Legacy applications are a minefield, but why ringfence them instead of updating or decommissioning them?
Legacy applications often play critical roles in an organization’s operations. They may contain business-critical functions or data and are typically deeply embedded in a company’s IT infrastructure.
However, these applications can become costly to maintain over time, particularly (despite judicious patching) as they may no longer align with current technology standards, pose security risks, and often lack the flexibility needed for digital transformation. Decommissioning legacy applications can also be costly, plus risky, and complex. The cheapest and most time-effective alternative is to leave them where they are and isolate them to keep the larger environment safe.
Modernizing Legacy Applications
There is a significant distinction between patching and modernizing.
Patching refers to updating specific parts of an application’s software code to fix vulnerabilities, bugs, or compatibility issues, without altering its overall functionality or design. On the other hand, modernizing an application involves comprehensive changes to its architecture, technology stack, user interface, or functionality to improve performance, security, scalability, and integration capabilities, often to align with current technology standards and business requirements.
Here are a few reasons why ring-fencing—creating a ‘protective barrier’ around these legacy applications or ‘encapsulating’ them—can be more financially beneficial than modernizing them:
- High Costs of Modernization: Updating legacy systems can be extremely expensive. It often involves rewriting significant amounts of code, purchasing new hardware, retraining staff, or even entirely replacing the system with a new one.
- Operational Disruption: Upgrading a legacy system can disrupt day-to-day operations. Depending on the size and complexity of the system, an upgrade could take months or even years, during which normal operations might be affected.
- Risk of Failure: Any major IT project carries a risk of failure, and upgrading a legacy system is no exception. If the upgrade doesn’t go as planned, it can lead to significant losses.
- Preserving Business Logic: Legacy applications often embody complex business rules and processes that have been refined over many years. Ring-fencing these applications preserves this important business logic.
- Security and Compliance: Ring-fencing legacy applications can provide enhanced security and help maintain compliance by limiting the exposure to the rest of the network, thus reducing the attack surface.
Ring-fencing legacy applications—through the use of microsegmentation and application isolation—can protect and isolate these systems without the need for costly and risky updates. This approach can keep legacy systems operational and secure until they can be modernized or decommissioned in an organized and systematic way.
Decommissioning Legacy Applications
Legacy applications might contain critical business logic or data, and decommissioning them can be costly, risky, and complex. Ring-fencing is invariably more financially viable and a less time-consuming strategy than decommissioning. Here’s why:
- Business Continuity: Legacy applications often support key business processes. Decommissioning them can disrupt business operations, impacting revenue and customer service. Ring-fencing allows these applications to continue functioning without interruption.
- Decommissioning Costs: Decommissioning a legacy application involves costs such as data migration, user training for new systems, system testing, and potential downtime during the transition. Ring fencing can delay or avoid these costs.
- Data Loss Risk: Decommissioning could lead to potential data loss if not done carefully. Any mistake in data migration can be costly to rectify. Ring-fencing eliminates this risk.
- Preserving Business Logic: Legacy applications often embed complex business rules and processes that have evolved over many years. Decommissioning these systems may mean losing this valuable business logic. Ring-fencing preserves this knowledge.
- Time and Resources: Decommissioning an application is a significant project that requires dedicated time and resources. Depending on the size and complexity of the application, it could take months or even years. Ring fencing provides a quicker and more cost-effective alternative.
It’s important to note that ring-fencing is typically a temporary solution or a part of a more significant migration strategy. It is a particularly useful tactic often employed during mergers and acquisitions, where unknown applications can be a headache for the security teams inheriting them, and where time and investigation are needed before action.
Legacy applications will likely need updating or replacing at some point to keep up with changing business requirements and technology advancements. It’s about balancing cost, risk, and business impact in the short to mid-term.
