How Technical Debt can Hurt your Business
Technical Debt is an accumulation of unsupported technology that presents unnecessary challenges. It significantly increases the risk an organization faces when working towards its goals. Software not being updated with the latest features and technology prevents integration with modern technologies and services, reducing the ability to respond to market demand in a timely manner. Ignoring vulnerabilities and patches increases the attack surface for malicious activity for both external and internal threat actors. Using old drivers and firmware can cause operational errors that prevent labor forces from being as productive as expected or possible, increasing overall costs to deliver services and/or products. Overall, this can create negative opinions of the organization and force customers to look for alternative solutions.
The True Cost
Scenario – A manufacturing facility runs 24/7 (8/5 for the front office) and cannot afford downtime. The IT culture is “if it isn’t broken, don’t fix it.” After a while, proactive updates are all but forgotten. The facility runs normally except for equipment that finally breaks and is replaced.
Years later, the wireless was replaced. Support tickets increase related to issues with wireless devices needed for production operations. The wireless vendor finds a few optimizations but no red flags; they request to involve network vendor support. The network vendor works with IT staff but cannot find any issues – they report they are limited in support until the network equipment is updated as on an old and unsupported version.
The customer must now choose between an unplanned maintenance window (downtime) or accepting the degraded wireless experience. In addition, because the IT infrastructure works as a team, a significant version change on one device could adversely affect adjacent devices.
This scenario was entirely about extended troubleshooting efforts. This environment also had countless risks from unpatched security vulnerabilities. Log4J, SSL/TLS version or cipher deprecation, and MITM attacks are a few examples of issues where the device will continue operating normally but, left alone, present risks to the business. In addition to network, storage, and security updates, there are server Operating System, application, IoT, container, and driver versions to evaluate.
What now?
Tackling Technical Debt requires planning, vigilance, and patience. You cannot solve it in 1 day. Be realistic with your technical debt and put a plan together to get it under control. Be informed, research upgrades and their impact, work with your vendors, schedule proactive updates and downtime, evaluate risk, and plan your refresh cycle. Technical debt comes down to a choice: upgrade with a plan or in an emergency.
With time and effort, any IT organization can reduce its Technical Debt. Leadership will always choose expected downtime over an unexpected outage. Neglected for too long, and the scenario becomes a predetermined outcome.