might want to call the supplier’s IT department to find out their plans for converting away from Flash.
It’s likely that the switch away from allowing Flash won’t be too onerous. If you limit mobile devices to those that either run iOS or Android 4.1 and later and also limit the Android devices to using apps obtained from the Google Play store, then those devices won’t be a problem.
With desktop computers you can set a group policy that eliminates the Flash software and doesn’t allow employees to install it.
Once you’re taken those steps, your problems are over, at least for that security issue. However, somebody either in your IT staff or at your web hosting company will still need to convert away from Flash to an open standard such as HTML 5.
While all of this may look like a huge annoyance, it shouldn’t be. If you’ve been following good network hygiene and keeping your machines up to date, it’s possible that all of your work is already done.
But assuming there are still steps you need to take, at least you know what you have to do. You might be surprised at how little your organization relies on flash and how relatively easy it will be to eliminate the use that’s left.
Originally published on eWeek