The hidden dangers of legacy technology – and how to resolve them
Every business has that one legacy system they can’t seem to let go of. You know you’ve got one - a relic hidden away in some dusty server room. But are you aware of the damage these outdated systems can, will and may already be having on your organisation?
The damage inflicted by legacy technology can range from minor systems issues through to major events that could put your organisation out of business – and it’s important to know the hidden dangers.
Outdated software runs on outdated hardware, all of which eventually leads to ever increasing downtime and continued system failures. Running systems past their operational lifespan is a recipe for disaster. These systems will increasingly overheat, crash and eventually cease to operate.
The damage caused by system failures can range from frustrating to devastating. It can be as minor as IT spending countless hours rebooting servers, or the inconvenience of data loss. It could however be customers left unable to make purchases on the busiest day of the year as your website is offline. The bottom line is that system failures cost money; it could be hundreds, it could be millions.
RBS are an example of a company that learned this lesson the hard way. Legacy systems at the bank failed for several days in 2012, leaving their customers unable to access their accounts and make online payments. Worse still, staff were required to manually update balances in this time. This not only damaged their brand, but cost them millions in lost business. Paris' Orly airport suffered a similar fate. The airport was forced into grounding planes for hours after an instance of Windows 3.1 crashed in bad weather. This system is 23 years old. It’s deeply concerning that some of the most important networks and systems today are woefully outdated.
Depending on your industry, holding onto legacy technology is the equivalent of holding a ticking compliance time bomb. Once a legacy technology becomes unsupported, the vast majority will fail to meet industry compliance standards like PCI DSS, SOX and HIPPA.
These standards place strict requirements which encompass the entire IT infrastructure, often with specific focus on server and network security. Unsupported systems that do not meet these requirements will require significant investment to maintain compliance.
Running a system that is no longer compliant can result in hefty fines from regulating bodies. Visa and MasterCard impose financial penalties on merchants and service providers for non-compliance. These charges can range from £3,500 to £75,000 per month until compliance is resumed. Windows Server 2003 is as an example of technology which no longer meets PCI compliance. So if you’re processing card payments through a website running on Windows Server 2003 you could be non-compliant already.
Increasing operational costs
Running outdated technology increases operating costs. Old hardware platforms lack modern power saving technology, while old operating systems are devoid of virtualisation features. These systems are inefficient and cost more to run and maintain.
As previously mentioned, these systems crash often and require constant attention from the IT department, eating away at employee resource. Failure rates on legacy technology mean you’ll need to track down increasingly rare replacement parts which manufacturers may have stopped supplying.
There’s also the risk presented by a dwindling talent pool. As technologies pass out of circulation, so to do the IT professionals with the requisite skills to support these technologies. Lose an existing staff member and you risk paying over the odds to employ or train a replacement with the skills necessary to manage the tech. That is of course if training is still available the technology in question. Reflecting on the earlier Paris' Orly airport incident as an example, they are now in a race against time to replace the outdated system, before the only technician they have who is familiar with Windows 3.1 retires.
Legacy technologies are extremely vulnerable to attack from cyber criminals. With the average cost of a single data breach now reported at $4 million, this event falls into the potential business ending category. This of course depends on the size of the company and the severity of the breach.
The problem with these outdated systems is that they are (predominantly) no longer supported by the company that created them. You are on your own, if a new vulnerability is discovered by cyber criminals, there will be no security updates released to patch the issue. It’s also unlikely you will be informed of this vulnerability, meaning you are blindly running a system prone to constant attack.
Old technology also doesn’t benefit from advances in security. Take Windows Server 2003 as an example, old server platform lacks compartmentalisation available in modern server operating systems. Once an intruder gains access to your system, they will have free reign to move around. Through a single unpatched vulnerability, attackers can access all applications, middleware and databases running on the server platform.
Outpaced by competitors
We are all faced by digital disruption, accelerating at a pace we’ve not witnessed in any previous era of technology-induced change. The explosion of mobile devices and real-time transactions – supported by cloud services – cannot be handled by legacy systems which were never designed to accommodate these interactions at such a high volume.
This is a simple case of Darwinism, adapt or die. You cannot hope to be a 21st century organisation running on 20th century technology. By clinging on to that legacy system you may find your business lost to a digital startup.
Don’t believe me? We need only look at our recent history. More than 80% of Fortune 500 companies from 20 years ago are no longer on the list. Having failed to make the transition to an internet-based business in the 1990s, they have been replaced largely by organisations born in the last 20 years as an Internet-based business.
The same fundamental transformation is happening now. Instead of a shift to online business, it’s a shift to digital business models and modern digital infrastructures. If you stick with your legacy technology, you face losing relevance and suffering the same fate as those from the 1990s.
- » How to minimise the risk of outages – with better software testing
- » The top 10 cybersecurity companies to watch in 2019 - and the key trends to explore
- » Does the rise of edge computing mean a security nightmare?
- » It’s great to move to a DevOps approach – but have you told anyone else?
- » How Sophos looks to deep learning and the cloud for stronger security protection and delivery