Sascha Giese, Head Geek™ at SolarWinds, discusses some of the challenges the government faces with legacy technology and why public sector digital modernisation is long overdue
The global technology industry places a huge emphasis on continual improvement, pushing boundaries, and the importance of remaining up-to-date. Obsolescence has become an inevitable consequence of the industry’s ability to innovate, but for many organisations—particularly across the public sector—this leaves a technology legacy. Despite remaining serviceable and fit for purpose, hardware and software products and services often have a relatively limited lifespan. When they subsequently remain in use, they move into the legacy category and become subject to a range of risks, from security breaches to reliability issues.
This overall situation is well understood. Last year, the U.K. government’s Technology Innovation Strategy policy paper set out plans for using emerging digital tech across the public sector and focused on the risks caused by legacy technology.
This is the obvious part—less clear is the extent of the legacy problem in the U.K. public sector. We know across the IT infrastructure at all levels of government, layers of legacy technology play a vital role in delivering services—and to some extent, they always will, no matter how much investment is made. But accurately assessing the depth of the issue and risk priorities is, at present, more intangible. As the policy paper explained, part of the challenge will be working “to understand the scale of our challenge across government, and put in place plans to continuously improve our technology estate.”
A sense of urgency
Over many years and successive governments, legacy technology has racked up a growing list of serious problems. Continuing to “make do” means security, data protection, efficiency, productivity, service delivery, and value for money are all at increased risk. Talented, creative, and ambitious public sector employees don’t always have the digital tools they need to innovate, and the public doesn’t see the benefits of new and improved services as quickly as they could.
Security is a prime example because legacy technology—wherever it remains in use—can leave the door wide open for cybersecurity breaches. For instance, in January of this year, Microsoft® Windows® 7, an operating system still widely used across the public sector, went “end of life.” This is a standard industry practice, and it was announced by Microsoft years in advance and meant they would stop providing security updates and support for the product. Users had a choice between paying for extended support, upgrading to the current version of Windows, or continuing to use Windows 7 in a “legacy” capacity.
The security implications of these issues are perhaps best illustrated by the impact on the public sector of the WannaCry ransomware attack in 2017 when cybercriminals exploited a major vulnerability in legacy IT systems. This resulted in a major disruption for the NHS, the cancellation of thousands of appointments, and a repair bill in the tens of millions.
Similarly, older applications developed to run on legacy technology are significantly less compatible with other areas of IT infrastructure. Since the public sector operates a wide range of bespoke and outdated legacy apps, compatibility issues can seriously impact the ability of users to do their jobs effectively. However, rebuilding these applications to work with modern platforms can be prohibitively expensive.
They also become much more expensive to support, not least because the knowledge and experience needed to maintain these niche, ageing legacy technologies becomes more difficult to find. Put these problems together and the complexity of the challenge grows.
But if the recent experience of managing the impact of a global pandemic on technology delivery has taught us anything, it’s that solutions are available. Newer systems, applications, and platforms deliver a wide range of benefits, from bottom-line financial improvements and efficiency gains to enabling a switch to our current widespread home-working culture.
As the policy paper set out, legacy tech replacement is a process of continual improvement, and progress is being made. The G-Cloud Digital Marketplace, for example, illustrates the diverse and competing choices available to government procurement teams.
But the pace of innovation and change hasn’t slowed. Global technology trends, such as the continued adoption of cloud, are likely to become a bigger part of public sector technology spend. Success will also depend on a holistic approach—as the public sector expands its use of on-premises and cloud infrastructure, it’ll also need to embrace new tools and supporting technologies to deliver ROI in the long-term and ensure the issues created by legacy IT don’t make an unwelcome return.