The millions of sites and applications in today’s digital world are open doors for bad actors, ready to pounce on the first mistake, the first misstep. The easiest target? A company/person that uses outdated software and technology. We’ve spoken previously in
this blog about the importance of vulnerability management and maintaining a current and accurate asset inventory. In this post in recognition of Cybersecurity Awareness Month, we’ll take a step back and examine auditing and modernizing your tech stack.
No matter how tech savvy your end users are (or aren't), auditing and modernizing your tech stack ensures all software and devices within your network are updated and that you have the proper tools in place to protect your business, as allowing your employees to use outdated resources leads to demonstrably increased cyber risk. As software and devices age, so does the effectiveness of its security. A good analogy in the physical world would be continuing to rely on hook and eye latches when we’ve advanced to magnetic locks and biometric access scanning. Your customers and your business are the crown jewels; protecting them with the most up-to-date technology only makes sense.
To simplify how we’re looking at this, we’ll break it down into three main goals: 1) mitigating cybersecurity risk, 2) eliminating technology debt, and 3) unifying and cataloging your technology infrastructure. Let’s dig in on each of these.
Mitigating cybersecurity risk
The most important motivation for updating your tech stack is mitigating cybersecurity risk. This includes protecting yourself against malicious actors by leveraging up-to-date software versions and current tools, enhancing your resiliency with an updated cloud-based or hybrid infrastructure, and conducting a gap analysis of your current controls against the cyber threat environment in order to fill identified gaps. Being able to quickly understand the vulnerabilities impacting you and the tactics, techniques, and procedures that may be effective against your current defenses can allow you to act quickly to protect your customers, your data, and your company when a new threat arises.
Eliminating technical debt
Technical debt is inevitable. Hardware and software age, quick fixes are sometimes needed, and code evolves. If not regularly addressed, technical debt may create inefficiencies and introduce risk. A
2021 study from Outsystems found that businesses dedicate 28% of their IT budget to addressing technical debt. The number grew to 40% for large enterprises. A measured approach to modernizing your tech stack offers companies the opportunity to “push the reset button” - to some degree - on this tech debt. While there is an inherent cost in updating code or replacing and learning new tools or systems, there are long-term enhancements to efficiency and security. A
2018 study from Stripe found that engineers dedicate an average of 33% of their time addressing tech debt. Updating your tech stack can help free up that time and allow your team to focus on process improvements and security enhancements.
Unifying and cataloging your technology infrastructure
As mentioned above, we’ve written previously about the important of technology asset management. Shadow IT presents a number of threats - you can’t protect what you don’t know you have, and you can’t update technology you don’t even know is in your infrastructure. Auditing your tech stack as part of the effort to modernize it affords the opportunity to create and/or update a “single source of truth” for your technology assets. This is valuable for incident response and critical patching for a new zero-day under active exploitation. Having a documented and trusted repository that creates a common operating picture for your business may assist you to act quickly, decisively, and accurately in a crisis situation. Further, updating your tech stack affords the opportunity to reexamine your software and tools to ensure they work together as closely as possible to improve security and enhance efficiency.
Google Cloud's August 2023 Threat Horizons report found that over half of the incidents its response teams handled involved compromised credentials as a factor, and it recommended stronger identity management guardrails. Auditing and updating your tech stack provides companies the opportunity to implement the most up-to-date access management technology and redefine and enforce their access requirements. It's critical to combat the ongoing credential crisis by providing users modern security tools, such as password managers, that enable them to safely create, manage, store and share sensitive data and take advantage of the latest updates, like going passwordless to reduce employee friction when it comes to password hygiene.
