Each year, public and private sector organizations devote around 70% of their average IT budget to legacy software maintenance. This adds up to billions lost annually, stifled innovation, and IT departments under continuing pressure to "keep the lights on" instead of tackling new challenges and improving existing processes. High operating expenses make it nearly impossible for most organizations and government agencies to invest in new technology, leaving them further behind the curve each year.
Organizations left with less than a third of their IT budget to pursue new initiatives face a Catch-22: The significant risk of a botched software modernization project is enough to keep the government and private companies from attempting to overhaul their legacy systems.
Just look at the Air Force. Since shutting down its notorious Enterprise Combat Support System initiative (an attempt to upgrade part of USAF's dated logistics applications), the Air Force continues to maintain almost 20,000 legacy applications with no appetite to try another modernization project. Putting off system upgrades, however, only inflates the expenses posed by legacy programs' operational inefficiencies and security holes.
[What's Plan B when a big IT modernization project crashes and burns? Read Lessons From A Failed Federal IT Project.]
While it's often said that this year's IT investment becomes next year's maintenance expense, it's important to note that most legacy applications and the languages on which they are built are not just years, but decades, old. Even today, 70% of business transactions are processed in COBOL, a language designed in 1959 and patched in 2002.
Consider this: COBOL powers the overwhelming majority of modern business transactions, yet it was last updated just months after Windows XP was initially released. As the dated Microsoft operating system enters its last weeks of extended support -- at 12 years old -- COBOL is still being maintained at age 55.
The cost of applications written in ancient languages like COBOL and Assembler grow exponentially over time as the pool of students learning them and professionals versed in them shrinks. Only a quarter of colleges still teach COBOL, which creates a massive disparity between the expertise firms require and that which is available. Organizations using these aging applications are faced with the choice to either aggressively pursue a diminishing availability of talent as older workers retire, or invest in programs to train new workers in these languages. Either choice comes with a large investment in time and money attached to it.
COBOL and Assembler aren't the only languages feeding the vicious cycle of legacy IT spending; more languages will become obsolete over time. In light of the high-profile hacking incidents surrounding Target and Neiman Marcus, it is especially pertinent to note that dated systems are most vulnerable to these kinds of intrusions. The presence of "dead code" within an application makes it significantly easier for a third party to quietly implant malicious code within an organization's IT environment. Given that these attacks happen over time makes them more difficult to detect and can cost a business millions, if not billions, in damages.
The solution is obviously to modernize, but doing so can be difficult. While CIOs and CTOs are often aware of the significant challenges posed by the presence of legacy applications, CEOs and CFOs are often blind to the consequences of failure to modernize. This disconnect leads many organizations to waste money on contracts that fail to address the problem at hand. For businesses and government agencies planning to update their legacy software, here are two key considerations to keep in mind:
- Take it slow. The dual forces of limited IT investment budgets and the need for business continuity throughout a technology overhaul means that any transition from legacy applications to more modern equivalents must be a gradual, phased one.
- Get the right hands on deck. Due to the staggered nature of such a transition, it is imperative for organizations to ensure that they have the proper support for their legacy applications during the transition. This includes looping in subject matter experts who know which business rules within an application need to be modified or maintained in order to guarantee its functionality going forward.
While the cost of maintaining legacy software can be a hidden parasite draining the lifeblood of the IT department, it can be eradicated through a careful and thoughtful modernization project. Whereas the high costs of legacy application upkeep deprives the IT department of resources, the time and funds saved from a systems upgrade can be used to promote faster, more aggressive innovation throughout an organization.
Find out how a government program is putting cloud computing on the fast track to better security. Also in the Cloud Security issue of InformationWeek Government: Defense CIO Teri Takai on why FedRAMP helps everyone.