“We used to have a guy for that...”
In discussions about aging technology, IT managers often state this. While most companies used to have the skillset to maintain all parts of their infrastructure, there’s a hidden and increasing risk. The expertise is gone but those systems and infrastructure still operate within the organization. Not only do they operate, but they play a mission-critical role and are often proprietary and customized to the organization.
Without the skillset, gaps in support within the layers of infrastructure emerge and usually, at the worst time. In 2017, 146 million individuals’ personal information was exposed at Equifax because “the complexity of its legacy system contributed to a failure to patch a critical vulnerability,” wrote Robert Charette in Inside the Hidden World of Legacy IT Systems. Within Equifax, there was a lack of support knowledge about its legacy systems. In other words, the company used to have a guy for that.
To understand the risks in support, it’s important to first understand each layer of the infrastructure, specifically the hardware and the operating systems.
The hardware layer
Legacy hardware has played an integral component in IT departments for decades (SPARC servers were first introduced in 1986). As they’re now at end-of-life status, they’re at risk of unplanned downtime, increasing maintenance costs, and a growing security risk. Alarmingly, often the skillset within a company to help mitigate those risks is gone.
IT departments need to deal with this unstable layer, and they’re faced with either rewriting the applications in an expensive and time-consuming migration strategy or finding spare parts on eBay to keep the hardware (and its risks) running. Another solution is a “lift and shift” emulation strategy, which will decommission the hardware and shift the legacy applications to a modern platform or the cloud without any modification or recertification to the application. The risk of downtime is eliminated, maintenance costs decrease, and without the dependence on legacy hardware, IT departments can take advantage of new technologies.
The operating system
Operating systems don’t age the same way as hardware, but without knowledgeable troubleshooting and support, they pose an increasing security and stability risk. These systems have ongoing patches and fixes but when it comes to these older, end-of-life OS versions, the original vendor doesn’t provide the patches.
An IT department needs to have the expertise to troubleshoot, resolve issues, and help a company with their security strategy. Finding a support provider (or training your own staff) that understands the challenges the organization faces, specializes in a system’s specific version and then can also implement workarounds and the patches needed is essential.
There are four main areas for patches:
- Stability patches: These patches fix a performance issue.
- Security patch: These are often the most critical to apply under any type of regulatory framework.
- Kernel patch: Only provided by the vendor, these usually occur with the first year or two of the system being released.
- Firmware updates: Vendors typically stop upgrading firmware about one to three years from the release date.
Unfortunately, not everyone agrees about what constitutes a patch, and most IT managers believe that if a vendor no longer provides patches, the system must be upgraded. But with the right expertise and support, this is not always the case. Upgrading can often come with a lot of hidden costs, including new storage and migrating the data and metadata. Version locking is one strategy that a proper support vendor would know and continue to keep your environment secure.
It’s important to not wait until an infrastructure layer fails or is exposed but to have the support in place for mission-critical applications. With that proper support, IT departments can keep costs down, their operations running smoothly and the opportunities to take advantage (and reap the benefits) of newer technologies.