Most IT budget conversations start in the same place: software licenses, cloud compute costs, and headcount. Those line items are visible. They show up in quarterly reviews, and someone is usually accountable for them. What doesn’t show up – at least not until something breaks – is the quieter category: hardware that’s been running past its vendor support date and telecom contracts that nobody reviews.
These aren’t edge cases. A mid-size enterprise can easily carry a dozen network devices that have aged out of support and a telecom portfolio with dozens of contracts, some of which nobody is actively using. The costs from both categories accumulate silently. The hardware problem surfaces as a breach or a compliance finding. The telecom problem surfaces as a finance audit that reveals years of overcharges nobody caught.
The businesses that stay ahead of this aren’t doing anything complicated. They audit these two categories regularly, on a schedule, before an incident forces them to. That habit is what separates controlled infrastructure spending from reactive damage control.
When network hardware ages past its support date
End-of-life (EOL) for network hardware means the vendor has stopped issuing firmware patches, security updates, and technical support for that device. The hardware still functions. It still passes traffic. But every newly discovered vulnerability from that point forward goes unpatched. Permanently.
For Fortinet products specifically, the lifecycle moves through distinct stages: End of Order (no new purchases), Last Service Extension Date, and finally End of Support – the point at which no further patches are issued. The FortiNet EOL list documents exactly where each product model sits in that sequence, which matters because the gap between “hardware we purchased five years ago” and “hardware that’s still within support” is often wider than IT teams expect. FortiOS 7.0, for example, hit end-of-support in September 2025 – any device still running that firmware version is now operating on an unpatched attack surface.
The regulatory signal on this is unambiguous. On February 5, 2026, CISA issued Binding Operational Directive BOD 26-02, mandating that all federal agencies replace end-of-support edge devices – firewalls, routers, switches, load balancers – within 18 months. The directive’s language is clear: these devices face “substantial and constant” threats of exploitation. Federal mandates don’t automatically apply to private companies, but the threat model does. An unpatched firewall in a private enterprise faces the same exposure to exploits.
The numbers behind breach costs reinforce why this matters. According to the IBM Cost of a Data Breach Report 2025, the global average cost of a data breach hit $4.88 million – a 10% increase over 2023. Ponemon Institute research puts the odds in sharper terms: companies running outdated systems are 53% more likely to suffer a breach than those on current, supported infrastructure.
The compliance trap: why running EOL hardware costs more than you think
Security risk is the obvious problem with EOL hardware. Compliance exposure is the less obvious one, and often the more expensive one in practice.
Regulatory frameworks, including PCI DSS, HIPAA, GDPR, and ISO 27001, require organizations to maintain a fully supported, patchable security infrastructure. Running an unsupported firewall doesn’t just expose the network – it puts the organization outside the requirements of those standards. When a breach occurs, and investigators find that the entry point was a device past its vendor support date, cyber insurance claims can be voided, regulatory fines follow, and the reputational damage is harder to quantify but very real.
There’s also the economics of reactive versus planned replacement. Emergency hardware procurement after a security incident costs significantly more than a scheduled upgrade on a known timeline. Unplanned downtime during incident response compounds that cost. Organizations that track hardware lifecycle proactively – flagging devices 12-18 months before their end-of-support date – can budget and procure on their own schedule rather than under pressure.
This pattern shows up across other operational categories, too. The discipline of auditing recurring infrastructure costs before they become problems is the same whether you’re reviewing network hardware or back-office processes. Companies that apply this thinking to reducing operational overhead through structured outsourcing find the same benefit: visibility before the bill arrives.
Telecom bills that no one is actually reading
Large organizations tend to accumulate telecom contracts the way they accumulate network hardware: incrementally, over years, without anyone doing a full audit of what’s active and what’s actually needed. Voice lines, data circuits, mobile plans, connectivity services – dozens of contracts, each with its own invoicing cycle, mostly going straight to accounts payable without review.
The billing error rate in telecom is not a minor rounding problem. Fortune Business Insights’ 2025 Telecom Expense Management Market Report found that 85% of telecom invoices contain billing errors, averaging 7-12% overcharge per invoice. For a mid-size enterprise, that amounts to $50,000- $200,000 in unrecovered overcharges annually. That’s before accounting for ghost services – lines and circuits that remain active and billed after the associated employee left, the office closed, or the project ended. Enterprises waste 15-30% of annual telecom spend on unmanaged services; for a company with a $2 million telecom budget, ghost services alone typically account for $200,000-$400,000 per year, going nowhere.
The structured response to this is telecom expense management. Telecom expense management solutions give organizations systematic invoice auditing, contract management, usage tracking, and automated anomaly detection – the tools to catch billing errors at scale rather than hoping someone in finance notices. The TEM market was valued at $4.95 billion in 2025 and is projected to reach $9.64 billion by 2030, a 14.26% CAGR driven by enterprise demand for cost visibility across increasingly complex telecom portfolios.
The connection to the EOL hardware problem isn’t just thematic. Both share the same root cause: organizations don’t have a clear, current picture of what infrastructure they’re running, what it costs, and when it needs to change.
Building a unified infrastructure audit habit
The practical fix for both problems is the same: scheduled audits on a defined cadence, not incident-triggered investigations.
For network hardware, that means inventorying all edge devices – firewalls, routers, switches, load balancers – and cross-referencing each one against vendor EOL calendars. Any device within 12 months of end-of-support gets flagged for planned replacement. Eighteen-month forward planning gives procurement teams enough runway to budget properly and avoid emergency purchases. This isn’t a one-time project; it’s a recurring annual review with a live asset register.
For telecom, the cadence is quarterly. Pull all active contracts and invoices, match them to actual usage, and identify any services billed but no longer active. Benchmark current rates against market pricing – telecom vendors don’t automatically pass on rate improvements when the market shifts. A digital mailroom cost analysis exercise surfaces the same pattern: back-office technology costs that weren’t actively managed consistently grew past their useful value. The same thing happens with telecom, just faster.
The same logic applies to how organizations manage their digital presence. Just as knowing which network nodes are live versus legacy determines where security resources go, understanding dofollow and nofollow links determines where link equity flows across a website. Infrastructure visibility – physical or digital – starts with knowing what you have and what each piece actually does.
What gets audited gets controlled
The businesses that lose money to EOL hardware and telecom billing errors aren’t making unusual mistakes. They’re doing what most organizations do: staying focused on the visible costs while the quiet ones accumulate.
EOL hardware isn’t just old equipment sitting in a rack. It’s an unpatched attack surface that grows more dangerous with each vulnerability that goes unaddressed. The $4.88 million average breach cost makes delayed hardware replacement look expensive in hindsight – it always is. Telecom waste isn’t just inefficiency. It’s budget disappearing into billing errors and ghost services every single month, compounding quietly until someone decides to look. The audit habit doesn’t require new tools or outside consultants to start. It requires deciding that hardware lifecycle and telecom spend are categories worth reviewing on a schedule, not just when something breaks. Build that habit before an incident forces it.
Article received via email
