Technical Debt is Piling Up, and Cybersecurity is Paying the Bill

Maxime Lamothe-Brassard, the Founder of LimaCharlie, explains how digging a hole of technical debt leads to less efficient incident response and bigger headaches for IT and security teams. This article originally appeared in Insight Jam, an enterprise IT community that enables human conversation on AI.

New IT tools are constantly released and updated with the promise of delivering improved efficiency and solving operational challenges. It can be hard for the C-suite to put down the credit card and take the time to assess the state of their tech stack. But buying new solutions doesn’t necessarily equal a net positive result. The constant addition of new tools and the incomplete sunsetting of old ones leave a trail of technical debt that creates headaches for IT infrastructure and operations teams.

This habit of buying based on immediate needs has led to technical debt becoming one of the top challenges for IT infrastructure and operations teams. The effects go beyond slowing down IT teams and impacting the critical services they provide to run the business–cybersecurity teams also have a stake as they struggle with legacy systems that, simply put, aren’t meant to work together and slow down incident response.

Loan Origination: Technical Debt’s Root

Technical debt can result from a number of different factors. Maybe IT needed a quick fix to keep a critical function running. Maybe the C-Suite cut IT budgets and told them to do more with less. Maybe IT teams are just short-handed, so they have no choice but to turn to cheap, quick, short-term solutions. What we see most often, though, is technical debt as a result of solution bloat and infrastructure entropy.

In these situations, organizations buy new products that were cutting-edge at one point, but over the years, they become clutter. These solutions often fade from memory without being retired due to lengthy contracts and vendor lock-in. It’s so easy to set up new infrastructure in the cloud age (which is another great benefit of modern IT), but it also leads to forgotten infrastructure being left in place.

Security Teams Are Overleveraged with Technical Debt

Technical debt is not just an IT issue–it’s also where many breakdowns in defense-in-depth happen. That leftover, forgotten cloud infrastructure is just another attack vector for a hacker to exploit. As organizations cobble together disparate point solutions and quick fixes for out-of-date technology, small issues and gaps along the tech stack begin to show. This infrastructure entropy combines with yet another type of technical debt–detection engineering debt.

With detection engineering debt, detections become less reliable over time. You see evidence of it happening when a previously successful detect and respond (DNR) program becomes less effective as the infrastructure changes. Adding to changing infrastructure, senior cybersecurity leaders are reporting a 20 percent turnover rate. As detection engineers leave a company, they take their institutional knowledge with them but leave their toolkit behind.

Newly hired team members must spend time (and, by extension, your organization’s money) learning new systems and familiarizing themselves with the infrastructure. They will want to use their own detection tools along with a few you have in place, but the unused solutions will become technical debt.

As your security team streamlines its incident response and remediation processes, technical debt will be a roadblock that must be overcome. This holds true for every department in your organization wrestling with technology that has not grown with your business. Yet, the ill effects of technical debt are particularly visible during a cyber-attack, when your teams will need maximum agility to minimize the negative consequences of a breach. Technical debt slows progress and creates downtime, and that translates into increased losses.

The Journey to Technical Debt Forgiveness

The key to reducing technical debt beyond brute-force efforts is scalability and integration. Technical debt builds quickly when your organization seeks quick solutions for immediate problems. Often, these solutions are adequate for the present but unable to scale with your organization’s growth. Soon, you find yourself with a stack of outmoded security tools that are sunk costs.

Building security upon a scalable cloud platform, as IT has been doing for years, allows you to manage technical debt quickly. The capabilities you no longer need can be spun down, and new ones added as needs arise. You can avoid contracts and long-term commitments that create technical debt by leaving unneeded technology in place for longer than necessary.

Cloud platforms can also provide API integrations with your existing security stack, allowing you to bring the tools you need into a more flexible environment. For example, if you’ve bought an endpoint detection and response (EDR) solution, you can integrate its telemetry with multiple other security tools through a SecOps Cloud Platform. This approach gives you the cloud-based scalability you need for the future without sacrificing the investment in your security stack today.

The first step on the path to technical debt forgiveness is retiring the tools that no longer serve your organization. The second is embracing the scalability in interoperability offered by the cloud.