10 December 2021

Lewis Huynh, CSO, NinjaOne

As customers, we reevaluated the relationships we had with companies, brands and the supply chain as a whole. As consumers, we demanded seamless experiences across all touchpoints, clear communications and personalised service.

For IT decision makers, meeting these new standards required greater investment into digital transformation, IT modernization, planning and deployment Yet, even today, many companies still continue to operate their businesses on outdated or inefficient legacy technology. And this can stifle innovation, drain resources and lead to cybersecurity risks. What’s more, without the necessary IT infrastructure, business leaders will be putting their customers and organizations at risk.

To gain insights into the scale of legacy technology, NinjaOne surveyed 1,000 IT decision makers in the US, UK, Australia, Germany and France. The resulting report, Global IT Technical Debt in 2021, sheds light on the key areas, including the challenges old technology brings to technology investment plans and strategies.

The UK is behind the curve when it comes to IT investment

The results from our survey show that the UK lags behind other countries in a number of areas, particularly in terms of IT investments, modernisation efforts and growth. In the UK, just 49% of IT leaders reported an increase in IT budgets, compared to 59% globally. Investments in IT modernisation increased by 54% in the UK, compared to 61% in other countries surveyed.

Many UK organisations are experiencing declining IT budgets, creating challenges with legacy technology, which continues to consume accelerating amounts of finance. Respondents also stated the biggest challenge to maintaining legacy technology was managing new and existing security vulnerabilities, and staying compliant with security and data privacy regulations.

Of serious concern is that nearly half of those surveyed experienced a cybersecurity incident due to insecurities within legacy technology. And while outdated IT infrastructure and obsolete technologies are commanding larger amounts of budget, they are also the biggest drivers of IT debt. Respondents

indicated that the hardware and the software used by their organisations was around seven years old, slightly older than the international survey average.

Not only does legacy technology make it more difficult for businesses to react quickly to the market and introduce potential cybersecurity vulnerabilities, it also puts a drain on resources.

IT leaders told NinjaOne that maintaining legacy technology accounts for a significant portion of their teams’ time, driving up labour costs and preventing technicians from focusing on strategic, future-facing, value-add tasks.

Our survey shows that, on average, UK IT technicians spent 16 hours every week on legacy technology maintenance. And with an average salary of £47,000, this maintenance could be costing every business more than £18,800 annually per technician.

Although the current lack of IT investment is intended to reduce operational expenditure, in actual fact it is doing the complete opposite. More significantly, in today’s digital-first environment, the doors are being left open for cybercriminals and the replacement of legacy technology should be a critical priority.

Legacy technology, obsolescence and the security risk

As products reach the end of their life cycles, incremental quality and feature updates, bug fixes and security issue resolutions start to become more important. Outdated technology is more vulnerable to exploitation by cybercriminals and needs to be patched. But once products reach end of life and end of support, customers no longer receive security updates.

The programs and hardware may still work, but there’s an increasing possibility that newer programs and hardware will not recognise obsolete kit. Furthermore, unpatched technology is likely to be the focus of attack, and will eventually be exploited by cybercriminals. Hence, the existence of old technology anywhere in an organisation’s environment could represent a threat.

Organisations must act before it’s too late, but there are often multiple reasons why the problem has been allowed to grow to its current proportions ranging from limitations on resources to more practical considerations like a piece of mission critical hardware that’s aging but can’t be replaced because it would lead to downtime.

When using legacy equipment, locating, obtaining and applying updates can be a labour-intensive, time-consuming process. There may be planning bottlenecks, with not enough time available to manage, plan and implement new technology. Perceived or actual high expenditure costs for newer technology are also a barrier, as are evolving compliance, security and data privacy regulations, which demand additional IT time.

The road to legacy technology management

All organisations face the same issues with legacy tech. Does the cost to fix it outweigh the cost of purchasing new equipment? Historically, IT improvements haven’t been viewed directly as a profit enabler, but rather as a requirement of operations. But this short-sighted approach fixates upon the immediate financial impact and not the bigger strategic perspective.

Investment in newer technologies will not only enhance security, but also improve agility, efficiency and processes. In turn, this will heighten the customer experience, as well as allowing for more accurate and timely decision making.

To tackle the challenge, companies need to make tech debt a board issue and devise a strategy that speaks to the individual needs of a company in the context of its marketplace.

Here are a few examples of how you can put systems in place to manage old technology and improve your business outcomes:

● Schedule a tech audit on a recurring yearly basis to ensure all software is current and hardware is running efficiently and securely. Some departments may no longer be using a piece of software, but if it’s live then it’s still linked to the organization and may contain sensitive and breachable data.

● Instate a clear replacement policy. Once a laptop reaches five years old, replace it.

● Update policies and special procedures. Today’s IT documentation software makes it easy to automate many aspects of documentation, significantly reducing the burden of maintenance.

● Encourage a culture of communication and have people flag any issues with their devices straight away. Encouraging early intervention will help avoid potential disasters.

In the new world of digital transformation, managing tech debt isn’t all about making sure the computers work. There is a real and present risk that out of date technology can devastate a business. This needs to be clearly communicated at the board level, and will not only safeguard against security threats, but also benefit the wider strategic goals of the business.