Where do modernizing systems fit in with the priorities of most IT teams?
Judging by the prevalence of articles and research findings, the sheer number of mentions of “digital transformation” and “cybersecurity” would indicate that modernization efforts are near the top of most IT teams’ lists. However, judging by the state of many IT environments, the reality is much different.
A very visible example of this underinvestment showed up in the airlines industry near the end of 2022 where, in a two-week period, two substantial incidents occurred that were directly related to a failure to modernize key systems.
First came the Southwest Airlines spectacle, one of the largest airline failures in the history of airline transportation, in which over 16,000 flights were canceled and another 1,500+ delayed. NPR reported in a commentary entitled, 5 things to know about Southwest’s disastrous meltdown, “By all accounts Southwest was using badly outdated computer systems to manage that complicated system.” It is interesting to note that Southwest’s executive leadership was previously aware of this issue and chose not to pursue remediation.
Soon after, the Federal Aviation Administration (F.A.A) snafu created significant disruptions. In a recent New York Times article entitled, F.A.A. Outage Highlights Fragility of the Aviation System, the author shares that, “The F.A.A. has struggled to quickly update systems and processes, many of which were put in place decades ago, to keep up with technological advancements and a sharp increase in the number of flights and passengers.” And, further, “The F.A.A., in particular, has long faced criticism for failing to modernize its technological systems quickly enough…”
Many industries struggle to modernize
While we could look at this as circumstantial and isolated to one industry, you don’t have to look hard to find similar examples occurring in other industries including healthcare, finance, and manufacturing. Unfortunately, these underinvestments are showing up as attack vectors for cybersecurity incidents. The industries known to be in this state are specifically targeted by cybercriminals because the barriers to success are more limited. As an example, one of the most prevalent Zero-Day attacks affecting multiple types of systems and industries was the Log4Shell/Log4j (CVE-2021-44228). Amazingly, there was a very simple workaround – ensure that you have upgraded to Log4j 2.3.2 (for Java 6), 2.12.4 (for Java 7) or 2.17.1 (for Java 8 and later).
Balancing business application and core infrastructure investments
Where there is significant investment in modernization, much of it is first focused on business applications. This makes sense but also needs to be balanced with investments in core infrastructure. Infrastructure technical debt leaves organizations open to substantial cybersecurity risks and prevents full realization of the value of modernized systems.
As we conduct IT maturity assessments and onboarding projects for new clients, we find that most have substantial piles of technical debt. And, while there’s a plethora of advice on digital transformation and cybersecurity best practices, we find that focusing on pragmatic solutions and making value obvious leads to a simple formula – 1) make a plan, 2) work the plan.
Having a plan doesn’t count for working the plan. For most mid-sized organizations, it will not be possible to remediate the environment within one year due to limitations imposed by budget, personnel, and prioritization of other business initiatives. At the same time, not applying any planning or budget to modernization efforts will most definitely turn a mole hill into a mountain of trouble.
Most businesses have accepted, and embraced, the use of technology to create competitive differentiation and improve productivity. What may be less understood is that the river of technology is constantly changing and if you’re not at least keeping up, you’re falling behind at an accelerating pace. To address this, successful organizations form a multiyear plan (we recommend three years) that works off technical debt while keeping pace with change. They then adjust on a quarterly basis based upon shifting business needs.
Wishing you the best for a successful 2023 and hoping that your modernizations efforts are planned and executed well!