While these businesses acknowledge the downside of sticking with legacy infrastructure, they are often fearful (and rightly so) of the complexity, cost, and potential disruption that can come with upgrading their existing tech.

This is particularly true for Business Support Systems (BSS). A BSS manages critical revenue-related functions, from billing and revenue management to CRM and order fulfilment, and forms the backbone of how telcos interact with customers.

Telcos are often tentative about a BSS overhaul because they’ve already made significant investments in legacy technology and can’t justify the cost of an upgrade.

Additionally, these systems are such a key component of day-to-day operations, operators are understandably cautious about making changes to something that has traditionally worked well enough and where such a change would introduce significant operational risk.

A BSS upgrade is a significant project, something akin to a bank replacing its entire network of ATMs. It’s a project that touches every part of the business, impacts millions of customers, and requires meticulous planning and execution.

But legacy BSS platforms are typically monolithic, complex and costly to maintain, leaving telcos stuck between the risk of disruption and the need to modernise.

So, how do you know when it’s time to move to a modern BSS?

If your competitors are gaining traction with the frequent launch of new products and you’re losing market share, it might be time to modernise your BSS.

If it takes you months to update your processes in response to market or regulatory changes, and others are moving at a much faster pace, your business support systems need a refresh.

If your customer satisfaction scores are down, if you’re struggling with billing inaccuracies and high maintenance costs, modernising your BSS is the right move.

BSS migration mastery

The dilemma is clear: replacing or upgrading a system is a big step but continuing to rely on increasingly outdated technology threatens innovation, competitiveness and future growth.

For telcos wanting to replace a legacy BSS without the risk, taking a modular or phased approach is the best strategy.

Rather than upgrading everything at the same time, savvy telcos can opt to swap out specific services, whether it’s just a CRM component or invoicing component, maybe the onboarding component and then scale things up at their own pace.

With this approach, old and new systems can run in parallel, with the legacy system continuing to handle live operations, while the new system is tested and validated.

It’s also possible to run a phased customer migration, so that operators can refine processes and resolve issues before affecting their entire customer base.

While there’s no doubt that a BSS upgrade is a big project, the risks of delaying an upgrade far outweigh the challenges of migration. Especially if you migrate in stages.

When adopting a phased approach, operators can modernise with lower risk, and guaranteed continuity of service and enjoy the benefits of modern platforms – from quick product launches and better operational efficiency to improved customer experience.

The company seeks to replace outdated government systems with efficient, accessible, and user-friendly technology.

Led by NEA, with participation from 776, Accel, Andreessen Horowitz, and Carpenter Capital, the round follows an $11 million seed funding co-led by Accel and Andreessen Horowitz’s American Dynamism practice, bringing Kaizen’s total funding to $35 million.

Kaizen’s technology is already in use across more than 50 government agencies in 17 states, reaching over 30 million residents. From state parks and DMVs to court systems and tax portals, the company is bolstering how people access essential services. 

Instead of fragmented systems that charge taxpayers billions through maintenance contracts and outdated software, Kaizen offers a single, unified platform. Governments can deploy new services within weeks, and residents can interact with them through a modern, intuitive interface.

“Kaizen is focused on the most fundamental American services that we use every day – the parks, transit, licensing, the everyday systems that quietly hold our communities together. 

“That clarity of mission has accelerated their growth and embodies exactly what the American Dynamism movement stands for to ensure our government is working at the speed of technology and serving our national interests,” said Katherine Boyle, general partner at Andreessen Horowitz.

For Kaizen’s CEO and co-founder, Nikhil Reddy, the company’s mission is a personal one. He believes Americans have settled for less when it comes to public service technology. 

“American citizens have been worn down into accepting second-class solutions when it comes to public service technology,” Reddy said. “Think about it, when was the last time you had a delightful experience booking a DMV appointment or reserving a campsite at a state park?”

He added, “If we raise our expectations of what public service technology can and should be, we can transform not just someone’s day or weekend, but how millions of people experience the impact of their taxpayer dollars.”

