Most Americans are alarmed by the federal government’s $18 trillion debt. But they’re oblivious to the dangers posed by the nation’s enormous “technical debt.” Technical debt riskThe term “technical debt” was coined backed in the early 1990s by Wikipedia pioneer Ward Cunningham, who compared deferred IT maintenance to financial debt. Almost every software implementation includes quick fixes that the developers know will have to be enhanced at some point to keep the system running securely and at peak performance. This delayed maintenance is a debt that eventually has to be repaid.

Is Your Security Only “Good Enough”?

Many companies have rushed into e-commerce with “good enough” systems that they knew would need enhancement at some point. That debt payment is now due – and it’s gigantic. Gartner estimates that worldwide technical debt will hit the $1 trillion mark this year.

Legacy systems with high levels of technical debt can create a whole host of serious problems: inability to scale, difficulty in meshing with mobile applications, etc. But the biggest danger is data security. Years of underinvestment in security maintenance have left many organizations extremely vulnerable to data breaches. For example, Verizon has found that 70 percent of successful cyber-attacks still involve commonplace techniques like phishing – threats that should have been eliminated years ago.

A Growing Problem

Then there’s the growing problem of server platforms that continue to get used long after their shelf life expires. A recent survey by Bit9 + Carbon Black shows how ill-prepared most corporations were for the Windows Server 2003 end-of-life deadline last month. The survey reveals that about one third of all enterprises will continue to run Windows Server 2003 after the July 14 deadline, leaving an estimated 2.7 million servers unprotected. And about 14 percent of enterprises don’t even have a plan to migrate away from the platform – something that typically takes about 200 business days.

Technical debt is crippling companies’ ability to keep pace with competitors who haven’t postponed needed maintenance and migrations. That fact alone should be enough to spur action. But many organizations will probably need a Titanic-meets-iceberg moment to start whittling down their IT debt. Postponing security updates is like announcing to the world, “We’d like to be the next Anthem or Sony.”

Here’s the good news: Clearwater can help you get out of debt.

Our experts can help you quickly reduce your security maintenance backlog. To learn more about our solutions, fill out the form below and one of our team will be in touch to discuss your needs.

Bob Chaput

CEO at Clearwater Compliance
Bob Chaput is widely recognized for his extensive and in-depth knowledge of healthcare compliance and cyber risk management, and is one of the industry’s leading authorities in healthcare information security today. As a leading authority safeguarding health data, Chaput has supported hundreds of hospitals and health systems to successfully manage healthcare’s evolving cybersecurity threats and ensure patient safety.