Risk Management Series - Part 1: Proactive Technology Risk Management

Posted by Laura Mauersberger on September 18, 2017


As innovation drives the market, new technologies are being invented, while existing technology is being improved upon every day. Regular and frequent software updates re-engage existing users, fixes any bugs or issues, and patches problems before hackers can exploit them. Unfortunately, many companies do not know the true lifecycle of their supporting technologies and fail to process updates which leads to a great risk.

Development companies can choose to stop updating or supporting old versions of their software, which is also considered obsolete technology. Running a software that goes unsupported, or is close to the end of its useful lifecycle is dangerous as it leaves your company exposed to cyber threats, system failure, increased costs, and future planning limitations.

Obsolescence risk is a factor for all companies to some degree. What is the risk associated with running obsolete technology? This risk occurs when a process or product used by a company runs the risk of becoming obsolete and will not be competitive in the market any longer. Technology related companies are especially prone to obsolescence risk and their revenues can be significantly affected if this occurs.

Most companies are much better at introducing new technologies they are at retiring them. As medium to large-sized enterprises generally operate an increasingly complex assortment of technology, the rippling effects of upgrading to newer software and hardware can be quite immense - and often seem to come at a surprise.


It is very costly to run unsupported technology. Companies today rely heavily on technology to provide their services and keep their operations running. The damages resulting from IT outages can be staggering.

Costs of Outages and Downtimes:

In case of a data breach, costs are much higher: An IBM study shows that the average cost of a single data breach amounts to 3.62 million USD.

Consider the following situations: The website of a large online retailer is down for a few hours. The booking system of an airline is unavailable for a week. The core payment processing system of a financial provider fails in a whole country. All that happened to famous companies, namely Amazon, Virgin Blue, and Visa. In 2013, Amazon had an outage and lost $66,240 per minute. These situations amounted to losses of millions of dollars, and cost many people their jobs.

Value and risk during the technology lifecycle

Legacy applications and their supporting infrastructure can pose a major risk to enterprises. Across the lifecycle of hard or software, business value and risk will generally behave contrary to each other. In the early stages, when technology is untested, and high effort for deployment occurs, the business value is low and uncertainty is high. Once the technology becomes active, the value increases and risk goes down. At the end-of-life of a technology product, IT management has to deal with challenges such as integration issues, limited functionality, low service levels, lack of available skills, and missing support from vendors. Experience shows, that executives are quite good at managing the risk at the early stage – at least problems here are not going to surprise most managers – but that they tend to underestimate or ignore the risks of end-of-life technology.

Screen Shot 2017-09-06 at 15.16.51-1.png

Navigating the enterprise technology data jungle

Up-to-date technology product information is a key input for Enterprise Architects to assess the risk of their application landscapes and to plan, manage and retire technology components in a smart way. Modern Enterprise Architecture platforms provide all the necessary information with a smart inventory and interactive reports. Still, the sheer amount of technology related information, including versions and lifecycles, make it a challenge to stay ahead of the ongoing changes.

The 20 largest technology vendors alone provide over a million different technology products and these products change daily. New versions need to be tracked, and lifecycle information needs to be constantly updated.

Screen Shot 2017-09-18 at 14.36.36-1.png

LeanIX dashboard showing which applications are at risk due to lifecycle. 

LeanIX has teamed up with the creators of Technopedia, the most complete and authoritative enterprise IT database worldwide to provide relevant, up-to-date market content that enables top management to data-driven decisions. With over 2,000 updates daily, Technopedia provides key product information and intelligence for several initiatives including IT lifecycle management, asset management, audits, IT planning, pricing, Windows migrations, and virtualization.

Technology risk management is a broad, complex topic that can’t be solved by IT leaders alone. Companies that have successfully switched to a proactive mode of addressing this challenge, rely on an approach and systems that allow them to evaluate technology lifecycle information in the context of business impact. Schedule a demo with our sales team to create a proactive plan of action for risk management in your enterprise.

Schedule a demo