Mitigating Risk by Modernizing Legacy IT Systems

Brandon Edenfield


February 16, 2021

For organizations to ensure they can remain operational when disaster strikes, they must prepare their IT systems for potential disruptions before they ever arise. This year, states like New Jersey, Oregon and California saw their unemployment systems crash as a result of running on outdated mainframes, which are often over 60 years old and incapable of properly integrating with the internet and other modern technologies. These limitations ultimately rendered them unable to provide constituents with important services and benefits during a time of need.

While many states have battled their archaic technologies, these challenges are not exclusive to the government sector, or to COBOL, the programming language many government systems use. Rather, today’s business demands require an organization to make essential changes to their IT systems in real-time, whether to maintain industry compliance practices, adapt to customer needs and expectations or to streamline internal processes. Without the ability to do so, this can pose significant risk for an organization’s long-term success and efficiency. Risk professionals must analyze their existing business-critical systems to assess the cost-benefits of upgrading these technologies. For organizations looking to get ahead of these issues, and to protect their potential for future revenue generation, the solution is to pursue modernization.

Determining When to Act

Modernization projects can be expensive, but so can maintaining aging technologies and finding relevant talent, a problem that ultimately results in significant cost-benefit for pursuing these projects. Many companies rely on mainframes, which charge users by MIPS (millions of instructions per second) and MSUs (million service units, measured per hour), producing higher costs for increased usage. However, as digital transformation takes hold in the business environment, organizations are creating significantly larger amounts of data as transaction counts continue to increase, positioning these organizations to receive linear, ever-increasing costs for the same solution. In addition, much of the existing mainframe infrastructure is old, leaving them at risk of physically breaking, ultimately knocking these business-critical systems offline entirely.

Outside of their risk of failure, storing information on mainframes is especially costly. In fact, a recent report found that organizations can save $30 million per year if they modernize the most urgent parts of their legacy systems. As a result, it is key that risk managers not only explore moving away from their mainframes, but also shift the infrastructure and storage of these systems into public clouds. By pursuing the cloud, risk professionals can ultimately reduce IT maintenance costs and open the doors for horizontal scalability in their organization. This can eliminate the risk of systems being knocked offline during spikes in demand—an absolute must-have as businesses continue to shift to dispersed office models in the wake of COVID-19.

Starting the Clock

One of the most essential aspects of a modernization initiative is setting a clearly defined project timeline. As these projects can take months or even years to complete, there is minimal time to waste. Due to the age and complexity of legacy systems, it is important to complete an assessment to establish an in-depth understanding of the environment and interdependencies. Modernization experts should perform assessments by using automated tools, as this exercise exposes mainframe artifacts that organizations did not know they had, relationships they did not realize existed, and assets that they no longer use. An assessment provides stakeholders with valuable insight to inform application modernization decisions such as disposition strategies and target environment architectures. It also mitigates cost and risk by highlighting potential challenges and how to overcome them. Modernization expertise is an important component of translating assessments into action because migrations across platforms can pose challenges that may not be intuitive to those who have not undergone such an exercise in the past.

Eliminating IT Risks Before They Arise

As modernization projects are entirely unique to the specific systems for which they are designed, there is not a single, direct path that applies to all projects. Instead, organizations’ legacy systems are deeply personalized, often the end result of countless individual updates made by developers who have since retired and exited the workforce. This leaves many businesses struggling to untangle the “black box” of information hidden within.

To determine the appropriate course of action for their modernization initiative, risk professionals should work with IT experts to conduct a detailed and automated assessment to understand their specific challenges—like outdated legacy languages and code, the inability to integrate with other technologies and more—and which modernization strategy can rectify these issues. In most instances, an organization would pursue one of four approaches:

  • Rewriting: Experienced developers work to manually recreate the existing legacy system in a modern environment that is suitable for modern business demands. Given that this process requires building the system from scratch, it can be time consuming, costly and especially risky for maintaining core functions. This is the least desirable modernization disposition strategy.
  • Rehosting: Through rehosting, IT professionals eliminate the aging mainframe as a whole, but migrate its core functions and procedural codebases in their current form into a newer, more modern computing environment.
  • System Replacement: Sometimes businesses elect to do away with their legacy systems entirely, fully deactivating its existing applications and replacing them with new, off-the-shelf solutions from third party vendors. While this gives businesses the opportunity to get started with a clean slate, this rip and replace approach can be especially costly and minimizes opportunities for customization.
  • Automated Refactoring: By pursuing this strategy, a team of experts use specialized, automated tooling to migrate procedural codebases to object-oriented equivalents. This allows organizations to relocate key information, specialized code and records away from their mainframes and instead use a modern architecture complete with cloud-friendly languages like Java, C# and in some instances, COBOL. This approach helps organizations take a cloud-ready approach while also eliminating the high costs associated with maintaining their legacy systems.

While modernization projects are robust and in-depth, they do not need to be completed in one course of action. This allows risk professionals to run low-risk workloads through the modernization process, track their results and better provide proofs of concept to their organizations. By participating in an in-depth assessment with experts, risk professionals can better understand the full breadth of challenges within their systems and make the case for change with senior leadership.

Acting Before Disaster Strikes

IT disruptions will come whether an organization is ready or not – and that’s why risk managers need to take action to address any potential issues within their organization’s IT systems before these issues threaten the overall functioning of the company as a whole. However, by analyzing their legacy systems in their current form, organizations can develop a clear picture of which actions need to be taken, the cost-benefits of pursuing updated technologies and which modernization strategies make the most sense.

Brandon Edenfield is managing director, app modernization at Advanced.