11-07-2025
Exclusive: How legacy systems expose firms to security and cost risks
Legacy systems are dragging down the digital ambitions of modern enterprises, making them vulnerable to security threats and inflated costs, according to David Fairman, APAC Chief Security Officer at Netskope.
"A lot of it comes back to legacy architectures and the way that organisations have been built," Fairman told TechDay during a recent interview.
"Unless you're talking about truly cloud native, modern companies, many organisations in sectors like healthcare and financial services have significant investments in legacy technologies, and these simply haven't adapted to the realities of hybrid or distributed workforces."
The COVID-19 pandemic accelerated the shift to hybrid work, which in turn altered how and where data flows.
For businesses in tightly regulated industries, this shift has brought friction, as old systems struggle to keep pace with new operating models. "Those legacy architectures just haven't really adapted," he explained. "That causes a natural friction."
Crucially, Fairman believes the result is a stark trade-off: organisations must now choose between robust security and agile performance. "Maybe they start reducing their overall threat protection capabilities. More importantly, they lose visibility in that hybrid environment - knowing where data is traversing, who is using it, and whether it's being accessed by third parties," he warned.
This lack of visibility puts strain on security teams. "The ability for a security team to truly have the insights they need to make fast and efficient security decisions and responses is deteriorated."
Fairman also highlighted how fragmented infrastructure creates duplication, operational headaches, and rising costs. "We're trying to stitch together these disparate security capabilities that aren't integrated, that aren't a true platform solution," he said. "It creates complexity. Complexity creates cost, because now we've got multiple teams, multiple skill sets, multiple processes that we need to try and stitch together and make that work in unison. It's not efficient."
In contrast, modern infrastructure designed for the cloud era offers a clear path forward.
"The distributed workforce is the norm today. We need to think about how we build architectures or technology services that enable the flexibility that's demanded by that hybrid workforce," he said.
However, the complexity does not stop at technology. Regulations - especially around data sovereignty - add further complications for global firms.
"Different jurisdictions are driving a lot more complexity and expectation around data sovereignty, and that's very hard for a global organisation to try and work through," Fairman added.
To meet these challenges, Fairman advocates for radical simplification. "I believe that we can improve security by reducing complexity. Platform simplification and tech stack simplification has always been a mantra of how I've thought about building a security capability," he said.
A consolidated platform offers consistent enforcement of security policies and fewer opportunities for gaps or misalignment.
"If you have one security policy, one security engine, one inspection engine, one team, one set of skill sets… that simplicity allows you to minimise the gaps that you would have in a complex organisation," he explained.
By contrast, fragmented approaches only exacerbate inconsistency and cost. "You have an inconsistent application of a security policy. It becomes very costly and expensive because then you've got different teams trying to sync toolings and policy sets that don't quite match… that becomes somewhat opaque," he said.
The administrative overhead is considerable.
From managing multiple tools to the risk of key-person dependency, duplication affects both performance and resilience. But with consolidation, Fairman said, organisations benefit from "single processes, single skill sets and the ability to achieve multiple outcomes," such as compliance and adaptability.
Fairman also argued that regulatory pressure could be turned into an advantage with the right systems in place.
"If you have platforms that help you achieve [compliance] in a very clear and consistent manner, it reduces that burden and that overhead. It allows them to focus their attention where they need to focus, versus the regulatory drivers or the control drivers."
Security and network operations are also undergoing a merger of their own.
"The internet today is the network. We used to build networks; now it's the internet," Fairman said. This convergence, he believes, can help break down operational silos. "The consolidation has really driven a convergence of those network and security teams. It's broken down some barriers. It gives you a consistent view and helps organisations achieve their regulatory requirements in a consistent manner."
With security budgets under pressure, Fairman encourages IT leaders to think lean.
"How do I drive down cost? I do that by reducing some complexity," he said. But simplification isn't just technical - it requires operational reform too. "You can't run your organisation the way we used to run them yesterday; we need to transform our operating model, not just our technology. They go hand in glove."
Looking ahead, Fairman anticipates more upheaval in secure networking, driven by data growth and emerging technologies.
"AI is going to absolutely drive a wedge in how we're thinking about the world today," he said. "Data lineage and data control, data growth is going to expand exponentially… and of course, how can we forget post-quantum or quantum computing and the challenges that that's going to start to drive for us?"
