Modernization is an important and ongoing process in business. Without modernization, fragile processes and systems break more easily and lead to big problems.
Are you tired of reading about security yet? We’re tired of writing about it, that’s for sure, but it’s all the rage right now. COVID-19. Work from home. Remote work. VPNs. Vulnerabilities. Misconfigurations. Malicious packages in npm libraries and other open-source problems. Businesses certainly need to focus on security, but they also have to remember that security isn’t the only technological consideration. Digital transformation will be one of the biggest trends in 2021, but before businesses can get to that, they have to prepare. Preparation involves many things, like training employees to work in the digital space and exploring digital solutions. But even before any of that can happen, businesses have to go through modernization.
Modernization is an oft-forgotten process, one that businesses tend to put off. The theory of business leaders is that if it isn’t broken, then you don’t fix it. But in technology, that’s just not how it works. In technology, just because it isn’t broken, doesn’t mean it won’t break soon. The longer code sits without being updated, the more fragile it becomes, the more dangerous it is to build atop of, the higher the chance that it WILL break. And when that piece of code does break, the best case scenario is a slowdown in production. Worst case scenario sees the business shutting down for however long it takes to come up with a fix.
A prime example of what happens when you don’t modernize your technology is evidenced by a Chinese railroad that was shut down for 16 hours earlier this month. China Railway Shenyang in Dalian, Liaoning still runs largely on Adobe Flash. In 2017, Adobe announced that it would end support for Flash at the end of 2020. This gave users 3.5 years to make an adjustment. On January 12, “time bomb” code went off. For this railway, it meant being unable to access the railroad’s timetables, eventually showing as many as 30 stations with problems. This shut down the entire railway system until a pirated copy of Flash (without the “time bomb” code) was uploaded to return functionality.
Whether Adobe’s message never made it to this company or the company opted not to make any adjustments is a moot point. Blame at this point doesn’t matter, what matters is that a massive business shutdown happened because the company didn’t properly handle the transition. They didn’t modernize and they paid the price. And now they are still operating on fragile, unsupported, pirated code, which is going to cause an even bigger problem down the road.
There are two additional issues here that contributed to the shutdown of the business: A lack of backups and poor incident response.
Backups are important. This company relied on one system and one system only for timetables. Without those timetables, trains cannot run. This is what we call a mission critical business function because business cannot continue without it. Which is why it is imperative that backups are in place.
Incident response is also important. Incident response plans aren’t just for security or data breaches, they are for any incident that can happen. A break-in, an earthquake, a hurricane, a fire, a flood or any other number of disasters, even software outages or breaks, require an incident response. Time is money and the longer it takes to figure out what the problem is to then fix it, the more time and money are lost. In this instance, it took four hours just to get a temporary fix, which didn’t last long. In total, the issue lasted about 16 hours, during which time the business surely lost money and the trust of its users.
Remember, this wasn’t a security issue. There’s no threat actor, no nation state, no amatuer hacker trying to make a name for themselves. No, this problem falls on the shoulders of the business leaders who should have known that a change needed to be made. Or, if they did know, shouldn’t have ignored it.
Modernization is important. Stability and support matter. Tech debt will eat your business alive if you don’t stay on top of it. The next time your IT team comes to you and says, “Hey, we really need to update this technology, it’s breaking all the time and it won’t last much longer,” be sure to remember this example. Can your business survive a 16-hour onslaught of business interruptions? What about a complete shutdown? Do you have proper backups and incident response plans in place? If you are suddenly panicking thinking about this, then you grasp the importance. If you don’t know where to start, ask an expert. Just don’t ignore the problem because it will surely be more costly when it finally breaks than if you address it now.