Back to Blog Landing

Adobe Flash Player End-of-Support – Ten Steps to Take Now!

Steve Sussich October 21, 2020
As of December 31, 2020, Adobe will stop distributing and updating Flash Player. After this date, Adobe will no longer issue regular Flash Player security patches, maintain OS and browser compatibility, or add features and capabilities. Companies need to act now to understand which applications in their portfolio depend on Flash. Here are ten steps to take with Aternity's insight into application usage and performance.

In July of 2017, Adobe announced the Adobe Flash Player end-of-support (EOS). As mentioned in the Adobe Flash Player EOL general information page, as of December 31, 2020, Adobe will stop distributing and updating Flash Player. After this date, Adobe will no longer issue regular Flash Player security patches, maintain OS and browser compatibility, or add features and capabilities. Adobe will be removing Flash Player download pages from its site and Flash-based content will be blocked from running in Adobe Flash Player after the end-of-support date.

Adobe made this decision after recognizing the maturity and adoption of open standards such as HTML5, WebGL, and WebAssembly. Major browser vendors have integrated these open standards into their browsers and are deprecating most other plug-ins like Adobe Flash Player.

Adobe’s technology partners, including Apple, Facebook, Google, Microsoft and Mozilla, issued complementary announcements with more technical detail on what the Flash Player EOS will mean for developers, enterprises, and consumers using their specific OS environments or browsers.

The challenge of identifying your Flash-dependent applications

As a professional services consultant for Aternity, I’ve worked with some of the largest companies in the world over the last three years of my sixteen-year IT career. In my many engagements, I’ve seen first-hand how companies rely on hundreds, if not thousands, of business-critical applications to support their customers, colleagues, and partners.

And in many cases, Flash-enabled websites are a critical component of the enterprise application portfolio. Without Flash being able to run on Flash dependent websites in web browsers, the webpage will incorrectly render and not display Flash objects. This can have an enormous impact on an organisation’s business, revenue, customer satisfaction, and employee productivity.

With the 2017 announcement, Adobe and partners gave companies three years to remove the dependency on Adobe Flash. With that Flash Player end-of-support date fast approaching, time is short to identify which applications are at risk and take appropriate steps.

For some large enterprises, the challenge is a fundamental lack of application visibility.

  • Which applications are at risk?
  • What server(s) host those apps?
  • How many users use those apps?
  • Who are the responsible application owners?

But come December 31, there will be a potential for some major hiccups for IT, employee productivity and increasing security risk.

Using Aternity to identify at-risk applications

One of our customers reached out to our team for assistance on addressing the potential business disruption due to Adobe Flash Player EOS. One of the “Big Four” banks in Australia asked whether Aternity could help them identify which of their web apps were using Flash.

The short answer is yes! Aternity provides insight into the key device and application performance and health metrics on which employees depend. Aternity provide a wide range of device and application telemetry out of the box, but custom activities can also be created to gather additional insights. I developed a custom signature solution that exposes websites relying on Flash to render content on any website.

Aternity customers can deploy the custom signature from www.github.com within minutes. and rapidly see which websites your employees are accessing that have Flash content detected on them!

The benefit/impact of this is enormous for companies seeking to quickly identify all of their respective web applications that use Flash.

My customer used this signature to identify a long list of applications dependent on Flash, the host names of the servers running those apps, and the applications owners responsible for the apps. Many other customers are likely in the same situation, and therefore must act in the next two months to resolve their situations.

One customer mentioned that without this signature and Aternity, they wouldn’t be able to rapidly identify a long list of hostnames where Adobe Flash was being detected. This allowed them to proactively determine the relevant application owners of each host and begin preparations well before 31st December 2020.

Aternity shows an inventory of Flash-dependent websites or web applications, by volume and host name. along with usernames and volume (the amount of times Flash content was detected on a particular server/website).

Ten steps to mitigate the risk of Adobe Flash Player end-of-support

Based on Aternity’s capabilities, here are ten steps companies can take to mitigate the risk of Adobe Flash Player end-of-support.

  1. Discovery: Use Aternity to identify the web applications using Flash in your environment.
  2. Usage: Use Aternity to validate the number of employees who rely on those applications. Prioritize high usage apps first.
  3. Impact on the business: Use Aternity to identify which departments and line of business are dependent on Flash and respective usage profiles.
  4. App details: Use Aternity to identify the succinct “activity” or business process that is reliant on Flash. Prioritize those processes that have the highest affect on the business.
  5. Prioritize remediation efforts: IT engages with the respective Line of Business to they can prioritize efforts for the most important applications and business processes.
  6. Engage Application Owners: Charter app owners to identify suitable options to Flash for the apps they own.
  7. Implement the alternative: App owners and dev teams adopt HTML5, WebGL, or WebAssembly.
  8. Validate the impact of the change: Compare user experience on a pilot group of users to ensure user experience is as good or better than before. Watch the short video below to see Aternity in action.
  9. Deploy resolution to production: Validate the change in production and enjoy Christmas and New Year celebration without worry!!
  10. A ‘just in case’: Prepare a segregated, isolated area of your infrastructure that will not update any web browsers or Flash in the event your organisation still has requirements to access legacy web applications dependent on Flash. As this option poses a security risk, isolating the environment prevents it from being exposed to future vulnerabilities given the web browsers and Flash will not be updated so that the browsers can continue to render Flash successfully.

Ready to get started with Aternity?

December 31 is just around the corner! If you’re a current Aternity customer, contact your Aternity account team to learn more about how you can get a quick step ahead of the competition and deal with the upcoming Adobe Flash Player end-of-support.

Aternity Free TrialIf you’re not yet an Aternity customer, you can explore these capabilities by registering for a free trial of Aternity running in your environment. You’ll see how your organization compares to the market with the benchmarking insights from millions of end points monitored in via Aternity SaaS. You’ll see how your Service Desk can drive down costs and improve service with AI-driven automated remediation. And you’ll get a view of employee experience for every app running in your environment – even SaaS and Shadow IT.

You may also like

Aternity for Pharmaceutical Companies: Putting Patients First Pays Off – Solving a $1M Incident

With Aternity Digital Experience Management (DEM), no-sampling transaction tracing maximizes visibility into enterprise applications to pinpoint issues and minimize incident

Read More
Coronavirus and a Remote Workforce – Five Tips for a Healthy IT

[caption id="attachment_17394" align="aligncenter" width="748"] Source: https://www.healthmap.org/Coronavirus/[/caption] As the Coronavirus COVID-19 outbreak spreads around the world, companies large and small are canceling

Read More
NSA-reported vulnerability, security, Windows CryptoAPI
NSA-reported Vulnerability – Double Check your Windows Device Inventory

By now, you’ve probably heard of last week’s NSA-reported vulnerability affecting hundreds of millions of Microsoft Windows 10 devices. The

Read More