2 min read

Taming technical debt for a more agile, secure future

Taming technical debt for a more agile, secure future

 

4 learnings from a top Infosec specialist

By Secure Agility

Definition:  Technical Debt:  technology systems and processes which are costly to maintain but add little value to the business.

Recently, we were pleased to host Steven Woodhouse, a respected CIO with a wealth of Cybersecurity and Cloud experience. We discussed several issues that are pertinent right now in cybersecurity and how it relates to technical debt.

Technical debt is a problem for many organisations, and it can easily influence budget priorities.

In this blog, we will review technical debt, how it’s tied to security and IT decision making, and how taking steps now can avoid technical debt arising in the future.

 

1. Try changing amid technical debt

The concept of technical debt is broadly defined as technology systems and processes which are costly to maintain but add little value to the business. Systems that are difficult to change also add to the technical debt problem as they hold back modernisation.

Many organisations are managing digital transformation programs without taking a close look at the technical debt they might be tied to first.

There remains a lot of technical debt within digital transformation journeys, but how can an organisation do digital transformation successfully with massive technical debt?

Historically, Kodak ignored digital and thought they didn’t need to do anything. They ended up folding, partly due to the high levels of technical debt they were carrying.

 

2. Technical debt is also tied to security & processes

Legacy systems can constitute the bulk of an organisation’s technical debt, and this has wider information security challenges.

Operations teams should update and patch systems routinely, yet this is often done ad hoc. In the case of systems past their supported lifespan, how are you mitigating security vulnerabilities?

The signs and precursors of technical debt do not just relate to systems, it’s around processes as well.

Organisations will struggle to automate bad or manual processes and when asked if they have technical debt, most people will say no.

 

3. Budgets and roadmaps are important

How can technical debt influence budget priorities? If technical debt is ignored it will not rise to the budget level, but it needs to be part of the risk conversation, which is, in turn, up there with the budget conversation.

IT budget strategies need to include remediation of technical debt and the first thing an organisation should have is a technology roadmap to describe all the systems across the organisation, what they are used for, and when is the end-of-life.

That is the key because it allows CIOs to have an accurate risk discussion.

 

4. Avoiding mistakes of the past

Technical debt should NOT be viewed as a historical concept and can arise with the adoption of modern tools and services, especially the cloud.

As more services move to cloud and service providers, how can Australian organisations avoid a new form, or wave, of technical debt?

There is a big push to the cloud, but is your information portable and will you able to pull it out at any time in the future? Or, if something happens, and you need to go back in time to an archive?

To prevent technical debt from repeating itself in the cloud, Woodhouse suggested that IT leaders need to be reviewing the use of data in the cloud – not just the contracts, but cloud transparency.

As with in-house processes, cloud processes (or processes built around cloud apps and services) can become a form of technical debt in future. It might be very difficult and costly to re-create business processes deeply embedded in cloud services.

Review the other articles in this series Shoring up skills in a changed information security landscape or Cloud security: How much don’t we really know?

Is your security best practice? Uncover ISO 27001 to find out

Is your security best practice? Uncover ISO 27001 to find out

Discover how to implement and leverage ISO 27001 for better information security

Read More
Countering cyber threats to your critical infrastructure

Countering cyber threats to your critical infrastructure

How a combination of training, checklists, and technology can help critical infrastructure managers meet new obligations around managing and...

Read More