Every time NSM Insurance Group acquires a company, CIO Brendan O'Malley must evaluate the IT systems that come along with it and decide what should stay and what must go.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
For example, NSM last year acquired a company with a custom back-office system developed in COBOL in the 1990s. The legacy system did the work the acquired company needed, but it required a niche firm to maintain it at a significant cost and, moving forward, it couldn't handle NSM's business requirements. The system would have to go.
"It was an easy decision from every perspective you looked at it," O'Malley said, adding that most keep-vs.-cut evaluations on legacy systems aren't so straightforward.
After spending several decades building up their technology infrastructures, companies now need CIOs and their IT teams to decide which legacy applications and hardware systems have reached their expiration dates. The stakes are high: Moving from outdated applications and systems to newer models is frequently a complex, high-risk exercise but one required for gaining the agility, cost-savings and improved user experiences that IT leaders are expected to deliver.
The decision to start fresh might at first glance seem obvious, particularly to younger employees and business customers accustomed to user-friendly consumer technologies. Plus, cloud, mobile and other new lightweight, less capital-intensive technologies have become more mature and thus better options in the enterprise.
But technology experts and CIOs alike agree that there are no easy formulas for deciding when to transition to these newer models from legacy systems that, in many cases, represent a significant financial investment and still handle critical business transactions.
"There are so many variables you need to consider when weighing the value of legacy systems, and so much of that is unique to each organization," said Indranil "Neal" Ganguly, CIO and vice president at JFK Health System in Edison, N.J., and board member at the College of Healthcare Information Management Executives.
Veterans of the process say the best approach to the keep-vs.-cut evaluation involves cost analysis, consideration of current and future business needs, and strategic planning. Moreover, such evaluations should happen not just when systems are in crisis, but on an ongoing basis.
Sizing up legacy systems
That's the approach O'Malley, who is also an active member of the Society for Information Management, takes. He starts by considering the company's strategy and how IT will support it.
"You always want to have a strategy and an understanding of the platforms you expect to be supporting in three to five years. Those are the systems you're going to be investing in or developing to drive your business," he said. "Something not on your list, that's going to be legacy. It's something you want to eliminate or consolidate or replace."
Once he's ruled a system fits the legacy tag, O'Malley then examines the cost of maintaining it, whether it meets current business needs and whether it fits in with the current technology stack.
A one-off system that was once somebody's pet project or the result of some rogue IT installation that is incompatible with the company's architecture, gets the ax, he said. A system that's inexpensive to maintain, is doing its job and doesn't give anyone undue grief could stay.
Ganguly, who started at JFK Health System 15 months ago, takes a similar tack when evaluating the systems that make up the clinical, revenue and back-office infrastructure.
The McKesson Corp. system that will no longer receive vendor support in 2018, for example, was quickly put on the "cut" side of the equation. (Ganguly says his IT department is still evaluating its options for replacing it.)
But, like O'Malley, Ganguly finds the evaluation process is typically much more complex, requiring, for starters, a deep understanding of where the organization will be several years out. Then, he considers whether a current system can be used to automate workflows and produce the same process efficiencies that newer systems enable; and whether the system can support the hospital's increasing use of business intelligence and analytics. The healthcare industry's move from a fee-for-service model to one based on pay for performance, accountable care and meaningful use also factors heavily into whether a legacy system stays or goes.
"You have to have an approach that starts with strategy alignment and then looks where the gaps are, and then evaluate how to fill those gaps," Ganguly said, adding that he also considers how much it will cost to upgrade and replace a legacy system, along with the value that upgrading or replacing will produce for the organization.
The approach goes well beyond using a system's age as a determining factor, and it means that even newer, cloud-based systems might be destined to be cut, said John F. Mancini, president and CEO of the Association for Information and Image Management.
His organization had a fairly new SaaS communications platform for email marketing. It worked fine, but he learned about a cloud-based application from HubSpot Inc. that, for the same price, offered much more functionality. He weighed both systems' costs and value, ruled his current platform a legacy system that had to go and then made the switch.
"For any system in any organization you should go through that analysis: Can I get much more bang for my buck? Have I reached that tipping point?" Mancini said.
How to find the right balance
Dale Vecchio, research vice president at Gartner Inc., says CIOs must balance cost and risk against value when evaluating the lifespan of legacy systems.
"The legacy system you've got to deal with is where the costs and risks are higher than the value," he said.
However, many IT leaders don't make those calculations until they run into problems, he said, and subsequently find they're facing one of three problems: The system costs too much to run, it no longer supports business needs and/or it requires technology or skills that are hard to find.
That last point has forced some CIOs to find parts on eBay and bring in older workers with those skills out of retirement, Vecchio and other CIOs note. But not every legacy system will put the CIO, the IT organization and the business in such a dire position.
"Everybody's going to have a legacy system; not everyone needs immediate attention," Vecchio said.
Indeed, CIOs say that most organizations don't have the money or staff to update, replace or eliminate all of the legacy systems they've identified as needing help.
That's the scenario Kristin Russell faced as CIO for the State of Colorado, a position she held from February 2011 to June 2014. When she started, 50% of the state's systems were more than seven years old; the ERP system was 23 years old. Many were out of support, leaving the IT department struggling to find the resources to maintain them.
"Everywhere I looked there were legacy systems," she said.
Russell took a strategic approach, creating an IT roadmap built around a cloud-first strategy.
"That really framed how we would look not just at old systems but how we'd procure new ones," she said.
Then, she crafted an evaluation method that rated each system on the costs required to run and maintain it, its impact on the citizens it serves, its security risks (especially pertinent for older systems ), the amount of the state's business going through it and its impact on the business and finally the system's age.
"I really wanted to apply some sort of data and science to prioritizing," said Russell, now a director with Deloitte Digital.
She used the scores to decide which legacy systems needed attention first, and whether to rip out and replace a system (which usually involved business processes engineering) or leave it in place and update it.
Colorado's legacy situation may sound extreme, but Vecchio said it's not. Many organizations don't have a good strategy when it comes to evaluating and updating their legacy systems, he said. But a keep-vs.-cut evaluation process, like the one developed by Russell, must become a routine exercise for IT organizations if they want to stay out of crisis mode.
"Don't wait for problems to occur," agreed David Dodd, CIO and vice president of IT at Stevens Institute of Technology in Hoboken, N.J.
At Dodd's IT shop, that means continually assessing the internal and external environment and evaluating whether its systems can deliver the services and capabilities that meet the current and upcoming needs of the institute. The IT department also considers whether the system has operating integrity, whether it functions well and can be integrated where needed and how it measures up against more modern systems.
"We look at it from a strategic point of view: Is this system allowing us to do business the way we need it to, or does it provide us with a competitive advantage? What's the most strategic system we can deploy that we can get the most use and longest life out of? Is it going to be strictly operational or will it give competitive advantage?" he said, adding that these questions must become routine.
"This has to be a systemic part of what an IT organization does," Dodd said. "If it's not, you're going to try to survive by moving from one crisis to another."
About the author:
Mary K. Pratt, a freelance writer based in Massachusetts, writes frequently about business management and information technology. She can be reached at firstname.lastname@example.org.
Walgreens confronts its 'mega' IT legacy systems