Legacy IT Is Not the Problem

Government agencies struggle to balance meeting today’s pace of technological change and manage risk factors like cybersecurity, cost, reliability and compliance. 

In response, interagency initiatives like the Centers of Excellence initiative, the Technology Transformation Service, and others are being rolled out to modernize legacy IT. 

This is a well-intentioned first step. Yet, it also frames the challenge of digital transformation as a question of modernization. That is not the case. 

Blaming legacy IT for any organization’s inability to satisfy speed and risk requirements can lead to the false conclusion that problems can be solved simply by adopting modern technology.

Digital transformation requires architecting an IT organization around something more fundamental to IT organizations than technology: complexity.

What is complexity in IT?

The more interconnections that exist between components of an IT organization, the more complexity there is. Regardless how shiny an agency’s technology stack might be, complexity creates opportunities for things to go wrong.

Below are the factors that create complexity in IT organizations:

Spread: The more IT is spread across clients, users, nodes, different geographies, technologies, compliance requirements, user requirements, the more complex an IT organization will be.

Disparities: Any time a successful transfer of data or information is required to keep IT operating, you have a disparity. Each disparity is a liability for service failure, non-compliance, a security incident, or more.

Manual work: Any activities that rely on human intervention—whether it be a quick operation, or having to relay information to another person—count as manual work. This is a special class of disparity because it introduces the possibility of human error and limits the speed of successful dependencies being executed.

To understand how this complexity compounds, picture a fictional agency called the Department of Complexity, or the DOC. Its network was built 16 years ago on BIND servers and has since opened six more office buildings across the country. DOC’s network administrator of 15 years, Nelson, now has to manually update a tangled configuration set covering all this new territory. Sometimes, Nelson makes a mistake or is unaware that a certain IP block is used by the cloud team. The DOC’s security team also can’t completely see network activity because the data it needs is decentralized.

Complexity in this example—compounded by various instances of the DOC’s scale, disparities, manual processes—creates a number of risks for the DOC. It breeds opportunities for security incidents to occur and go unnoticed, outages, increased costs and breaches of compliance.

Identifying IT’s complexity threshold

Unbearable complexity can show itself in a number of ways. If the repercussions are becoming too costly, or slowing IT down too severely, that’s a sign your organization has reached its complexity threshold. 

Below are just a few specific examples of signs that IT has become too complex for your organization:

• As an IT leader, you could find that developers default to independently acquiring cloud resources instead of having your team provide them. That’s a sign your processes are too complex for your organization’s patience. 
• You could start experiencing frequent outages due to IP space miscommunication between cloud and network teams. 
• Even worse, your security team could begin having blind spots on the network because they aren’t able to access the data they need with a reasonable amount of promptness.

Reducing Complexity

Instead of considering how to adopt more advanced technology and processes into an IT organization, IT leaders should focus on eliminating avoidable, unnecessary complexity. To do that, consider how each of the following factors can compound to limit IT’s ability to move fast and safely. 

In the case of the DOC, for example, an IT leader may not be able to change the agency’s spread across office buildings, devices, regions, etc. However, other elements that create unnecessary dependencies, like decentralized network information, can be consolidated. Creating cross-functional teams can also help minimize the risk by bringing the people involved in risky dependencies closer together. Automation and orchestration tools can also help minimize the risk of manual labor-related errors, and increase the speed of service delivery.

Certainly, future-proofing an organization will involve modernizing certain technology and systems. However, framing the question of digital transformation as a higher-level issue of managing complexity is a vital step. The goal of digital transformation, after all, is to create an adaptive architecture that endures beyond assumptions of today’s available technology.

Andrew Wertkin is chief strategy officer at BlueCat, and host of the Network Disrupted podcast for IT leaders.