With the “stability first” mindset, traditional IT teams have taken the approach of reducing software and system churn to avoid the risk of system downtime. As a result, they end up holding onto their old systems for much longer than they should. They simply do not have the resources to devote to upgrading their applications. Manual testing and server migration are resource-heavy projects that budgets just do not allow for in many cases.
So, they hang onto outdated software and systems that put their companies at risk. Take, for example, Windows 2003, whose lifecycle was ended by Microsoft in 2015. It has not been supported for several years. Without support, that operating system is no longer updated with security patches meant to seal up vulnerabilities. Yet, there are still more than 120,000 servers running Windows Server 2003!
That is a huge risk, but the “stability first” mindset is to keep systems up and running and never risk going offline. For companies who depend on a constant stream of online revenue, even a minute of downtime can result in unacceptable cash losses. For example, if TurboTax cannot process tax returns, customers will likely turn to a competitor like TaxAct or H&R Block before they wait around for the system to go back up. That is a big loss of revenue for Intuit, the parent company of TurboTax.
But sacrificing security patches for consistent uptime is not a sacrifice that has to be made. When a DevOps mentality is in place, many of the vulnerabilities can be eliminated with automation.