E L I T E

Protecting Your Firm’s Financials: Security Lessons from the Latest 3E On-Prem Release

Talk to an Expert
Reading time: 12 min

For many law firms, upgrading core financial systems has historically been about new features: better billing workflows, smoother user experiences, and incremental productivity gains. The latest 3E 3.2.0 on-prem release certainly delivers those enhancements—from more granular 3E Proforma security to smarter notifications and faster write-offs.

But as the Elite team emphasized in a recent 3E 3.2 On-Prem webinar, the most important story behind this release isn’t just usability. It’s security.

To hear the full discussion from the product and security leaders, watch the webinar recording here.

As underlying Microsoft platforms and frameworks reach end of life, staying on older 3E versions doesn’t just mean missing out on new features. It means taking on growing technical, operational, and security risk in your on-prem deployment—risk that directly affects your firm’s financial data. Understanding these risks—and the options available to address them—is now essential for protecting your financial systems.

From Features to Risk: Why Security Is Now the Main Story

While the webinar included an overview of new enhancements in 3E 3.2.0—such as additional configurability within Proforma, improved delegation options, and a series of user experience refinements—the most meaningful takeaway wasn’t the feature set itself.

The discussion ultimately centered on something far more critical for firms running 3E on-prem: the security and support implications of remaining on aging technologies and what firms should be doing now to protect their financial systems.

Ray Espinoza (Elite Security) and Joseph Cotrono (Engineering) walked through what’s happening underneath the application itself—in the Microsoft platforms and frameworks that 3E relies on. This is where the real risk emerges.

For firms on older on-prem versions such as 2.8 and 2.9, or even some 3.0 builds, the Microsoft technologies they depend on are approaching or are already in end-of-life or extended support status. For example:

  • SQL Server 2019 has moved from mainstream support into extended support
  • Certain .NET Framework and .NET 6 versions have fallen out of active support
  • Microsoft is moving to a faster, more active release cadence, meaning that supported versions age out more quickly than before

This matters because as the underlying platforms age, your ability to receive security patches, maintain compatibility with modern tools, and meet regulatory expectations becomes more complex and constrained.

And you’re not alone. As Joseph noted, there are “about 200-plus companies in this boat” running these older versions. Elite’s message is to be realistic about the risk profile and give firms a clear path forward.

The Hidden Cost of Staying Put

On paper, staying on your current version might feel like the least disruptive option. In reality, it carries hidden costs and risks:

  • End-of-life technologies: Once a Microsoft platform moves out of mainstream support, feature and non-security fixes stop. With extended support, even security updates may require separate paid programs and specific eligibility.
  • No new security patches: For 2.8 and 2.9, Elite can no longer provide new security patches. If new vulnerabilities are discovered in components used by those versions, your firm will not receive patches.
  • Compliance exposure: Running critical financial systems on unsupported platforms can raise questions during audits and regulatory reviews, especially where client or financial data is involved
  • Operational drag: Aging infrastructure and software become harder to support. Replacement parts may be scarce, and modern security tools may not fully support older operating systems.

In other words, “doing nothing” is itself a decision—one that can increase both your cyber risk and your operational burden over time.

To address this, Elite outlines three distinct paths firms can take to protect their financials.

Three Paths to Protect Your Financials

There are three options, each with different timelines, commitments, and benefits.

If you’d like to hear the full discussion and Q&A around these options, watch the webinar recording.

Option 1: Upgrade to 3E 3.2.0 On-Prem

The most direct path is to upgrade from your current on-prem version to 3E 3.2.0.

This path:

  • Keeps you on a fully supported product version
  • Aligns you with current Microsoft platform support, including Windows Server 2019/2022 and SQL Server 2019/2022
  • Gives you access to the latest functional enhancements (such as the new Proforma security options, co-owners, write-off improvements, and UI 49 enhancements)

From a security perspective, this keeps firms aligned with current frameworks, and they will receive ongoing updates as part of the regular release cycle.

Option 2: Opt Into the Extended Security Update (ESU) Program

For firms that can’t move to 3.2 right away but still want to maintain security coverage, Elite offers an Extended Security Update (ESU) program.

