What Are the Risks of Legacy Infrastructure?
The vast majority of organizations rely on computing systems to run their operations, but for many, those networks have been built up over a number of years. As a result, many organizations find themselves relying on legacy infrastructure.
Maintaining legacy systems can be costly. A recent report by the U.S. Government Accountability Office (GAO) found that of the total technology budget of more than $78 billion earmarked for the fiscal year 2015, 26 federal agencies spent a total of $60 billion on legacy investments. The amount spent on obsolete technology has been increasing for the past six years.
The situation is no better in the private sector. In a recent poll of the banking sector conducted by Tenemos, 80 percent of respondents agreed with the following statement: “Aging IT is the biggest threat to banks today.” It also found that maintaining legacy systems costs, on average, three-quarters of most IT budgets, showing how widespread the problem is in enterprises, as well.
Legacy Infrastructure Hinders Innovation
Maintaining legacy infrastructure can lead to many problems. For example, older systems are likely to be more susceptible to malware. One example is Windows XP, which, according to Microsoft, is six times more likely to be infected with malware than newer versions of Windows. Other problems include systems that are impossible to patch or for which no patches are available, or systems that have been customized to such as extent that upgrading to a newer version would require the customization to be redone from scratch, which is an expensive proposition.
According to the CIO of the Federal Communications Commission, legacy technology is both a security issue and a hindrance to innovation, FierceGovernmentIT reported. New technology developments seen in recent years — including cloud computing, more powerful mobile devices and the Internet of Things (IoT) — provide greater flexibility, efficiency, intelligence, automation and security.
These technologies allow organizations to be more agile, remain innovative and align costs to actual usage. They are generally less complex and easier to manage, and many come with embedded capabilities such as policy management, encryption, authentication and continuous monitoring for greater control.
Investing in New Technologies Makes Good Business Sense
According to a recent article in CSO Online, investing in new technologies makes good business sense, and investments in technologies such as cloud computing and mobile apps are easy to pitch to executives since they save money and bring in new customers.
CSO Online recommended security practitioners should consider either trying to put a dollar value on security risks associated with legacy systems, such as the cost per record lost should the system be breached, or on the ongoing cost of maintenance for a legacy system. With cyber risk insurance gaining popularity, another metric could be the higher costs of insuring legacy infrastructure against breaches.
Given the high costs of maintaining legacy systems and the risks that they can introduce — risks that can lead to dented reputations, reduced profitability and hindered competitiveness from stifling the ability to innovate — all organizations should take a good look at their infrastructure.
There will be many opportunities to replace parts of the legacy infrastructure with new technologies that are more beneficial and allow inefficiencies to be reduced, such as by being able to consolidate data centers or increase usage of shared services. New technologies will also give organizations the opportunity to increase revenue by providing better customer service across multiple channels, which will set an organization apart from its competitors.