Zero Trust raises the anchor so you can tack ahead
On a warm summer evening, two CIO technology veterans and I—decades-old friends—sipped beers and reminisced about our experiences running large, multinational, well-known global enterprises.
I asked about their experience with legacy architecture. I heard someone refer to aging legacy applications and technologies as “legacy debt,” a tidily-packed term used to describe how the older, inflexible, hard-to-maintain technology platforms of the past pose a real risk to the advancement and evolution of well-established companies.
We had mixed feelings towards these legacy platforms: after all, they had served our companies well, often supporting core revenue streams of the business. But I think a company’s best measure of intelligence is its capacity to change. Legacy applications threaten this intelligence. As our world changes, so do consumer tastes and expectations about the performance of technology, service, and value. Organizations must become adaptive, innovative, creative, and agile. Business analysts identify these responsive traits as indicators of survival and future success.
Facing a new voyage
The removal of technology barriers helped start-ups become credible threats to well-established players in all industries. Disrupted business models meant some slow-moving corporate behemoths went from market leaders to struggling, outdated, unfashionable, and unprofitable entities.
My CIO friends and I represented three companies with a history of over three hundred years. These were not “cloud-native” companies.
But they had survived two world wars, numerous political regimes, epidemics, fires, floods, and famines. They had adapted and thrived by embracing automation, computerization, digitization, mobile, cloud, and data-driven business decisions.
Making some big bets along the way meant investing in technologies and platforms such as mainframes, distributed computing, and storage mediums such as tape and optical disks. We reflected upon our careers and how far technology has progressed. We each expressed our frustration that even though our companies had adapted and thrived through each challenge, they faced another serious challenge. If our companies could not adapt to rapidly shifting technology directions, we could sacrifice centuries of success and quickly become obsolete and irrelevant.
The scourge of “legacy technology
Like the embarrassing relative that no one talks about, legacy technology never seemed to make the agenda of most conferences. Our collective legacy debt hindered our ability to deliver increased business value and leverage the full potential of the cloud.
Recent technology advancements and the power of cloud solutions finally placed us at a point where business solutions were only limited to our imagination.
We started cloud migration journeys by moving some of our applications, services, development teams, platforms, infrastructure, and digital investment to the cloud. We deployed solutions across multiple cloud suppliers using a variety of cloud consumption patterns and models globally. We were all operating in a hybrid mode, but we still had multiple in-house managed data centers globally.
We wondered if today’s cloud-native CIOs realize how difficult it was justifying a business case to replace a core legacy business platform? Our faces tightened as we thought about the decades of customization, integration, effort, spend, and investment into the platform to fit the business needs like an expertly tailored bespoke suit. Legacy platforms were inadequately prepared for a model where the internet externalized access to applications. The temporary solution—which became permanent—was “lipstick on a pig.” We inadvertently extended legacy technology by adding slick, user-friendly, cloud-based digital front ends that leveraged the legacy platform as a backend processing engine.
Tacking into change
We all know that legacy platforms anchor business operations to outdated business models. Our fear is the world changes at a disruptive speed that makes our core business look woefully dated—or worse yet, irrelevant. It is increasingly difficult to find programmers who are proficient in these outdated languages and technologies. We are left with legacy platforms that are rigid, brittle, and not change-friendly. Yet, they are so difficult to replicate, modernize or buy a replacement from a supplier.
You never see large-scale legacy platforms featuring in a keynote presentation, a report to the board on innovation, or in an award submission. It is the section of your portfolio that is unfashionable and gives us headaches, keeps us awake at night, and acts as a brake on the engine of progress, speed, and output.
I wish I had ten dollars for every time I was asked, “Why don’t you just move it to the cloud?” To quote a Sting song, “It takes a man to suffer ignorance and smile.” These platforms are stubborn: hard to move but critical to business operations and profitability. We have all attempted to create the business case, but the complexity drives costs into the hundreds of millions of dollars. The economics do not make sense.
Yet, we’re under pressure to deliver a safe “connect from anywhere” architecture—especially post-pandemic. Cloud migration pressures are inevitable, and we all aspire to exit our in-house managed data center business. There is a growing urgency to adopt new business models and new ways of working.
A Zero Trust solution
One of the biggest blocks to change is security. Especially now, security is crucial for business. A single breach can cause massive damage both financially and to the brand. Could we evolve quickly, adapt to new cloud-based models and architectures, keep our legacy platforms, and maintain security? Emerging from this industry shift was a potential solution for companies like ours to kickstart our cloud-powered innovation and embrace our legacy heritage in a new safe way: Zero Trust.
We were all moving in a direction to change our cybersecurity architecture with the emergence of Zero Trust. Zero Trust architecture ticked several boxes for delivering business benefits at an economical price while improving the user experience and offering superior cyber protection. We all stumbled across a fortuitous solution to our pressing legacy problem in redirecting business traffic and connectivity routes for better security.
We had previously justified our move to a Zero Trust architecture with benefits like eliminating costly and redundant technologies, improving access methods, and smoothing out user experience. With Zero Trust architecture, you can install a Private Service Edge into a data center and enjoy all the Zero Trust benefits. This was a game-changer. The Private Service Edge solution hides vulnerable legacy apps from being exposed to the internet and offers the CIO a gift of time.
The Private Service Edge also hides legacy platform architectures from the internet and eliminates its attack surface area. You cannot attack what you cannot see. This strategy allows cloud migration and provides more time to plan a graceful legacy exit thoughtfully. Companies like ours still need years to become fully cloud-converted, but at least we could implement flexible, adaptive, and responsive technologies that allowed us to compete. Often a company’s scale can buy you some time. Still, we all recognized that Zero Trust architecture had inadvertently offered us a legacy reprieve and a welcome path forward through the complexity of legacy debt.
A decision would still need to be made to re-write, retire, divest, or replace these legacy platforms and often lines of business. This is always a difficult and expensive path for any organization. That journey can take several years: it’s hard work, and it feels like treading water with little visible business value.
We sipped on our beers with renewed optimism. But each of us wondered if we would see the day when our organizations were fully cloud-converted and unhindered by legacy debt.
What to read next
Legacy cybersecurity is an albatross: Digital success needs a better model
From Wisconsin’s former CIO: Cybersecurity must be a national priority