Shadow Linux
Linux may seem niche, but in fact a huge range of organisations already rely on Linux implicitly - and often unconsciously. There are a huge range of Linux-based systems that provide mission-critical functions for organisations, but are not staff-facing and often poorly understood by leadership. Because these systems are often delivered as part of larger products or services, organisations may not view them as part of their core IT estate. As a result, they can receive less architectural attention, documentation, and long-term planning than other more directly visible systems. This kind of "shadow Linux" is quite common; we offer some examples to illustrate this.
Organisations increasingly depend on cloud-hosted applications, websites, APIs, and containerised platforms. While these systems are often viewed simply as "cloud services", they are typically built on Linux-based infrastructure. These range from ubiquitous systems such as web servers, web backends and web-facing databases to more specialist ones such as machine learning infrastructure or engineering simulations. As these environments grow, organisations can find themselves dependent on specialist Linux knowledge for architecture, troubleshooting, automation, and security.
Linux is extremely common for network infrastructure devices like routers and wireless networking equipment. A large number of firewalls, VPN gateways, and network monitoring systems implicitly depend on Linux. Since these systems are typically critical to an organisation's network security, it is particularly important that their supporting digital environment is considered as a first-class IT consideration.
Data storage and backup is a critical concern for most organisations. Examples of such data storage systems include databases, automated backup systems, and network-attached storage devices. These applications and systems are typically deployed on Linux infrastructure. Because these systems underpin disaster recovery, operational continuity, and regulatory compliance, failures can have organisation-wide consequences despite the underlying Linux infrastructure often receiving little direct attention.
A huge number of modern physical devices now include computers, and those computers often run Linux. These include devices like CCTV cameras, industrial control systems, manufacturing equipment, access control systems, physical sensors and telemetry devices, and other internet-of-things devices. These systems are often exposed to the public internet, yet organisations often are unaware of the need to secure them.