Many joint use asset owners and attachers/renters use homegrown, legacy applications to manage their assets. Some use Excel spreadsheets, or use a combination of applications such as Sharepoint, Maximo, and others. As needs change, systems must be changed and updated to keep up. Patching homegrown applications can keep them going for years, or decades. Many companies we have worked with "patch" systems throughout the year to keep up with daily, growing joint use activities and demands. That's a lot of maintenance work just to accomplish everyday tasks.
We often find that patching legacy systems can end up causing more headaches than upgrading the entire system. There are risks to maintaining a software system by patching. Even though the system may be able to continue accomplishing some of its tasks, the patch-after-patch approach is only a short-term Band Aid, until the next critical update is required. And while the system is still functional, it's outdated. Underlying technologies degrade with age. Over time, new risks are introduced, such as the need for increased security or issues integrating with new technologies.
This summer, as the funding from CAF2 becomes available, a flood of new demands on joint use assets will begin. Companies are planning now for how they will manage these new demands.
Should businesses patch or replace existing systems? Before you decide, it’s important to consider these three significant consequences of repeat patching.
For example, 71 percent of the 2017 IT budget for US federal civilian agencies was dedicated to maintaining legacy systems. This equals more than $34 billion. At the same time, only $3.1 billion was assigned for IT modernization.
Patching can cost hundreds of thousands of dollars and take months to execute. Sooner or later, aging legacy systems will have to be replaced to keep up with (or simply interface with) new technologies. Replacing may be more expensive up-front, so consider potential cost savings over time, time savings, and other additional benefits like greater security and easier integration. A cost/benefit analysis may show the pros outweigh the upfront investment.
The longer a technology has been available, the more time attackers have had to find vulnerabilities in the code. When multiple technologies are customized into a homegrown system, the risk of security vulnerabilities within each individual application and across the system as a whole increases over time, and with every patch. As a result, legacy systems are usually more vulnerable to cyber attacks, harmful viruses, and malware.
Before your next legacy patch, consider the benefits of starting fresh. As technology advances, and joint use activities become even more demanding, consider switching the patch-by-patch approach to a new, modern software that serves your current needs.