End of Life: What to Do When IT Services Run Out of Maintenance?
Opportunities and Risks of Modernizing IT Operations
So-called "outdated components" can be found everywhere: The more complex a company's IT landscape, the higher the risk that services and components, such as PostgreSQL 9.6, will reach the end of life and run out of supplier maintenance in the near future.
So what's to be done?
On November 11, 2021, PostgreSQL 9.6 will reach the End of Life and become a so-called "Outdated Component." Basically, PostgreSQL 9.6 database users should now upgrade their existing databases to a newer - or preferably the latest - version. This is the only way they can get further support and new features developed in versions 10, 11, and 12. To use the latest PostgreSQL version, databases do not need to be upgraded progressively. It is possible to switch directly from version 9.6 to 12.
Outdated Components: Dealing with the End of Life of IT Components
An "Outdated Component" is generally an IT component with an outdated software version or hardware without maintenance. In growing IT infrastructures, it represents a potential operating risk - and this no longer only includes risks based on security and compliance. The reliability and dependability of one's own systems can quickly be called into question in the absence of a modernization:
- In the event of a lack of maintenance in a malfunction, the manufacturer's support cannot be relied upon.
- This can delay the restoration of the service or, in the worst case, make it impossible.
- In addition, older systems are more likely to fail than new state-of-the-art systems based on the latest best practices. Small outages can certainly be tolerated - but the failure of entire SAP landscapes or other core systems over holidays, for example, cannot.
Risks Due to the End of Life of IT Components
Security risks
If any IT components whose end of life has been reached continue to be operated, this leads to a risk for security of the systems: Corresponding security patches are no longer provided by the supplier for unsupported versions. In particular, already known vulnerabilities cause security incidents: for example, in about 99% of all cases, companies already know about a risk more than 12 months before they become the target of cyber attacks.
The connection with outdated components is also well known: According to studies, small and medium-sized enterprises (SMEs) in particular have lower IT security and a significantly higher proportion of outdated components. This is often not due to a lack of expertise in investing in new IT infrastructure, but because companies do not have the budget or believe they are not a target for attack. However, the cloud is now democratizing IT security tools and services, so that SMEs can also use highly modern IT infrastructures that were previously the preserve of DAX-listed companies.
An end of life of IT components can also threaten the information security of a company: The GDPR, which has been in force in the European area since 2018, changes the way user data is collected, used, stored, processed and deleted. Upgrading the IT infrastructure can help ensure that new laws can be fully complied with.
Investment risks
As Jon Wrennal, CTO of Fujitsu UK and Ireland described: "IT is like a car. No matter which way you use it, it has a cost. It will never be cost-free; it has to be taken care of. At anypoint in time it will break down or get damaged.The most effective and efficient ownership model depends on what you need it for, how you plan to use it, and what you actually plan to do with it."
The transformation of the existing IT infrastructure is complex, expensive and associated with downtime. However, experience shows that maintenance and repair of legacy systems are much more costly, as well as depriving the IT organization of the opportunity to focus on innovative topics. In the process companies incur opportunity costs that can far exceed the price of an upgrade
This can stall the realization of new business models: Because before investing in new technologies, it is first necessary to ensure that the back-end IT infrastructure is capable of supporting the emerging requirements. The technologies that are designed to improve the customer experience, drive revenue and increase efficiency cannot do their job if they are not supported by the right network and data center investments. It takes robust networking, compute and storage solutions to achieve these successes.
Personnel risks
The maintenance and smooth operation of legacy applications usually require special expertise. If these skills are not available or the person with the skills leaves the company, there is a high risk for ongoing IT operations. In this respect, most companies are keen to retain skilled personnel. This applies, for example, to the still widespread COBOL systems in the banking industry or several legacy mainframe systems in the telecommunications sector. In addition, outdated technology stacks are often not attractive to junior IT staff. So they will not close emerging gaps.
Opportunities from the End of Life of IT Components
System components with outdated software or hardware without maintenance represent a significant operating risk in growing IT infrastructures: For example, in the absence of maintenance, there is no longer manufacturer support in the event of a malfunction. The reliability of IT systems also decreases, which reduces innovation. And finally, significant security risks arise because the necessary system patches are not available. Business continuity management requires companies to find a smart way of dealing with the end-of-life of IT components. The use of the latest cloud technologies can make IT infrastructure management much easier.
The basic options for dealing with the end of life of IT components are demonstrated by the example of the PostgreSQL 9.6 database:
1️⃣ Upgrade without changing technology:
Invest in your existing on-premises IT infrastructure and perform necessary upgrades.
2️⃣ Upgrade with Technology Change:
View Outdated Components as an opportunity to migrate your servers, applications, and workloads to the cloud without significantly changing the application and underlying infrastructure.
When upgrading, regardless of the scenario, keep in mind that a major version change usually changes the internal format of system tables and data files. These changes are often complex. So backward compatibility of all stored data often cannot be maintained. Major upgrades regularly require a dump/reload of the database. Although upgrading one major version to another is possible without upgrading the intervening versions, it is recommended to carefully evaluate the release notes of all intervening major versions to see if they impact the application. Thus, upgrading a major version is fundamentally riskier than upgrading an intermediate version, resulting in both planning, testing, and execution being more costly.
3️⃣ Upgrade with a complete modernization of the application architecture:
See Outdated Components as an opportunity to modernize your servers, applications, and workloads from the ground up with cloud services. With this transition to the cloud, you will save IT costs and benefit from the growing efficiency of your applications and processes.