In our fast-paced technological world, innovation is the lifeblood of corporations striving to stay competitive and relevant. However, a hidden menace to innovation often lurks within corporate IT infrastructures: end-of-life technology. The term "end-of-life" (or “EOL”) refers to the phase when a technology, app, or product is no longer supported by its manufacturer or vendor and cannot be easily upgraded. That makes it increasingly susceptible to security vulnerabilities over time and a key source of operational inefficiencies and overhead costs.
Corporations know they have a problem with EOL technology but do not grasp all its dimensions or effects. Too often, leaders will skip a technology upgrade or migration to the cloud unless it will directly save them money. But obsolete technology will eat away at the foundations of their business by undermining their operations, their products, their workforce, and their security. In this article, we explain the specific ways EOL technology hampers innovation and outline steps to address them.
Four end-of-life technology risks and challenges
1. Increasing EOL cybersecurity risks
One of the most pressing issues with EOL technology is the increased security risk it poses. Because these technologies no longer receive regular updates and patches, they become vulnerable to various cyber threats. Hackers actively seek out these weak points, using them to gain unauthorized access to systems, steal data, or disrupt operations. In just one recent instance, in December 2023 the US Cybersecurity and Infrastructure Security Agency announced that at least two public-facing servers at a federal agency had been breached through an end-of-life Adobe tool. The hackers exploited a known vulnerability to install malware artifacts, collect user information, and conduct reconnaissance on the network.
EOL applications also must often run on deprecated operating systems, doubling the security risks by allowing attackers to target both the application and the underlying operating system and servers. For example, the infamous 2017 WannaCry ransomware attack propagated by leveraging a vulnerable communication protocol on end-of-life Windows operating systems that could not be patched but were still in wide use. Ultimately, the attack spread to 300,000 machines in 150 countries, causing an estimated $4 billion in losses globally. Troublingly, hospitals were particularly hard hit, leading to thousands of canceled appointments and putting patients' health at risk.
2. Maintenance of outdated technology is taking more of the budget
Maintaining and repairing end-of-life technology can be expensive. With a lack of manufacturer support, companies often need to invest more in specialized IT staff, third-party support, and expensive spare parts to keep these systems running. According to Oliver Wyman’s research firm Celent, banking institutions across the globe spend a majority of their IT budget on maintaining systems. In the public sector, a study by the US Government Accountability Office found that federal agencies spend $337 million annually to maintain just the 10 critical legacy systems most in need of modernization.
What’s more, the longer corporations cling to outdated technology, the more costly it becomes to operate newer systems. In consumer financial services, for example, the cost of maintaining legacy payments technology is expected to grow 7.8% annually, according to market research firm IDC. For most banks, that would be faster than the growth of their overall IT budget. Companies that wait too long to migrate their systems may also find the process to be more expensive than they anticipated due to the yawning chasm in standards, protocols, and formats between old systems and new.
The opportunity costs of not making this transition are significant, too — a key factor overlooked when corporations try to compare the cost of upgrading to newer technology with maintaining the old. First, the resources that companies devote to maintaining obsolete technology would be better allocated to innovation and the development of new technology solutions. Second, businesses cannot pursue those innovations without transitioning away from their legacy systems.
3. Outdated operating systems are less efficient and fragile
EOL technology is a productivity bottleneck. Outdated systems often lack the features and capabilities of newer technologies, making day-to-day operations less efficient. Employees may need to spend extra time on manual tasks, workarounds, or dealing with system glitches, slowing down processes and causing frustration. The Government Accountability Office study cited above found that outdated federal systems often run on legacy programming languages like COBOL and MUMPS that fewer engineers today work with. In the worst-case scenarios, IT staff may not be able to understand such outdated systems at all. Consequently, business continuity is jeopardized.
Using end-of-life technology also can lead to compatibility issues with other organizations and their systems, hampering communication. For example, sending documents in outdated file formats can lead to errors and delays. Moreover, as the world moves toward greater interoperability and standardization, businesses relying on obsolete technology may find themselves increasingly isolated. Newer technologies may not support the outdated formats or protocols of those systems. And data stored in obsolete formats may simply become inaccessible, creating operational and legal risks.
4. Employee and customer frustration due to lack of tech solutions
The brightest talents in the technology field are drawn to companies that embrace cutting-edge solutions and foster an environment of continuous learning. Businesses that persistently rely on EOL technology, then, may find it difficult to attract and retain top talent, stifling innovation. This creates further challenges when the employees who know the outdated technologies retire, leaving no one who has the expertise to provide support. Non-technical staff, too, want to work in an environment where they are empowered with the latest technology.
For their part, consumers are keenly interested in the technology on which a company’s products and customer relationships rely. According to a 2023 Salesforce survey, 81% of consumers expect customer service to keep pace with the speed of technology’s advancement. A particular concern is that obsolete tech can compromise personal data. Microsoft research found that 91% of consumers would stop doing business with a company because of its outdated technology — not just because newer products are available, but also because of security and privacy concerns.
Five strategic moves to overcome EOL technology issues
For businesses to stay relevant in a digital world, passively tracking end-of-life technology and adding controls to slow, risky processes is insufficient. Below we have outlined five steps to address end-of-life technology as the key strategic issue it is.
1. Conduct a comprehensive technology audit
The first step in addressing EOL technology is to understand the scope of the problem. Companies should conduct a thorough technology audit to identify all instances of outdated and unsupported technology within their infrastructure. This audit should encompass hardware, software, and any other technology-related assets and consider the full cost and implications of retaining these platforms — not just the narrow technical operational cost of running them day-to-day — when deciding whether to modernize. By gaining a clear picture of the extent of the problem, the business can prioritize which systems to address first, considering factors like security risks, operational inefficiencies, and strategic importance.
2. Create a clear and actionable technology roadmap
Once the audit is complete, the company should create a roadmap that outlines the plan for modernizing its technology stack. The roadmap should include the following components:
- A timeline for retiring end-of-life technolog
- An evaluation of security and resiliency risks, identifying gaps and vulnerabilities
- A definition of the future-state technology stack and how it will support the corporation’s long-term goals
- A budget for the associated technology change
3. Allocate and sustain sufficient technology resources
Investing in technology is not just a financial commitment; it also requires dedicated human resources and stakeholder management including:
- A workforce strategy that encompasses resourcing, training, and change management, including hiring or training IT staff
- Support from executive leadership to ensure that the necessary resources are available for a successful modernization and IT transformation
4. Prioritize cybersecurity to mitigate risks
For a new technology to be worth the investment, the company must ensure that it mitigates the risks of the EOL technology it’s replacing and be aware of any new risks it introduces. To do so, it’s necessary to conduct regular security assessments as the technology stack changes and invest in up-to-date security solutions and practices.
5. Foster a culture of tech innovation
Technology modernization should not be considered successful because the lights stay on and nobody notices the switchover. Rather, the organization should call attention to the new capabilities and position itself to take advantage of them through these steps:
- Revisiting its innovation strategy in light of reduced friction and new capabilities
- Establishing a communication plan to ensure all stakeholders understand the improvements enabled by the technology modernization, and to allow employees to share their insights and concerns
- Providing employees with the tools and training necessary to leverage new technology for innovative purposes
By the time the issues caused by EOL technology reach crisis level, a company may have missed out on years of innovation. As a result, it also likely will have lost ground to nimble competitors. Across industries, companies must adopt a more strategic mindset to phase out EOL technology, modernize, and reap the benefits.
Additional contributor: Scott Bartley, senior research analyst