When we consider so many elements in our lives, many people feel the common adage: “If it ain’t broke, don’t fix it.” In technology, this can be detrimental to our business and personal lives if we don’t pay close attention to the risks associated with taking such a stance. Trying to use outdated technology can be a money saver on the surface, but more often than not, it’s a money trap that you expect to emerge from both a capital expenditure perspective and an operating expense perspective.
Years ago, I was working to identify a number of systems and determine the usage and necessary updates for those systems. In my work, I found several older, older, and older systems that were in use and identified one, an older AS400 that was over 15 years old. The system was the core of about 400 people and it was critical to doing their job, and every person I spoke to about the system immediately told me two things: they couldn’t work without the system, and it was fine because they paid support for that. . system.
All the people involved insisted that we couldn’t touch that system because “they were special”, “it couldn’t fail” and “they had support, so we didn’t have to worry about that.”
While my team was reviewing the system, I sat down with the owner of the system and called the vendor. They had been paying an inordinate amount of money each year for support and I asked the provider a simple question. “If the system fails with a hardware failure, will you guarantee that it will be repaired?” There was a pause and then came the answer. “Our SLA is that we will have a technician on site in 4 hours.” I smiled, waited and phrased the question differently: “Can you guarantee that you will be able to bring the system back online?”, And the answer was: “Our SLA is that we will have a technician on site within 4 hours.” We had some further discussions, but after the call I looked at the owner of the system, a non-technical person in charge of an important area and asked if they understood what had just happened, they were very thoughtful and just said. “I think we need to consider some additional options.”
We replaced that system with a newer box and worked to replace the software. By using virtual techniques, we moved the system to a more resilient platform, ensuring that the system would be online as needed and ensuring that the solution would not be an on-site technology within 4 hours, but rather a system that supports 400 workers who would be in line even in the event of a disaster.
So why did we make a good decision? It is easy. First, if the entity had fallen for even 1 hour, the 400 affected workers would cost an excessive amount in dollars. Even if it’s a minimum job of $ 10 an hour, which it wasn’t, that’s $ 4000 an hour. If an outage was experienced, it could have turned into a huge amount of operating expense dollars in lost time that dwarfs any other costs. Second, if the data had been lost, there would have been no alternative operating systems or hardware to bring the system back online, and the cost of losing the data could be immeasurable. Third, the system itself, being outdated for so long, had numerous security issues and could easily have been a breach of data protected by regulation. This alone can destroy both the credibility of a business and the finances of the business with minimal chance of recovery. Fourth, the system itself was impacting users and becoming less and less usable, causing real workers to find a solution to do their work that was even more expensive.
Of course, there were many more reasons, but how important is this to both small and large companies? Well, as a system ages, we add risk to that system and potential points of failure, including replacement issues. The larger the system, that is, the more moving parts, the more likely it is to have problems, as systems can be more easily affected and users more easily.
A simple approach can be HardwareAge + OSAge + Risk + userimpact + financialimpact-DR resilience <10.
Why?
Well, as hardware ages, it requires updates, but it can also require replacement parts. As parts become less available, the risk to the system is high and can be frustrating. If you virtualize, you have to consider that the virtual strategy is part of the same equation, but in the case of the system, the age of your hardware is always 1, as the virtual system becomes the necessary upgrade.
The operating system can turn into a nightmare as you get older as you will develop more and more security risks. If you are at the end of your life and are no longer receiving support, you are instantly at great risk and need to find a solution. We often forget about the operating system and it is the source of much of what we do, and in most programs the basis for getting work done.
Risk can be a massive discussion on its own, but in this case let’s consider risk as regulatory or agency risk, since the whole equation deals with risk indirectly. So consider risk from 0 to 5, where five is the most important controlled items and regulatory work, such as HIPAA, and zero means no risk.
For user impact and financial impact, this is subjective, but rate the impact from 0 to 3, where 0 is no impact and 3 is a high impact.
Disaster resilience can detract from your score by creating situations where you can get back online quickly without as much risk of downtime. This can be accomplished through programs that bring your system back online quickly. Using a virtual machine and a solution like Datto can quickly reconnect even in the event of a total loss, reducing overall risk.
This is not a hard and fast rule and it is something I solved to explain to people the risks associated with systems in a simple way. A good tech professional would look at this and say it’s a start, but there is so much more, but this will let you know where to start. If you come up with a number greater than 10, it’s definitely time to start talking to someone. If we take the example, we had it before. We get these numbers:
15 + 16 + 5 + 3 + 3-1 = 42
Every increment above 10 should have been a red flag, and in this case, the disaster recovery recoverability could have been 1, and it still would have been bad.
This is still just a guess. It is equally valid to measure compatibility and availability without an equation. As the number of people who can support a system decreases, risk increases rapidly, whether the system is high risk or not. Several times, I have been put in the position of finding a way to get into a system that no one knows a password for and no one knows how to repair. If your support is single threaded, it’s time to replace your software, hardware, or both.
It is also important to take a close look at what providers tell you. Obviously, there is no warranty on any system, but when you are not given an ETA or a climbing route in the event of an outage, you are skirting the downtime and potential costs associated with it.
Remember, if a system is not critical, will not cost time, will not be lost, has no critical or useful data, and may be gone forever without any impact to you or your business, then maybe it is okay to keep a very old system. I’m sure there are some exceptions too, where a piece of software would cost a lot to update and the update is avoided, but in the end, if you have these systems and you say, “If it ain’t broke, don’t fix it” maybe those machines should be shut down anyway and find new solutions that really help business.
