Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • The Security Leadership Issue
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

Modernizing your legacy ecosystem: Determining risks and readiness

By Sashank Purighalla
cyber hack
March 19, 2021

It’s simple: If you are using a legacy ecosystem, your compliance is at risk. The fact that your security hasn’t yet been compromised is no evidence of your safety; it really is a case of it being quiet, too quiet. When it comes to security breaches, it’s not a question of if, but when. Whether your household or institutional architecture, the full value of security is only appreciated after disaster has already struck.

Experian for example is doomed to forever be associated with the security breach in 2015 when 15 million of their customers’ private information was exposed. And who could forget the Adult Friend Finder breach in 2016 where up to 400 million logins on the "sex and swingers" hook-up site were leaked - sensitive data indeed. 

While the Covid-19 pandemic has helped many to reflect and consider their neighbors before themselves, hackers have gone the other way. Their activity has ramped up through the pandemic: In May the FBI reported a 300% increase in reported cybercrimes. Any security breach could be costly, and even an existential threat to an organization. IBM Security’s Cost of a Data Breach Report 2020 put the average cost of a security breach at $8.64 million. 

Complacency around the issue of security is the biggest danger. If organizations can correct that complacency, and avoid their inclination toward being comfort-blind, they will minimize the risk and impact of breaches. In the fullness of time, cyberattacks are inevitable. The flood is coming, and those that are best prepared for it will survive and thrive.  

 

The Warning Signs

There is an inherent risk in the way an organizational psyche operates. A belief persists that if an individual is appointed responsible for the active development and active maintenance of security, then it’s taken care of in its totality. This allows an organization's leaders to think they have fulfilled their responsibilities and done all that's needed, but does little to prevent a breach from occurring.  

Organizations are also endangered by their natural conservatism. The perception is: “if it isn’t broken, don’t fix it.” That tendency is like the innovator's dilemma, where companies stop innovating to serve their customers today, only to realize that their offering is outdated when it’s already too late. The perceived risk of maintaining the status quo is always considered lower than the perceived risk of changing; but that’s a false perception, which definitely does not apply to security. The ecosystem must be secured on solid foundations, with a watertight architecture. If security doesn't start with architecture, the organization is already at risk.

Another pitfall is a misplaced feeling of progress with regards to security. The false sense of safety that results from incremental changes, like improving efficiency through introducing DevOps, can allow decision makers to comfort themselves with a superficial impression of progress in their overall software development. This is dangerous thinking:  security is a binary. If the system can be breached, efficiency, while it may look pretty, is a worthless measure. 

A final issue is related to organizational communication. There is a disconnect between where policies are framed, how security is enforced, and where it is audited. While security officers are responsible for ensuring the integrity of the platforms, they are not the ones charged with developing the solution to protect it. That is left for developers, who are often trained to look for single solutions to single problems. This creates a patchwork that leaves organizations exposed, with patchwork fixes ill equipped to provide the necessary protective shield around the institutional architecture. 

 

Monolithic to Modern

It is a logical certainty that every system is less secure today than it was yesterday, and it will be more susceptible to a breach tomorrow than it is today, simply due to the rate of technological development.

Organizations and many experts are often enamored with the shiny, single purpose tools they use to patch problems. Ultimately, this just means they continue to be dependent on the legacy architecture they are most familiar with. That familiarity creates trust, but doesn’t account for the rate of technological development, which makes them increasingly outdated. 

It is possible to transfer to a watertight architecture, and away from an outdated legacy system. The majority of the data transfer can be achieved through automation, where it is filtered and sorted into a new architectural environment; ideally to a Microservices architecture with DevSecOps. 

While automation can be used in that initial transfer, it also ensures the system maintains itself in the future. Automation allows your ecosystem to be set up in a standardized way across products, meaning they are integrated by design and don't require any costly, time intensive retrofitting. It also enables multi-tenancy and spinning up a new tenant with data isolation as a simple configuration, so your software enables your business growth. Other processes like auto-scaling, alerting and monitoring, build logs, and exception logs can also be automated - in fact, they should be.

Modernization is the only way to ensure an organization's architectural security, and therefore its business security, with a breach potentially threatening its very existence. When that breach happens, it will already be too late to act, so organizations must act with urgency, and think beyond the immediate. That’s the only way to avoid an almost inevitable disaster. 

When the flood comes, organizations will only survive if they prepare for the worst case scenario. Modernizing an ecosystem is a recognition of the precarious nature of an interconnected technological world. To do so is to prepare for the flood, as Noah did in the Old Testament. Organizations need to make sure they don’t end up as the other guy; the one who thought a wooden arc was too expensive and took too long to build. No price can be put on survival, and a watertight architecture is likewise invaluable.

KEYWORDS: compliance cyber security incident response risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Sashank bio

Sashank Purighalla is Founder/CEO at BOS Framework.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Columns
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security camera

40,000 IoT Security Cameras Are Exposed Online

Fountain pen

Trump Administration Executive Order Changes Cybersecurity Policy

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • data intelligence

    Why modernizing your mainframe is essential for enterprise security

    See More
  • report_enews

    How to Evaluate Your Choices for Legacy Systems

    See More
  • Old PC

    3 Things to Understand About Legacy Hardware Systems to Protect Your Data

    See More

Related Products

See More Products
  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

  • 1119490936.jpg

    Solving Cyber Risk: Protecting Your Company and Society

  • databasehacker

    The Database Hacker's Handboo

See More Products

Events

View AllSubmit An Event
  • April 16, 2025

    Modernizing GSOC Operations: Ensuring Full Control and Complete Situational Awareness

    ON DEMAND: For many organizations, physical security management can be a daunting task. Threats are on the rise and risks are becoming increasingly diverse. 
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!