|Read the Digest in
You need the free
In this issue:
Browse through our useful links.
See our article archive for complete articles.
Sign up for your free subscription.
Visit our Continuous Availability Forum.
Check out our seminars.
Check out our writing services.
Check out our consulting services.
The Blight of Legacy Systems
In this issue’s article on the Royal Bank of Scotland, we highlight the challenge of running an enterprise on legacy systems. Industries ranging from financial institutions to healthcare and retail still depend on legacy systems to run their businesses.
A system isn’t legacy because of the hardware on which it is running. It is the applications that are the legacy challenge. The challenge is change. It is extremely difficult – and expensive – to upgrade these systems to meet new services demanded by a company’s users.
Legacy systems were built decades ago. The skill sets needed for the languages used to implement the applications - COBOL, PL/1, FORTRAN - are difficult to come by. The developers of the applications are long gone.
Legacy languages are not self-documenting as are modern-day languages such as Java and C++. From my own experience in developing systems in the 70s and 80s, I know that programmers back then hated to document. In fact, I was the documenter for many of the systems I developed for my customers.
With the lack of skill sets and good documentation, no wonder these systems are not maintainable. But until the cost of depending upon them exceeds the cost of rewriting them, we will be saddled with legacy systems for a long time to come.
If you would like help in documenting your applications so that they will be maintainable in the future, give us a call. We have a lot of experience.
Dr. Bill Highleyman, Managing Editor
The Royal Bank of Scotland (RBS) and its associated banks, NatWest and Ulster Bank, have a sorry record for customer service. Over the last three and a half years alone, the banks have suffered a half dozen outages, each depriving the banks’ customers online access to their accounts, the use of their payment cards, and the immobilization of their mobile applications.
RBS’ problems are not unique to them. Many banks throughout the world face the same issues. Established banks built their banking IT systems decades ago. They were implemented by a myriad of different software teams writing in different languages on different machines in different locations. The developers moved on. Documentation was either lost or was nonexistent. As a result, these old legacy systems defy maintenance.
Rewriting such applications will take years and cost millions of U.S. dollars (or British pounds, in the case of RBS). It is a problem faced by most established banks. However, the failure rate of the RBS systems makes it stand out as a primary example of the problems inherent in attempting to maintain old legacy banking systems.
If you are a datacenter manager, nothing can ruin your day faster than your data center falling victim to a flood. As impossible as this may sound to many of you because your data centers are located on high ground or high up in buildings, remember that many data centers position their backup generators and fuel pumps in the basements of buildings. Flooded fuel pumps and generators can have the same impact as flooded servers. Your IT services are unavailable to your users.
You may think that your data centers currently are safe where they are located. However, rising sea levels due to climate change will overtake many data centers in the next several decades. If your data center currently can be found in what may be a potentially impacted area, now is the time to start planning for such an eventuality. Do you move your data center to a safer geographical area? Do you harden it? Do you provide a safe, remote backup data center with tested failover procedures?
In this article, we look at some real-life datacenter floods. We review governmental studies that indicate that the probability of flooding will increase over the likely life of existing data centers. And we suggest some actions that you might want to consider to protect your data center if it does become a flooding victim.
Cyber security experts have been warning us for a long time that our critical infrastructures, including power grids, are susceptible to malicious hackers. A decade or so ago, the danger to infrastructures was not an issue; as there was no way for attackers to gain access to our industrial control systems. Back then, communication between control systems and the devices they controlled took place via dedicated communication channels such as landlines and microwave towers.
Today, control systems and the devices they manage are attached via the Internet, which provides much cheaper, much faster, and unfortunately much more open interconnectivity. This opens an ideal pathway for hackers to infiltrate systems and to do damage.
Can a critical-infrastructure hack really take place? A recent event proved the danger to be resoundingly real. In December 2015, thousands of Ukrainian homes lost power after the country’s electric grid was hacked. In the case of Ukraine as well as most other countries, power utilities still run on old designs, created long before cyber security was an issue. Now that control systems are more vulnerable, adding sufficient safety measures is of prime importance.
The theft of data from a company can have many consequences. Customers may leave and patronize other companies that they consider more secure. Government regulations may be violated. The data breach may inflict severe financial costs on the company.
The Ponemon Institute has released its tenth annual study on the cost of data breaches. The study was sponsored by IBM and covers data breaches that occurred in 2014. 350 companies that actually suffered a data breach of less than 100,000 records are included in the study (mega-breaches were not included in the study, as they tend to skew the results). The companies come from eleven countries.
The cost of data breaches continues to rise. The average total cost of a data breach increased to USD $3.79 million, up 23% since 2013. The average cost per breached record increased to USD $154, a 12% increase since 2013.
There is a growing concern among senior executives and boards of directors about the risks posed by data breaches and cyberattacks. Concerns include potential damage to a corporation’s reputation, class action lawsuits, and costly mitigation. As a consequence, executives are paying greater attention to the security practices of their corporations in order to thwart data breaches.
A challenge every issue for the Availability Digest is to determine which of the many availability topics out there win coveted status as Digest articles. We always regret not focusing our attention on the topics we bypass.
Now with our Twitter presence, we don’t have to feel guilty. This article highlights some of the @availabilitydig tweets that made headlines in recent days.
Sign up for your free subscription at http://www.availabilitydigest.com/signups.htm
Would You Like to Sign Up for the Free Digest by Fax?
Simply print out the following form, fill it in, and fax it to:
+1 908 459 5543
The Availability Digest is published monthly. It may be distributed freely. Please pass it on to an associate.
Managing Editor - Dr. Bill Highleyman email@example.com.
© 2016 Sombers Associates, Inc., and W. H. Highleyman