The hidden danger of outdated infrastructure: security risk
With all the talk about cloud solution adoption, it’d be easy to assume that on-premises IT infrastructure is fading in popularity. However, the recent IBM and Forrester Consulting study “The Key to Enterprise Hybrid Cloud Strategy[i],” found that on-premises infrastructure still has a strong presence for many enterprises. The study found that “firms are planning to increase investments toward on-premises infrastructure, and 85% of IT decision-makers (ITDMs) in our survey agree that on-premises infrastructure is critical to their hybrid cloud strategies.” In fact, 75%[ii] of IT decision makers plan to increase their infrastructure investment in the next two years.
Unfortunately, plans aren’t always followed through. On-premises infrastructure updates are often one of the first things to get pushed based on budget needs, project priority or unexpected disruptive events (such as COVID-19). The Forrester study found that 70% of responding organizations have delayed infrastructure refreshes at least a few times in the last five years or more (up from 61% in 2019).
When looking at IT projects and priorities, refreshing on-premises infrastructure is an easy candidate for delay. It’s not a flashy new project and it may be difficult to justify the cost to the C-suite. When juggling multiple projects or the need to slash the budget, IT teams may look at risk/reward equation for not refreshing existing on-premises infrastructure. A decision is arrived that everything is working well enough for now. What is often not taken into account is that there are security risks associated with this gear. In fact, the Forrester study found that half of IT decision-makers found infrastructure-based security issues and vulnerabilities following a delayed refresh.
Changing nature of cyber risk
Security isn’t getting any easier. While the overall number of reported data breaches decreased in 2020, RiskBased Security’s 2020 Year End Report[iii] found that more than 37 million records were breached last year, up 141% over 2019 and reportedly the highest number of breached records since RiskBased Security began its annual report.
While security risk is increasing, organizational commitment to updated hardware is diminishing. The Uptime Institute[iv] found that the average timeframe for a hardware refresh is now every five years (compared to an average of every three years in 2015). Think about how much has changed in the cyber security landscape over the past five years. In many cases, five-year-old infrastructure was never designed to handle the high-risk workloads and security challenges we now task it with.
With the increasing adoption of artificial intelligence (AI) and machine learning (ML) in business and technology applications, the need to support data-sensitive workloads is far greater than it was five years ago and will only increase. Forrester Consulting found that 84% of ITDMs anticipate greater data-sensitive workloads going forward. Couple all that with rigorous compliance standards that are closely tied to infrastructure security and it’s easy to see how not regularly refreshing infrastructure can create a dire security risk and impact an organization’s overall security posture.
Adopting a holistic security posture
Security isn’t a single headed monster, and the enterprise approach to strong, holistic security needs to remain equally multi-faceted. That includes not forgetting or dismissing the importance of regularly refreshing on-premises infrastructure, even as enterprises build out increasingly complex hybrid cloud solutions.