IT budgets are growing (cue massive sigh of relief by IT directors around the world). In fact, data from Gartner expects that they will increase by over 10% this year; great news for innovation, right?.
Wrong.
Increasingly, more money can result in more complexity, which can stifle innovation. The issue? A growing requirement to keep legacy tech running.
According to StatCounter and Lansweeper, more than half of all desktop and server environments worldwide continue to operate on unsupported operating systems. For organisations running these zombie systems, innovation budgets are lost to plastering over the cracks, whereby modern tech and security tools are being invested in with the sole purpose of protecting the ancient, crumbling foundations of 20-30 year old architectures.
This seems like a waste of budget to me, and with the UK’s Cyber Security and Resilience Bill on the horizon, it’s vital that organisations start to spend smarter, not just more, on managing infrastructures that don’t have a direct impact on business growth.
The hidden tax of legacy
Organisations are blind to this waste and continue to be held hostage by remaining tied to legacy hardware or software that lies within. In turn, their ransom comes in the form of:
● Inflated cyber insurance premiums
● Sizable compliance premiums
● Increasing time needed by the engineering team to carry out ongoing update patches
Added to this is that many simply don’t know how to manage legacy equipment. For too long, we have worried ourselves with a tech skills gap resulting from new technology coming to the market, and teams struggling to keep up with it.
However, we will all have likely seen a server deep in the data centre with a sign displaying “DO NOT SWITCH OFF”. That isn’t necessarily because it is a critical asset; more so that no one actually knows 1) what it's for and 2) how to operate it. This is because those who likely oversaw the tech being installed and managed it have since retired (laterally becoming consultants). As such, organisations are spending a premium to call on this specialist support just to keep the ancient stacks running.
Organisations can’t just see legacy debt as a technical hurdle that must be overcome by spending more on resources and layering more modern technology solutions, yet on top of all, just to remain operational; they must consider the financial drain that emerges and, in turn, prevents the innovation that could benefit from the new budget.
Modernisation without migration
Much of the time, many then feel that the only answer is to rip everything out and start again. However, all too often, this drives organisations into a blind panic, resulting in yet more panic purchasing. In turn, they then do nothing and remain stuck. But, given the state of the current cyber threat landscape, organisations don’t have the freedom to wait around and hope that they aren’t impacted.
Rather than feel helpless or see more of that budget increase be frittered away on covering the cracks in a crumbling environment, I am finally seeing a little more light at the end of the tunnel as more organisations are realising the value of container-based isolation. While it might not be as sexy as AI, it is giving organisations protection from external threats, all while modernising wider environments without the huge price tag.
By decoupling core applications from the operating system in which it lives, it is possible for organisations to instead hold these in a secure container vault, allowing them to run legacy applications on modern, secure systems without the pain of a migration programme. Not only can this result in lower operation costs by up to 84%, but these containers can ensure systems comply with regulations, including NIS2, Cyber Essentials Plus, and the Digital Operational Resilience Act (DORA), offering immediate and verifiable protection.
The £288k efficiency dividend
Taking a wider lens view of the benefits of isolation could bring major annual cost savings. The typical organisation invests in any combination of the following: Identity and Access Management (IAM), Multi-Factor Authentication (MFA), Secure Access, Encryption, Firewall/Perimeter, Privileged Access Management (PAM), Network Access Control (NAC), endpoint, and isolation. With their own costs for installation, monitoring, and maintenance, this can carve a deep hole into the IT budget.
From market analysis, we considered the offering and pricing models of 27 vendors, if one considers the costs of a PAM solution alone, for a typical organisation with 500-users, they could be spending up to £288,000 per year. However, with a container-based isolation solution, this cost could be half of that. Given the additional costs of IAM, MFA, NAC, encryption, and so on, it represents redundant spending that could be reinvested in growth technologies such as AI and automation.
Much like when renovating a house, you would (and should) never keep building upon your foundations. Reliability and security shouldn’t require a 50-layer tech stack either. Rather than adding complexity, as we move through 2026, simplicity and smarter investments must rule. By isolating the old and embracing the new, 2026 can be the year IT shifts from being a cost centre to an innovation engine.
