There is a well known theory that states that a particle’s behavior changes depending on whether or not there is an observer. Or, stated another way, reality changes if we look at it. However, this is not the case with legacy systems. Simply looking at them is not going to change their disastrous reality…
The first two weeks of August provided further evidence of this. Here are some of the latest disasters (fortunately, only PR disasters at this point) and some of those that are just waiting to happen. The good news for you (dear reader) is that this doesn’t need to be you. Modernizing legacy systems is not rocket science and does not require a second degree in Quantum Mechanics – you just need to hit the Contact link above to keep you and your company out of the news.
Southwest and Delta
Both airlines had significant computer outages that led to severe passenger disruption, in some cases, spanning several days. Both were in the top 5 in terms of US carrier reliability.
So what went wrong? Delta’s issue began with a power outage at a data center and its inability to failover to a backup data center but continued dependency on legacy applications was also cited as a broader culprit. A failure to modernize the smorgasbord of legacy systems dating back to the 50s combined with the demands of the mobile-enabled passenger place ever greater strain on the reliability of these systems.
Recent years has seen the advent of connectivity solutions for legacy systems. Basically, take the smorgasbord and wrap it in a connectivity layer that enables the legacy systems to operate in the modern mobile-enabled world. While this solution does offer short term connectivity benefits, it overlooks the lingering issues with the legacy systems which, left unaddressed, can come back to bite. Lipstick on a pig?
Oracle acquired the retail systems vendor, MICROS, in June 2014 with over 300K cash tills in 180 countries using its software. Oracle recently admitted a major security breach in “certain legacy MICROS systems” which seems to have been masterminded by the Russian cyber crime gang, Carbanak (a $1Bn crime ring). While full details of the breach are yet to be released, it does appear that the access was achieved via the MICROS customer support portal suggesting that user authentication was breached.
At least London’s brave Metropolitan Police wouldn’t be so careless in protecting their systems. But wait…it was revealed last week that 27,000 Met Police computers are still running Windows XP. The largest Force in the UK at the forefront of the fight against terrorism is running a system that no longer receives security updates from Microsoft.
The Met claim that an extended support contract with Microsoft (to April 2017) means they have no security concerns. Let’s hope they’re right.
2016 Financial Cybersecurity Report: Your Bank’s Security Probably Stinks
Banking specifically and financial services more generally is an area that we have covered extensively over the past months. Denial of service has been a constant problem while data security has been flagged as an issue with potentially far-reaching ramifications for the consumer.
Last week saw the publication of SecurityScorecard’s 2016 Financial Cybersecurity Report and with it confirmation that a US commercial bank (one of the top 10 financial services companies in the US) had the lowest security posture. 19 of the top 20 commercial banks in the US have a Network Security Grade of ‘C’ or below and malware is rife with 75% of all (7,111) financial institutions found to be infected.
This isn’t even a case of “the Russians are coming”, they’re already here with fraud estimates already of in excess of $1Bn from banks in Europe, the US and elsewhere.
According to Alex Heid, chief research officer at SecurityScorecard, “the biggest vulnerabilities faced by the banking industry resides within the use of legacy systems that run outdated software, yet these systems are still critical to the performance of daily business operations.”
So Why Don’t We Just Modernize Legacy Systems?
Great question. We wrote about the changes in social fabric since WWII and what the modern manager can learn from cavemen earlier this year and concluded that the current business climate inhibits any kind of risk taking. Not that modernizing your legacy systems with Morphis is in any way a risk, but somehow promoting the status quo seems less risky despite the evidence to the contrary.
Interestingly, a report from Censeo Consulting Group and Public Spend Forum exploring the root causes hindering modernization efforts across federal agencies concluded that managerial risk aversion was clearly to blame. Specifically, 72% of respondents agreed that the penalty for failure in IT modernization projects is greater than the reward; and 86% disagreed that the government rewards risk taking in IT.
This is not just a government issue, it extends across the private sector too. Doing nothing is no longer an option and this is one reality that won’t change simply by looking at it.