You don’t have to live it to learn from it. Earlier this year, the breach of Colonial Pipeline’s digital infrastructure stalled the fuel supply to much of the East Coast and cost the company $5 million in ransom and an incalculable amount in reputational damage.
How that breach occurred provides insight into the risks posed when corporate leaders elect to leave legacy technology intact. It also suggests how those risks can be reduced by modernizing the technical infrastructure with containers.
A single compromised password. Hackers accessed Colonial’s network using the virtual private network (VPN) password of an unused but still connected account. Investigators found the same password in another batch of leaked documents, suggesting that the original user may have included the credential on multiple accounts. Any hacker with that information could follow the user’s identity into other websites with some likelihood of accessing them with the same certification.
Another reason why the hack was so easy to accomplish: Colonial’s legacy technology system required only a single authentication for access. A multi-factor authentication protocol may have prevented the breach. The vulnerability of Colonial’s infrastructure raises concerns about the relative security of legacy technology systems within other business and social infrastructures.
Most legacy systems are ‘monolithic‘ – they consist of a series of functions designed into a single unit where one unit’s functions are dependent on proper functioning of all the other system components. If/when one unit fails, the whole system must wait until a repair is made, then all the components must be checked to ensure they continue to function with the patch in place. A recent report reveals how much of the world’s infrastructure still runs on monolithic technology that is at least ten years old:
- According to Dell, 70 percent of the world’s federal-level software programming is outdated, primarily because budget limitations prevented upgrades and overhauls. Worse, despite its launch more than 60 years ago, the coding language COBOL remains the most popular computer language at this level. Finding COBOL-literate programmers is becoming more difficult every day.
- In the U.S., the situation is equally dire. Of the 10 most significant federal systems, three now have a high security risk due to the age of their technology systems. Those are: The Departments of Education, Health and Human Services and Homeland Security.
- The COVID-19 pandemic also revealed the legacy tech challenges that exist in the nation’s unemployment systems. Many of the state’s unemployment reporting systems also rely on COBOL. Most of them continue to struggle to manage the flood of thousands of unemployment applications generated by the health and economic crisis.
The data suggest that many critical infrastructure functions are inoperable due to the age and obsolescence of their technology. Both past and current government decision-makers are stalled in their efforts to address those problems. Why they are stalled is equally informative:
- At the government level, the modernization of an aging infrastructure represents billions of dollars and years of effort. Many politicians aren’t interested in or able to launch such an immense project.
- At the same time, determining how to make such a change is an equally daunting task. There are a wide variety of modernization tools, and choosing one over another presents its own challenge. How to pay for the project is another.
- Not least, many leaders shy away from the operational disruptions that can occur when upgrading or replacing a technology system. In some industries, data vulnerabilities are rampant, but the required disruption to services during the modernization of those systems is deemed more damaging than a breach.
The concerns revealed in these reports compel many societies to retain their monolithic legacy technology to remain functional despite the risks inherent in those decisions.
Business Leaders Have Different Options
Fortunately, today’s business owners aren’t compelled to rely on such outdated technology, although many of them remain as stalled as their government counterparts. Becoming ‘unstalled’ is often just a matter of becoming more informed about the value of modernizing applications that drive corporate performance through containerization.
Fundamentally, deciding when to begin an application modernization project is usually based on organizational needs and the capacity of the technology system to meet those demands:
- Consumer demand – the ‘customer experience’ – is becoming a more common driver towards application migration to containers. Today’s digitally empowered shoppers are highly discerning; when the website they’re cruising presents a glitch, they will simply navigate away to a new site that is mostly likely a competitor.
- Improved corporate metrics can also drive the decision to modernize to containerization. Increased sales and a higher demand for services also require additional technological supports. Most companies can’t manage their growth using only legacy technology.
- Saving money is also often the reason given for investing in a modernized infrastructure. Newer programming processes function faster and more accurately than legacy tech can manage; the automation capacity available is also a big draw for business owners. In many cases, newly installed technology can significantly reduce operating costs while increasing annual revenues and upgrading overall corporate performance.
A modernized system using containers responds to each of these situations by facilitating swift and effective responses to consumer demand while improving operations and reducing costs. It does more, too, however:
- The containerized system is much more flexible than its monolithic predecessor, so it can pivot faster and with better accuracy as markets demand.
- The technology also improves overall corporate performance. Workers with cutting-edge tools and talents can do more in less time and with more accuracy.
- Its fluid capacities also facilitate corporate growth; when improved corporate performance suggests promising new products or services, the company’s technology is already in place to respond to that opportunity.
The challenges posed by legacy technology are significant, and it’s only a matter of time before those systems fail altogether. If you’re stalled on your company’s modernization project, Datavail’s containerization consulting services can help. Download our white paper to learn more.
Find out about why building a digital bridge for utilities customers isn’t optional, and industry customer engagement success stories.