89 per cent of IT decision makers in UK enterprises admit they are keeping old or legacy applications alive just to keep the historical data accessible, according to a new study. They recognize, however, that retaining these obsolete systems leaves businesses more open to security threats (87 per cent), and eats up resources that could be more productively used to support digital transformation (93 per cent).
Challenges related to obsolete systems
Vanson Bourne questioned 100 IT decision makers in UK enterprises about the challenges associated with retiring (decommissioning) obsolete legacy applications and the problems of running them indefinitely on ‘life support’ solely to access historical data.
“It’s normal for IT applications to outlive their usefulness and be replaced by more modern systems. However, the original apps often hold valuable data that’s still needed by the business for operational reasons – such as responding to customer inquiries – or for compliance or business intelligence,” explains Jim Allum, Director, Commercial and Technical at Macro 4, which provides services and technology to help companies decommission their legacy applications.
That is why IT teams end up keeping old systems running, despite the business risks and costs of doing so, says Jim Allum: “Businesses can’t afford to lose access to all that data so they just keep the old applications on ‘life support’, which causes a lot of problems. Old systems are typically harder to fix when they go wrong, harder to keep secure, and cost more to support – that’s if you can find people with the right legacy skills.
“It creates a huge burden, especially where companies are running dozens or even hundreds of legacy applications – which is surprisingly common.”
Security threats and compliance
One of the chief problems of keeping the aging systems running is related to security, as the research highlights. 87 per cent of the IT decision makers in the survey sample agree that legacy applications on older operating systems are more vulnerable to security threats. At the same time, 82 per cent recognize that old or legacy systems are rarely compatible with modern security and authentication methods.
“On older systems some security vulnerabilities are harder – or even impossible – to resolve. If available at all, patches for new threats could be delayed because legacy apps are considered less of a priority,” says Jim Allum. “As legacy applications pre-date the latest security innovations there is a clear security risk to having a lot of legacy within your application portfolio.”
A related issue is compliance, with 84 per cent of the sample agreeing that on old/legacy applications it is harder to accurately track and control access to sensitive data in line with stricter data privacy regulations such as the GDPR.
Overall, 93 per cent of the IT decision makers questioned acknowledge that supporting legacy applications to keep data accessible ties up IT resources that could be better employed on digital transformation or other strategic activities. 90 per cent feel that it is often difficult integrating legacy systems with newer applications that may have been introduced as part of digital transformation.
“Legacy applications don’t just divert resources away from digital transformation; they are also a practical barrier to achieving it,” says Jim Allum. “Problems integrating aging systems with new applications mean you end up with silos of data, which makes it that much harder to create a seamless digital experience.”
When asked why businesses continue to keep obsolete applications running instead of decommissioning them and moving the data elsewhere, the survey respondents point to a number of challenges, including:
- They feel it is too difficult to move the data somewhere else while keeping it easily accessible (54 per cent)
- Business users are resistant to getting rid of their old applications (39 per cent)
- They don’t always have the right in-house skills to retire/decommission applications (32 per cent)
- Lack of time (32 per cent)
- They are worried that if they move the data they will no longer meet their compliance obligations (32 per cent)
- Decommissioning/retiring applications is considered too risky in case of data loss (30 per cent)
- Lack of budget” (30 per cent).
Programmatic approach to decommissioning
Summarizing the overall findings, Jim Allum argues that enterprises should adopt a programmatic approach to decommissioning in order to address the legacy problem more effectively:
“Enterprise IT leaders are facing a universal set of problems caused by legacy systems, yet there is still inertia around getting decommissioning initiatives off the ground. Difficulties moving the data off legacy applications are cited as the number one challenge. Compliance, data integrity and resistance from business users are the other major considerations highlighted.
“It’s therefore important to manage the end of life process carefully, just like any other stage of the application lifecycle. You should aim to move the data away from obsolete applications and into a content repository where business users can continue to access it, so that the original application can be retired. At the same time you should adopt a repeatable decommissioning process that will work for any legacy application you choose to retire.
Finally, make sure that your new repository can keep the decommissioned data safe, secure and compliant – and is easy for businesspeople to use so it gains their acceptance.”