The timing of Kaizen’s rise coincides with a national push for digital reform. The federal government recently established a National Design Office to oversee a $10 billion effort aimed at modernising more than 25,000 public service portals. 

Kaizen’s tools align closely with this agenda, providing governments with the digital infrastructure to serve citizens with the same ease as private-sector platforms.

“In so many places around the world, public services run on technology that’s every bit as good as what we use in our daily lives — sometimes better. There’s no reason America shouldn’t aim just as high,” said Alexis Ohanian, founder and general partner at Seven Seven Six. 

“Kaizen is building the backbone for public services that reflect the beauty, ambition, and potential of the society they serve.”

Co-founder KJ Shah, who began his career in mergers and acquisitions, saw how legacy systems affected public-sector efficiency. “For decades, public servants have been forced to use stagnant software built through acquisitions, not product innovation. Our agencies need and deserve a platform built natively and designed to grow with them,” he stated.

Kaizen’s results are already visible. In Maryland, the company launched a new state park day-pass system in less than two months, a full month ahead of schedule. 

On Independence Day weekend, state parks operated at full capacity without major check-in delays, eliminating long-standing traffic jams and cutting overtime costs. Wildlife even began returning to calmer park environments.

“As a career public servant with 30 years at the Department of Natural Resources, I can say without hesitation that this initiative is one of the most meaningful changes we’ve implemented to expand and safeguard public access while ensuring equitable access to our public lands,” said Paul Peditto, assistant secretary of Land Resources, Maryland DNR.

Since early 2024, Kaizen’s customer base has expanded tenfold, while annual recurring revenue has surged ninefold year-on-year. The company has recently partnered with Maricopa County, Arizona; San Bernardino County, California; Suffolk County, New York; and the Cherokee Nation. 

Its workforce is expected to grow from 30 to 50 by early next year as it targets federal agencies and new sectors such as courts and licensing.

“Kaizen is tackling one of the toughest areas in technology and doing it with precision and purpose,” said Amit Kumar, partner at Accel. “Nikhil sees opportunity where others see complexity, and his team is proving that public services can be modern, efficient, and built around the people they serve.”

Andrew Schoen, Partner at NEA, added: “Public services impact hundreds of millions of people every day in the US alone, yet their technologies often lag far behind the seamless digital experiences modern consumers expect. We’re thrilled to back Nikhil, KJ, and the Kaizen team as they bring streamlined, thoughtfully-designed, AI-native experiences to government services, already reaching more than 30 million residents across 17 states and 50 agencies.”

Kaizen’s long-term goal is to become the primary technology partner for public institutions, one that creates reliable, beautifully designed systems citizens can trust.

According to global research by Kaspersky, 78% of companies surveyed in the Middle East, Turkiye and Africa (META) region suffered cyber incidents in the last two years, and 10% of these were caused by the use of shadow IT.

A recent Kaspersky study showed that, in the last two years, 11% of companies worldwide have suffered cyber incidents due to the use of shadow IT by employees.

The consequences of the use of shadow IT can be diverse in their severity, but they are never insignificant, whether it’s the leak of a piece of confidential data or tangible damage to business.

So, what is shadow IT? 

Shadow IT is the part of the company’s IT infrastructure that is outside the purview of the IT and Information Security departments, i.e. applications, devices, public cloud services etc. but that is not being used in accordance with information security policies.

Deployment and operating shadow IT can lead to serious negative outcomes for businesses. Many instances were found in the Kaspersky study, which revealed that the IT industry had been the hardest hit, suffering 16% of cyber incidents due to the unauthorised use of shadow IT in 2022 and 2023.

Other sectors hit by the problem were critical infrastructure and transport & logistics organisations, which saw 13%.

Recent case of Okta clearly proves the dangers of using shadow IT. This year, an employee using a personal Google account on a company-owned device unintentionally allowed threat actors to gain unauthorised access to Okta’s customer support system.

