Skip to content

Keep, Repurpose or Eliminate: Why Finserv Firms Must Get a Handle on Technical Debt

Better endpoint visibility and control will become critical to these efforts

How-to

Technical debt is often viewed as the price we pay for progress. In financial services (Finserv), as in many sectors, the goal is an agile cloud-centric future. But as they journey away from a monolithic mainframe past through distributed systems, virtual systems and more, tech debt has been piling up. Finserv IT leaders are facing an unpalatable truth: technical debt is restricting their capacity to innovate. In fact, 10-20% of tech budgets dedicated to new products are being diverted to resolving technical debt, according to McKinsey.

To address this, financial services institutions (FSIs) will need to identify which debts should be paid off first, which can be tolerated for a while longer, and which must be refinanced. From an IT operations perspective, that means working out which platforms, systems and applications to keep, repurpose or eliminate. Visibility and control over the endpoint estate will be a critical first step in this process.

Where is tech debt most pronounced?

CIOs estimate that technical debt amounts to 20-40% of the value of their entire technology estate before depreciation. It’s manifest across the board in:

Bloated SaaS spending as the result of a desire to enhance customer experience. Many of these investments will become dormant or redundant.

Back-end neglect in the form of historical server, data center and workstation purchases, and investments in software development.

Poor visibility into the rapidly expanding IT estate — a problem that will only grow as FSIs migrate more services to the cloud. If businesses pay for services they can’t see, it becomes a technical debt challenge that could foment compliance and cyber risk.

Dated, degraded and disrupted endpoint data means no single source of truth for siloed teams to work from. This is a particularly acute problem for FSIs, as they separate reporting functions by audit and compliance silos, making holistic decision-making more challenging.

Building a debt-reduction plan

To effectively manage technical debt without disrupting daily operations or negatively impacting IT modernization programs, FSIs need a plan. Here are a few considerations to kick things off:

  • Audit what you have and set relevant milestones based on your specific requirements for reducing technical debt.
  • Track and manage everything that traverses the network using asset discovery and endpoint management tools. This will help identify the misconfigured servers, poorly integrated apps, unpatched endpoints and unused licenses that signify technical debt.
  • Decide which assets to keep, repurpose or eliminate. These are either redundant endpoint assets that haven’t been decommissioned or patched or those that have previously been hidden, such as underutilized or unused licenses.
  • Take it slow. Tech debt accumulates over a long period of time and can’t be wiped out in one “Big Bang.” Take a more realistic, staged approach that will appeal to the board’s longer-term appetite for reducing costs and risk and boosting productivity, competitiveness and revenues.

Technical debt is ultimately an accumulation of technologies that the organization is unable to effectively track, manage and secure. Get this part right, and it will help FSIs better manage compliance, M&A, and cyber risk and release funding for IT modernization.

As the place where business happens in the modern enterprise, the endpoint is critical to these plans. Gain visibility and control over these assets to stand the best chance of reducing technical debt over the long term.


To learn more, check out our financial services guide to managing down technical debt.

Tim Morris

Tim Morris is a Technology Strategist at Tanium. An expert in cyber threat engineering, he builds teams and programs that solve security problems and streamline operations.

Tanium Subscription Center

Get Tanium digests straight to your inbox, including the latest thought leadership, industry news and best practices for IT security and operations.

SUBSCRIBE NOW