Too good to be true: the hidden risks of gray-market and end-of-life equipment

When the COVID-19 pandemic caused significant disruptions to supply chains worldwide, delays in equipment deliveries drove some organizations to either source equipment from unauthorized suppliers, such as those operating in the gray market, or run their hardware beyond its end-of-life (EOL) period.

While these short-term fixes may have solved some problems at the time, they also put the security and reliability of the organization’s IT infrastructure at risk. We explain why and suggest what to do next.

Alternative procurement and sweating the assets

First, let’s define what we mean by these terms:

• Gray-market equipment is sold legally but through distribution channels that aren’t authorized by an original equipment manufacturer (OEM). The equipment may be damaged or substandard in some way; it may even have questionable origins (it could be counterfeit, refurbished or even stolen and being resold) or come with invalid software licenses. Sometimes products intended for one market or region are imported and sold in another without authorization.
• EOL hardware is no longer manufactured, sold, maintained or supported by the OEM – typically, this happens when it is older than five years – and has a higher likelihood of failure than newer hardware. No more software updates are issued, and new security vulnerabilities won’t be patched. Furthermore, the OEM no longer manufactures replacement parts and accessories for the hardware.

Cheaper and faster doesn’t mean better

The allure of lower prices or faster delivery times is undeniable, but are you willing to accept the long-term risk?

With gray-market suppliers, the promise of a lifetime warranty is hollow: they will simply replace the faulty equipment with other gray-market equipment that carries the same risk.

And neither gray-market nor EOL equipment is included in an OEM maintenance contract, which means no official technical support or software updates.

“There are temptations out there. Be aware, be careful, especially in these times … And if it’s too good to be true, it probably is,” Al Palladin, Legal Director of Global Brand Protection at Cisco, told CRN.com in 2022.

At the time, he said, gray-market sales were undercutting Cisco’s business by USD 1.2 billion a year, and overall, hardware providers were losing more than USD 100 billion a year, according to the nonprofit Alliance for Gray Market and Counterfeit Abatement.

• ALSO READ → Want to become more sustainable? Start with your technology

A security risk

Some IT managers may justify their usage of EOL or gray-market equipment by saying, “I only use it in my internal network, so what do I have to worry about?”

At first glance, this statement seems to carry some weight because the internal network is seen as secure – so why worry about vulnerabilities?

However, a breach may propagate across the network and open unexpected doors for the attackers. Just imagine what a cyberattack enabled by the failure of old or substandard equipment can cost your organization and how it might affect your reputation with your customers.

The breach may even originate from the equipment itself. Gray-market gear may carry malware that could send traffic to malicious actors or expose proprietary information. 

Digital transformation delayed

Also keep in mind that gray-market or EOL hardware may not be compatible with the latest software and technologies, which can lead to performance issues, prevent scalability and hold back your organization’s digital transformation.

Any initial cost savings may come back to haunt you when you examine the total cost of ownership of the equipment, which factors in maintenance costs, potential downtime and the need for specialized skills to troubleshoot older systems.

And, if your organization has to comply with global payment-card regulations or Health Insurance Portability and Accountability Act requirements to protect sensitive patient information in the US, for example, equipment failure may leave you noncompliant and facing large fines or other punitive measures. 

How NTT DATA can help

It’s useful to start by taking stock. We have the skills and tools to examine your organization’s current IT environment and identify any gray-market or EOL devices. 

Then we can provide reports on product lifecycle information, maintenance contract coverage, licensing and suggested replacements, and help you budget for replacement equipment that is aligned with your business requirements and objectives.

• ALSO READ → Use turnkey deployment to make your network refresh a breeze