There they were able to hijack files containing session tokens that could then be used to conduct attacks. This cyber incident lasted for 20 days and impacted 134 company’s customers according to Okta’s report.

Outlining ‘blurry shadows’

So, when you are looking for shadow IT, what to look for? These can be either unauthorised applications installed on employee computers, or unsolicited flash drives, mobile phones, laptops, etc.

But there are also some options that are less conspicuous. One example of this is abandoned hardware left over after the modernisation or reorganisation of the IT infrastructure. It can be used ‘in the shadows’ by other employees, acquiring vulnerabilities that will sooner or later find their way into the company’s infrastructure.

Regarding IT specialists and programmers, as it often occurs, they can create a tailored program themselves to optimise work within a team/department, or to solve internal problems, making work faster and more efficient.

However, they don’t always ask the Information Security department for authorisation to use these programs, and this could have disastrous consequences.

“Employees who use applications, devices or cloud services that are not approved by the IT-department, believe that if those IT-products come from trusted providers, they should be protected and safe. However, in the ‘terms and conditions’ third-party providers use the so-called ‘shared responsibility model’. It states that, by choosing ‘I agree’ users confirm that they will perform regular updates of this software and that they take responsibility for incidents related to the use of this software (including corporate data leakages). But at the end of the day business needs tools to control the shadow IT when it’s used by employees. Kaspersky Endpoint Security for Business and Kaspersky Endpoint Security Cloud, offer this control with Application, Web and Device control functions that limit the use of unsolicited apps, websites and peripherals. The Information Security department will of course still need to conduct regular scans of their company’s internal network to avoid the unauthorised use of uncontrolled and unsafe hardware, services and software applications,” comments Alexey Vovk, Head of Information Security at Kaspersky.

In general, the situation with the widespread usage of shadow IT is complicated by the fact that many organisations do not have any documented sanctions where their employees will suffer as a consequence of going against IT policies in this matter.

Moreover, it is assumed that shadow IT could become one of the top threats to corporate cybersecurity by 2025.

The good news is that the motivation for employees to use shadow IT is not always malicious, even more often, it’s the opposite.

Employees in many cases use this as an option to expand the functionality of the products they use at work because they believe that the set of allowed software is insufficient, or they simply prefer the familiar program from their personal computer.

To mitigate the risks of using shadow IT in an organisation, Kaspersky recommends:

• Ensure cooperation between the business and IT departments to regularly discuss new business needs, obtain feedback on the IT services used, in order to create new and improve existing IT services needed by the business.
• Regularly conduct an inventory of IT assets and scan your internal network to avoid the appearance of uncontrolled hardware and services.
• When it comes to personal employee devices, it’s best to give users as limited access as possible to only the resources they need to do their job. Use an access control system that will only allow authorized devices onto the network.
• Carry out training programs to improve the information security literacy of employees. To boost security awareness among employees, educate them with the Kaspersky Automated Security Awareness Platform training program, which teaches safe internet behavior.
• Invest in relevant training programs for IT security specialists. Kaspersky Cybersecurity for IT Online training helps build up simple yet effective IT security-related best practices and simple incident response scenarios for generalist IT admins, while Kaspersky Expert Training equips your security team with the latest knowledge and skills in threat management and mitigation.
• Use products and solutions that allow you to control the use of shadow IT within your organization. Kaspersky Endpoint Security for Business and Kaspersky Endpoint Security Cloud offer Application, Web and Device controls which limit the use of unsolicited apps, websites and peripherals, significantly reducing infection risks even in cases where employees use shadow IT or make mistakes due lack of cybersafe habits.
• Regularly conduct an inventory of IT assets to eliminate the appearance of abandoned devices and hardware.
• Organise a centralised process for publishing self-written solutions so that IT, so Information Security specialists learn about them in a timely manner.
• Limit the work of employees with third-party external services and if possible, block access to the most popular cloud information exchange resources.