Rapid digitalisation without architectural hygiene¶

Over the past five years, every ministry, NGO, SME and grandma-run charity has been busily bolting on cloud migrations, SaaS platforms, shadow IT and remote access for everyone and their cat, yet almost nobody allocated budget for lifecycle management, threat modelling, or consolidating the resulting mess. Europe has effectively built a digital IKEA wardrobe but skipped the screws that make it stand upright.

The pandemic panic button¶

March 2020 came along and the order was simple: “Everyone work from home starting Monday.” What that actually meant was chaos dressed up as progress. VPNs designed for fifty users suddenly served five thousand. Zoom accounts appeared courtesy of personal credit cards. File shares opened to the internet with “temporary” access rules that persisted for years. Two-factor authentication was disabled “temporarily” and security policies suspended until “things calmed down,” which they never did. Six weeks of panic created technical debt that defines organisational behaviour to this day: temporary measures became permanent, workarounds became infrastructure, and “we will fix it properly later” morphed into “this is how we do things now.”

Cloud: somebody else’s computer, your problem¶

The sales pitch promised security, scalability, and cost savings. The reality offered only illusions. Security works if you configure it properly, which nobody did. Scalability works if you architect for it, but everyone lifted and shifted instead. Cost savings? Hilarious in retrospect. Organisations signed enterprise agreements without reading terms, dumped everything into cloud storage in the name of modernisation, copied configurations from Stack Overflow, left default settings wide open, and created an inventory they did not know existed. The bill arrived three times the projection, necessitating a “cloud cost optimisation consultant” to untangle the mess. Data sovereignty requirements further restricted the use of services, but nobody told procurement before the five-year contract was signed.

SaaS sprawl: death by a thousand subscriptions¶

What begins as well-meaning departmental choice quickly mutates into chaos. Marketing needs a new email tool, finance wants expense tracking, HR requires applicant tracking, and sales demands a CRM. Soon, forty-seven different SaaS platforms exist, many with admin access still granted to departed staff, customer data stored in mysterious locations, overlapping tools, failed integrations, auto-renewals and breaches unnoticed because alerts go to forgotten inboxes. Every platform has different security settings, password policies, jurisdictions, compliance requirements and costs per user. The killer question nobody asks is, “Can we even turn this off if we need to?” The answer, almost invariably, is no: the workflows now depend on it, and the organisation is firmly locked in.

Shadow IT: innovation or sabotage?¶

When IT estimates a nine-month deployment requiring three committee approvals, marketing finds a free tool online and simply uses it. A year later, the tool is business-critical, holding customer data nobody knows the security of, integrated with other systems via webhooks discovered on GitHub, and operated by someone who left months ago. Shadow IT thrives because official procurement is slow, IT is underfunded, staff need to get work done, and quick fixes are easier than permission. It persists because migration is harder than pretending the problem does not exist, and auditing risks uncovering the messy truth.

Remote access: the security perimeter is dead¶

The old model of a secure perimeter with VPN access has been replaced by a world where everyone works anywhere on any device, yet no new security model exists, only a larger, holey version of the old one. VPNs designed for occasional use now carry eighty percent of daily traffic, performing poorly, prompting staff to seek faster, unapproved alternatives. Bring-your-own devices arrive without endpoint protection, patch management, or oversight, and some even run pirated software while children play Minecraft. Access is granted liberally, rarely revoked, and multi-factor authentication is mostly theatre: enforced for important systems, bypassed for convenience, and exempt for administrators. Permissions accumulate like barnacles on a ship.

The architecture is a ball of mud¶

Systems accrete without design, connecting to other systems in unpredictable ways. Architecture diagrams are outdated and inaccurate, changes occur through tickets rather than planning, and integration is “whatever makes it work right now.” Quick fixes become permanent, workarounds become features, hacks become standard practice, documentation is forever “next sprint,” testing is done in production, and rollbacks rely on memory rather than plan. Buy-versus-build cycles lock organisations into unpatched, unsupported software that cannot be replaced.

The illusion of inventory¶

When asked what systems exist, the official list is fifty, while the real number likely approaches four hundred. CMDBs are outdated, shadow IT proliferates, acquisitions bring mystery infrastructure, and old systems never formally die. Organisations cannot secure what they do not know exists, patch systems they have forgotten, or budget for contracts they never realised they had. Auditors asking for a full view of personal data systems provoke panic, frantic Slack messages, and incomplete surveys, the end result is guesswork, crossed fingers, and hope.

Lifecycle management? never heard of her¶

Proper lifecycle management would plan, procure, deploy, operate, and decommission systems systematically. What actually happens is crisis, urgent purchases, hope, constant firefighting, and zombie systems that quietly continue after end-of-life. Budgeting for ongoing costs is absent, technical debt accumulates invisibly, and replacements arrive only after disaster.

The threat model is hope¶

Proper threat modelling requires understanding assets, threats, vulnerabilities, and mitigation, tested continuously. Reality substitutes hope: hope nothing bad happens, panic when it does, apply a point solution, declare victory, and return to hoping nothing else breaks. Ransomware, supply chain weaknesses, and insider threats routinely exploit these gaps.

The screws that are missing¶

Architectural hygiene would demand centralised identity management, a current asset inventory, pre-deployment architecture review, dedicated technical debt budgets, and continuous monitoring. Each of these interventions requires money, time, and cultural change, which are scarce commodities.

Why it won’t get fixed¶

Broken incentive structures reward short-term feature delivery over long-term maintenance. Budgets favour CapEx over OpEx. Knowledge walks out the door. Architects are expensive; juniors cheap; consultants convenient. Organisations hack around problems because nobody understands the systems well enough to fix them properly.

The inevitable reckoning¶

Rapid digitisation without hygiene produces slow-motion degradation: constant minor failures, firefighting, burnout, multiplying security incidents, eroding trust. Eventually, something breaks badly enough for leadership to notice. Digital transformation initiatives are relaunched, consultants hired, documents produced, programmes planned, and then cancelled or reduced, while staff who understand the problems leave, leaving new hires to inherit undocumented chaos.

We seem to have built a digital infrastructure at pandemic speed without pandemic-scale resources. The wardrobe wobbles, yet we keep stacking more things on top, praying physics does not notice.