Key points for this path:

  • Eligibility: ESU is available only for 3E versions 3.0.3.15 and above. If you’re on an earlier 3.0 build—or on 2.8 or 2.9—you’ll need to upgrade at least to 3.0.3.15 to participate.
  • What you get:
    • Quarterly security scans of the relevant 3E builds
    • Patching of any critical and high-severity vulnerabilities identified (based on CVSS scores) in the third-party libraries used by 3E
  • What ESU does not include:
    • No new feature enhancements
    • No compliance or regulatory updates outside of security vulnerabilities
  • How patches are delivered:
    • Security remediations are included in new builds (hotfixes) of 3E; customers move to the latest build rather than applying patches manually
    • ESU hotfixes are applied by Elite Support and are not available for self-install

ESU effectively buys time. It allows firms to maintain a base level of security while planning a larger upgrade to 3.2 or a migration to cloud. But it’s important to see ESU for what it is: a bridge, not a permanent destination.

Option 3: Move to 3E in the Cloud

The last option is to migrate to 3E in the cloud, where Elite assumes much of the operational and security burden that on-prem customers currently shoulder.

In the cloud model, you get:

  • Managed upgrades: Elite handles upgrades and patching, so you’re not planning multi-year upgrade projects or juggling end-of-life frameworks
  • Security and compliance frameworks: The cloud environment is supported by recognized frameworks such as SOC 2 Type 2 and ISO 27001, along with other controls designed specifically for protecting client and financial data
  • Backups and availability: Elite is responsible for ensuring your data is appropriately backed up and available to the application
  • Faster, incremental releases:
    • Cloud has quarterly releases, with smaller, more manageable sets of changes
    • You get a preview environment for about a month before changes roll into production, giving you time to validate customizations and processes
  • Extensibility and integration: Public APIs and integrations allow firms to connect to third-party applications, customize solutions, and optimize both back-office and front-office operations

From a security and operational risk standpoint, moving to cloud reduces the burden on your internal teams and shifts much of the complexity to Elite—while still giving you the tools you need for reporting, integrations, and customization (subject to cloud readiness).

Before You Choose: Reassess Your On-Prem Deployment

Whether you decide to upgrade, join ESU, or move to cloud, one thing is clear: You must reassess your current deployment.

Ray outlines a practical, security-focused lens that every firm should apply before making a move—or even if you decide to stay put a bit longer.

1. Inventory Your Infrastructure and Hardware

Start with the basics:

  • What hardware is currently supporting your 3E on-prem deployment?
  • Are those servers and components still fully supported by your vendors?
  • Can you obtain replacement parts if something fails?

Aging hardware can limit what operating systems and security tools you can run, and it can increase downtime risk if critical components aren’t easily replaceable.

2. Assess Patch Status and Software Supportability

Next, look at the software stack:

  • What versions of Windows Server, SQL Server, and .NET are you running?
  • Have any of those components moved from mainstream to extended support?
  • Are you enrolled in any required vendor ESU programs (like Microsoft’s) to continue receiving fixes?

As Ray noted, staying on older technologies without the right ESU programs in place can quietly erode your security posture—even if the application itself hasn’t changed.

3. Revisit Backup and Recovery

Your 3E data is the lifeblood of your firm. That makes backup and recovery non-negotiable:

  • Are your backup and recovery processes operational, tested, and documented?
  • Will they still work reliably if you change versions, move to ESU, or adjust your infrastructure?
  • How often do you test restores, not just backups?

Before you move forward on any path, you should be confident that if something goes wrong, you can restore critical financial data promptly and accurately.

4. Evaluate Your Security Controls—Especially on Aging Platforms

Modern security solutions often have minimum supported operating system versions. For example, your endpoint security or other controls might not fully support older OS releases.

Ask:

  • Are all your current security tools fully supported on the platforms you’re running?
  • Have you had to implement special workarounds or “gates” to protect older technologies?

As Ray shared from prior experience, keeping older technology alive can require strong compensating controls and manual effort—which may be acceptable as a short-term bridge, but not as a long-term strategy.

