Top Legacy System Overuse and Lessons Learned. It can be headline news when a major corporation experiences a system issue or security breach that affects thousands (or millions) or customers, but the cause is often not really news at all: outdated legacy system overuse can result in outages, interruptions and vulnerabilities that negatively impact customers and result in huge PR headaches for executives.
If you’re a CIO kept awake at night by concerns about legacy system overuse, you’re not alone. A 2014 report from Computer Weekly indicated that 1 in 5 CIOs runs at least one major application that has been unchanged for 15 years or more. Hitachi Consulting says that 90% of IT decision makers they surveyed in 2015 believe that legacy systems are impeding innovation in their organisations. The financial and labour costs of maintaining legacy systems can be significant, so it’s unsurprising that many executives are prioritising a Cloud solution for their older systems applications.
As a growing number of companies transition to the Cloud, CIOs maintaining legacy systems are faced with a decision: should they continue maintenance, attempt Cloud migration or pull the plug on aging apps?
Companies that opt to hold on to legacy applications rather than migrate them to the Cloud will inevitably run into issues as they are faced with increasing maintenance costs, a shortage of staff with the niche skillset required to manage outdated systems and non-compliance with industry and government regulations.
SoftChoice found in 2015 that 21% of servers were still running on the Windows Server 2003 platform – a system no longer supported by Microsoft. Dedicating resources to maintenance can also stifle a company’s ability to innovate to meet evolving customer demands when combined with the limits of older applications. The longer a company clings to legacy technology, the more it becomes a prisoner to its systems.
While outdated systems can be found across all industries, three in particular are especially prone to legacy system overuse: finance, insurance and government. In this post, I’ll examine some industry examples of the consequences that occur when agencies rely too long on legacy systems and what lessons we can learn from them.
In 2013, Royal Bank of Scotland and NatWest customers found themselves unable to access accounts, make online payments or use their debit or credit cards on Cyber Monday – the busiest shopping day of the year. The financial institution blamed technical issues for the outage, which prompted outrage from customers who couldn’t make purchases or discovered their salaries had disappeared from their accounts. A distributed denial of service cyber attack took RBS and NatWest systems down again just days after the Cyber Monday incident.
Not long afterwards, RBS officials admitted that decades of systems neglect had left their systems vulnerable and impeded their ability to serve the demands of their customers. They promised to invest in upgraded systems to improve reliability and security, but the public relations damage was already done.
Much of the banking industry relies on 40-year old systems that have been pieced together to deal with growth and mergers rather than overhauled to provide customers with the transparency they are now demanding. While the systems continue to function, there is limited motivation to upgrade or start over, but at the same time, legacy systems overuse is limiting banks’ ability to expand or meet growing demand for new services and platforms. The RBS NatWest outage is a prime example of how serious a problem that can become. Experts observe that while tacking single-purpose solutions on to legacy systems may seem less risky at the time, the practice is producing increasingly complex systems that are difficult to understand and not well documented.
To continue to meet changing demands from their clients, banks must invest in their technology with an eye to the future, rather than simply aiming to keep pace with the struggles they currently face. Aymen Saleh of Boston Consulting Group points out that banks that make the investment to eliminate legacy system overuse “are now in a far better position than the others in addressing the three priorities of regulatory pressure, service provision and cost.”
Last year, NSM Insurance acquired a company that was using a customized back-office system developed in the 1990s. While the system still served the needs it had been designed to handle, NSM CIO Brendan O’Malley determined it needed replacing with a new system that would handle the requirements of the merged companies going forward. While the development of a replacement system would not be without complexity, O’Malley decided it was necessary to maintain the firm’s ability to innovate:
“You always want to have a strategy and an understanding of the platforms you expect to be supporting in three to five years. Those are the systems you’re going to be investing in or developing to drive your business. Something not on your list, that’s going to be legacy. It’s something you want to eliminate or consolidate or replace.” Brendan O’Malley, CIO, NSM Insurance
Many insurers have their data stored in legacy systems that have been in use for 20, 30, even 40 years. Uncertainty about how sensitive customer data would fare in a migration has limited technological evolution in the industry, and now agencies are being held back by the limited usability and functionality of antiquated systems, as well as facing increased concerns about cost and compliance.
While new entrants to the insurance industry are able to start fresh with a clean technological slate, the average insurer has 10 to 14 core legacy systems, making starting from scratch an untenable prospect. An Economist Intelligence Unit survey conducted last year indicates that 59 percent of insurance executives spend a significant amount of time addressing issues related to legacy system overuse. That commitment of resources combined with increasing security and compliance issues is making a step-by-step transition to a Cloud solution an increasingly attractive option to forward-thinking insurers.
In one of the most highly-publicised cyber security breaches last year, Chinese hackers gained administrator access to the US government’s Office of Personnel Management, compromising the personal records of millions of current and former federal employees. The legacy systems in place were too old to handle current encryption techniques and there are a limited number of current security experts well-versed in the nearly 60-year old language used to run them.
Lest you think this is merely an American problem, the UK’s National Audit Office estimates that nearly £480 billion of the country’s operating revenues depend on legacy IT systems, posing “a very significant risk to public service delivery.”
Many government agencies rely on systems run on COBOL, a computer language developed in 1959, and are reluctant to risk disruption of operations by transitioning to more current technology. Professionals with expertise in the language are decreasing in number, while the costs to keep legacy systems overuse sustainable are rising and security risks are growing.
Experts at the NOA advise that government agencies who dismantle legacy systems and replace them with more current technology will improve security and compliance, reduce the risk of being held hostage by a single support supplier and allow them to work with more innovative agencies who may offer better pricing in order to win their business. The NOA report cited earlier in this post suggests that “well-planned strategic investments have been successful in enhancing the functionality of legacy ICT… while minimising risk to service continuity and reducing the full cost of service.”
Fear of the cost and scope of system redesigns or concerns about security or business interruptions continue to hold many companies back from adopting a Cloud solutions strategy. But as time marches on, outdated systems maintenance costs will rise, resources to keep them running will dwindle and the need for innovation will outweigh the risks of transition. As CIOs consider legacy systems modernization and moving to the Cloud, they will reap a variety of benefits:
While addressing legacy systems overuse may not be a task for the faint of heart, the risks can be mitigated by partnering with a team that specialises in legacy application migration. The right hosting partner can help you determine the suitability of your legacy systems for Cloud migration, decide which workloads should be moved to the Cloud and assess the risks associated with the transition. They can establish the most effective solution for your team’s legacy systems, and set up performance and server monitoring, and system redundancies.
Remember, your legacy applications are not necessarily a problem – but running them without proper security, backup and recovery systems can pose a serious threat to your operations. By working with a provider who understands legacy systems, you can realise resource savings, improve security and prepare your company to innovate to meet future demand. If you’d like a helping hand eliminating legacy systems overuse and moving your applications to the Cloud, contact Umbee today.