29 July 2018

Old is Good, Unless You are a Computer System

Old is, by itself, I am happy to say, not bad. And the process of getting older is also not by too bad either. We build up knowledge and understanding, and sometimes we see wisdom in some (older) friends. But “old” is not good in computer systems. That accumulated “knowledge” is actually decades of bugs and bug fixes, new functionality that does not always work with the old, and ancient security holes that either have never been found, or have been too difficult to fix without breaking the rest of the system.

New-build systems, while potentially having a limited functionality set, are easier to manager, faster to build, scale more easily, and consume fewer resources to run and maintain. The “systems shop” full of geeks is a thing of the past, unless you are running a large legacy system.

Agility in the face of threats and opportunities is magnified in newer systems, while legacy systems can be overwhelmed in the face of new threats.

This does not meant to settle the Buy-vs-Build argument, but it does argue for the replacement of legacy systems with newer systems built with current technology and for modern infrastructure. After all, who speaks COBAL any longer?

On example of how to overwhelm a legacy system; regulatory reporting. FATCA created a nightmare for financial institutions having to deal with new fields and new reporting requirements. Older systems required new code, new reporting systems build or new extracts to feed reporting platforms. Meanwhile, newer systems, built with regulatory reporting as a core design requirement, found the delivery of FATCA reporting much easier. 

Newer financial institutions and those with newer systems may still refuse to open accounts for US citizens, but that is being driven by an expectation of future US Legal Imperialism.

But these new systems are able to support CRS, the “rest of the world’s” response to FATCA. Pity that the US of Amerika refuses to engage with the rest of the world and implement CRS (Common Reporting Standard). Even countries like Panama are implementing CRS, and computer systems are having to cope with the new regulatory reporting requirements.

I enjoy being older. I’m smarter, I think more deeply, and my opinions are based on decades of experience and knowledge. At least, I flatter myself with these thoughts, even though I may be hard-pressed to find much support for those assertions. But I do envy the young. I cannot run as fast any longer, or run at all for that matter. I’m not as agile, and new music simply baffles me. 

Another area where younger seems to have an advantage is in fraud and cyber-security. I’m back to talking about computer application and banking systems of course.
Remember the good old days when a dial-up network with a 48kb connection was enough? Back in those days, hacking was a different scale, and individual hackers were or became known to officials. They weren’t always caught. But sometimes that special person like Clifford Stoll will "stalk the wily hacker", ultimately leading to an arrest.

From "Stalking the Wily Hacker", Clifford Stoll, 1988

Today stalking the wily hacker is almost impossible, and the number of vectors continues to increase exponentially. Building information security in from the beginning is key to a successful financial systems application. I do not know what application Monzo, the UK challenger bank, but they certainly are talking about their agility in the face of cyber-attacks and fraud. Imagine with old systems being able to respond to apparent fraudulent activity within four hours.

“Within four-and-a-half hours, the team rolled out updates to our fraud systems to block suspicious transactions on other customers’ cards. That evening, we reached out to other banks and the US Secret Service (which is responsible for credit card fraud in the US) to ask if they had seen anything similar. At the time, they hadn’t.” Try doing that with a legacy system.

Yet for all that, and perhaps as a victim of the “Sunk Cost Fallacy”. I happily will continue to hold this particular legacy system (myself) dear and will continue to attempt upgrades.

No comments:

Post a Comment