5. Continue Scanning and Patching Vulnerabilities

Finally, keep your vulnerability management processes sharp:

  • Are you regularly scanning your environment for system and software vulnerabilities?
  • Do you have a process to patch or mitigate those findings in a timely manner?
  • If you’re relying on ESU, do you have mitigating controls in place between quarterly updates?

Even with ESU, patches arrive on a cadence, not instantly. You’ll still need defense-in-depth controls to protect your environment in between releases.

What About Customizations and Cloud?

A common concern in the Q&A portion of the webinar was:

“If I migrate to the cloud, can my current customizations and templates come with me?”

The answer, based on the session, is nuanced:

  • Templates: Templates are generally intended to be configured and customized; they are not the same as custom code. In most cases, templates themselves are fine to bring forward.
  • Customizations: Some customizations can move to the cloud, others may need to be redesigned. Elite provides tools like the CAT Scan framework to analyze which customizations are “cloud ready” and which may need changes or could be replaced by standard product functionality.
  • Ongoing troubleshooting: In the cloud, you still have a preview environment to test and troubleshoot your customizations. Partners can continue to support you, and your internal teams can validate behavior before changes go live.

The key takeaway: cloud doesn’t mean “no flexibility.” It means a different model for assessing, validating, and maintaining that flexibility with security and supportability in mind.

Bringing It All Together

The 3E 3.2.0 on-prem release delivers valuable usability and configuration improvements. But the real message of the webinar is strategic:

  • Older on-prem versions are increasingly risky as underlying platforms move into extended support or out of support altogether
  • Firms have three concrete options: upgrade to 3.2, opt into ESU as a security bridge, or move to 3E in the cloud and shift much of the operational and security burden to Elite
  • Regardless of the path you choose, you should reassess your deployment—from hardware and patch status to backup, security controls, and vulnerability management

For finance and operations leaders, this isn’t just a technical upgrade decision. It’s about protecting your firm’s financial data, maintaining compliance, and reducing the operational overhead of keeping legacy technology secure.

FAQs

Q. Why is it risky for law firms to remain on aging 3E (or other financial solutions) on-prem versions?

A. Older on-prem versions rely on Microsoft platforms and frameworks that are approaching or already past end-of-life. When those technologies no longer receive mainstream support, firms lose access to critical security updates, making it harder to protect financial data and maintain compliance. Over time, this increases operational risk, security exposure, and the cost of maintaining the environment.

Q. What are the most important steps firms should take to reassess their current on-prem deployment?

A. Firms should begin by inventorying their infrastructure, reviewing patch and support status for all operating systems and databases, validating backup and recovery processes, and evaluating whether existing security tools are still supported. Regular vulnerability scanning and clear documentation of gaps help build an accurate picture of the current risk posture.

Q. How can firms decide whether to upgrade, join ESU, or migrate to the cloud?

The right path depends on a firm’s timeline, internal resources, and long-term strategy. Upgrading to the latest on-prem version offers immediate supportability; ESU provides temporary protection while firms plan their next move; and migrating to cloud shifts security, upgrades, and infrastructure management to Elite. Each option balances cost, effort, and long-term operational resilience differently.

Q. What are the long-term operational benefits of moving to the cloud?

A. Cloud deployment eliminates the need for firms to maintain aging hardware, manage upgrades, or navigate end-of-life platform risks. It provides stronger security frameworks, continuous innovation through quarterly releases, automated backups, and a managed infrastructure designed to reduce administrative overhead and improve overall financial system reliability.

Q. How does Elite support firms evaluating security and upgrade paths?

A. Elite provides guidance through release notes, deployment assessments, documentation, CAT scan analysis for customizations, and direct consultation with product, engineering, and security teams. Firms can work with their account representatives to review supportability, identify security gaps, and determine the most suitable path to protect their financial systems.

Learn More

Check out our high-level self-assessment to uncover risks, validate your current safeguards, and determine whether your environment can meet today’s security expectations—and tomorrow’s.

View the checklist now

Elite