There’s a silent strain on security in today’s enterprises, and it’s coming from an unexpected source: the technology stack.
Technical debt is a $2.41 trillion problem in the United States. No wonder, then, that 87% of IT leaders rank tech debt reduction as a top five initiative for their organization, according to a new Enterprise Strategy Group survey. Respondents cited security concerns, escalating operating costs, and more.
How did organizations get this deep into application tech debt? What are the implications for security? And, most importantly: How can organizations begin to dig their way out?
A vicious cycle of short-term fixes
Tech debt is, at its core, the pain of applying yesterday’s technology decisions to today’s business needs.
Organizations frequently face trade-offs when it comes to technology. Most often, they find the best solutions for their complex problems, balancing network, security, and end-user priorities. Other times, they’re under pressure to move fast and constrained by limited resources, leading to quick fixes that complicate their tech stack.
This is how tech debt accrues, one well-intentioned decision at a time. As business demands intensify – whether due to growth, digital transformation, or external disruptions – IT and security teams make pragmatic choices and adopt point solutions to keep up.
But these bolt-on software purchases quietly snowball and mutate into an unmanageable web – eventually emerging loudly in the form of fractured IT infrastructure, inconsistent user experiences, ballooning operational costs, and unpredictable IT environments.
Not to mention, they make for a vastly increased attack surface. In this Swiss cheese effect of overlapping systems, the organization can spend more time patching holes and maintaining legacy scaffolding than innovating.
According to a Gartner survey of 162 large enterprises, conducted between August and October 2024, organizations use an average of 45 cybersecurity tools. It’s a vicious cycle of patch upon patch.
Time isn’t the only cost. Enterprise Strategy Group found that 47% of IT leaders point to escalating operational costs as a direct result of legacy infrastructure support. And 36% flagged increased security vulnerabilities as a growing concern tied to outdated systems.
Regardless of the justification for yesterday’s technology decisions, they all impact today’s enterprise systems—increasing complexity, maintenance burdens, and security vulnerabilities.
Tech debt has a SaaS problem
Most modern applications in use across the enterprise today are delivered in a SaaS model. For more than half of survey respondents, SaaS and legacy web-based applications represented a combined 61% of all application usage – the majority of those being classified as “business critical” apps.
In the enterprise, these critical apps require secure, modern access methods. However, to date, secure access has often come at the cost of convenience. Legacy access solutions like VDI and VPN weren’t designed with the SaaS-first enterprise in mind, creating friction for users, increasing overhead for IT teams, and offering limited visibility, control, or threat detection once users are inside the app.
Monitoring these apps requires bolted-on solutions, further increasing tech debt. Unsurprisingly, the number of respondents that indicated the desire to move off VDI solutions was a staggering 72%.
As SaaS adoption has accelerated, this mismatch between access architecture and application delivery has accelerated along with it—slowing agility, increasing risk, and complicating user experience across the board. Tech debt isn’t just a nuisance; it’s an anchor dragging down enterprise security and efficiency.
Addressing tech debt at the point of access
As knowledge workers’ primary interface, the browser is central to accessing SaaS, internal apps, and digital workflows. Therefore, the most direct way to address the application tech debt challenge is to reimagine the browser itself.
Browsers like Chrome and Edge, while highly effective tools for consumers, were never designed for enterprise needs. It presents a huge security gap: 62% of sensitive corporate data is accessed via consumer browsers, and 35% of data leaks stem from those same browsers.
These browsers require a complex ecosystem of tools – data loss prevention (DLP), web gateways, remote browser isolation (RBI), endpoint agents, VPNs, and more – to try to secure browsing activity and protect sensitive data. Over time, these layers have compounded, contributing to tech debt in both security and application access by requiring ongoing management, troubleshooting, and upgrades.
Further complicating the tech debt challenge is the proliferation of AI tools. In these early days of AI adoption, end users and the enterprises in which they operate will undoubtedly choose multiple tools to address niche use cases without understanding the impact on data protection and user experience. And fresh competition will replace many of these tools almost as fast as they arise. Future technology decisions will need to address managing the sprawl of shadow AI and the new tech debt it creates.
The emergence of enterprise browsers
However, a new type of browser has emerged: enterprise browsers, which are designed exclusively for use in the workplace. Gartner recognized this new category of browsers in 2023. In April, Evgeny Mirolyubov, Sr Director Analyst at Gartner, said, “SEBs embed enterprise security controls into the native web browsing experience using a customized browser or extension for existing browsers, instead of adding bolt-on controls at the endpoint or network layer.”
Enterprise browsers are redefining how organizations approach application access. An enterprise browser streamlines the tech stack needed to secure, manage, understand, and enable access to critical apps and data.
With growing regulatory scrutiny and the rising sophistication of threats like phishing, browser-based malware, and insider threats, organizations must rethink access with security at the forefront. Enterprise browsers provide visibility and control down to the session level, enabling proactive enforcement and rapid incident response.
These browsers have the power to reduce reliance on legacy tools like VDI, VPNs, DLP, proxies, and various endpoint agents—eliminating layer upon layer of tech debt and enabling secure, efficient, and scalable access.
Secure access without the debt
For too long, organizations have been trapped in a loop where old decisions constrain new possibilities. Years of layering legacy access tools, fragmented security controls, outdated application architectures, and siloed observability and authentication systems have created a complex web of technical debt—one that undermines performance, cybersecurity, and scalability at a time when seamless, secure, and cloud-optimized access is more critical than ever.
Finally, there’s an off-ramp from this loop. By reconsidering the browser, forward-thinking enterprises are not just reducing debt—they’re building resilience for the next generation of digital transformation.
We list the best IT management tools.
This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
