olly - Fotolia

Manage Learn to apply best practices and optimize your operations.

Hindered by legacy IT systems, Texas CIO forges a way ahead

Over half of the roughly 4,000 business applications in use by the state of Texas are classified as legacy IT systems. CIO Todd Kimbriel has a plan in the works to remedy that.

The state of Texas is serious about shedding its legacy IT systems.

But the size of the task is like the state of Texas: pretty big. The Texas Department of Information Resources (DIR) found that 58% of its 4,130 business applications are legacy systems, said state CIO Todd Kimbriel -- and that is cause for concern.

"Generally the legacy problem is one of increased risk of cyber vulnerabilities, loss of market support [for parts and labor] and increased risk of unexpected operational failures," Kimbriel said.

Of course, the state is still open for business, and its workers still handle all manner of transactions, Kimbriel added. But the preponderance of legacy systems keeps IT from deploying technology that could make those transactions easier.

"Legacy hinders innovation because [these systems] are by their nature rigid and not easily adaptable to new and emerging technology changes, such as new development frameworks and communication protocols," Kimbriel said. There are ways to counter this challenge by, for example, "wrapping" new technology around the legacy IT systems to accommodate functional needs, he said, but that still doesn't address the risk of the underlying legacy technology.

Vulnerable to technology disruption

The state of Texas is not alone when it comes to the size of its legacy problems, nor in its concerns about the security risks and obstacles to innovation that these systems present.

Todd KimbrielTodd Kimbriel

The first annual "Insight Enterprises Intelligent Technology Index," released in February, found that 55% of the 403 IT decision-makers it polled reported that the technology currently in place at their companies is a hindrance to incorporating or adopting new technologies. Moreover, a majority of those polled felt the inability to adopt new technologies put their companies at risk: Nearly two-thirds (65%) of those polled said they are worried about disruption from technology innovation; at midsize and large companies, the percentage was even larger -- 75% and 74%, respectively.

The study, conducted by independent research firm, Market Intel Group, found that the three areas where companies see the greatest needs are network infrastructure/moving into the cloud (61%), hardware and devices (58%, and data security (56%).

The legacy problem is one of increased risk of cyber vulnerabilities, loss of market support [for parts and labor] and increased risk of unexpected operational failures.
Todd KimbrielCIO, state of Texas

"What makes it legacy is when it can no longer perform its purpose and deliver value to the business at any cost. That's when it becomes a hindrance to move your business forward," said David Mayer, vice president of product management-software at Insight.

He pointed to legacy-related issues with corporate networks as case in point. Many companies have networks initially built to handle data moving only through internal systems; now those companies expect their networks to handle significant amounts of data moving both internally and externally.

"There are a lot of networks designed for 'Old World' interchanges and not for interchanges out in the cloud," Mayer said, adding that legacy networks create bottlenecks that slow down business.

Methodology for dealing with legacy systems

Despite legacy's increased risk of problems and its impediment to innovation, companies often determine that the cost and disruption associated with replacing legacy IT systems is more than they can take on right now, analysts said. But that is a mistake, they said.

"It's going to blow up at some point if you don't manage your technical debt," said Holger Mueller, vice president and principal analyst at Constellation Research, who added that the trend toward layering technologies onto legacy systems over the years leaves many afraid to turn them off. "Your landscape has been built up over the past 30, 40 years, so even if you want to move as fast as you can, it takes time. It's a yearslong process," he added.

Holger MuellerHolger Mueller

Established companies don't have the luxury of working from a clean technology slate. So now they have to prioritize what stays and what goes, and that can be one of the biggest challenges when devising a legacy strategy.

"I'm a big believer in understanding what's good enough and what's not, and what's something that's perfectly optimized," said Vikram Desai, managing director and global practice lead of analytic security at Accenture, explaining that not all systems have to be perfectly optimized.

Vikram DesaiVikram Desai

Rather, enterprise IT executives should consider the effectiveness, security and efficiency when evaluating their legacy IT systems and determining which ones need to be replaced.

"It's not about automatic upgrades. They have to look at their objectives and determine if [their systems are] hitting those. The systems, particularly the older ones, don't have to be replaced if they're doing their jobs," he said.

But Desai isn't giving legacy a pass by any means. Although companies should evaluate their legacy systems based on such criteria when determining replacement priorities, they still need to recognize that legacy systems can hinder agility, innovation, security, responsiveness -- and, as a result, competitiveness.

"If my competitor makes the investment [and upgrades] and can do many more things quickly and more flexibly, there's a competitive advantage they have over the company that stays the course," he said.

Texas statewide IT legacy study identifies 90 remediation projects

Although state governments don't face the same competitive pressures as for-profit businesses, state of Texas leaders are trying to tackle their legacy debt based on such ideas.

DIR undertook its Legacy System Study, which was created by a legislative act, to evaluate the state's technology landscape and determine how to best make decisions about its aging infrastructure. (State statute even went so far as to define what legacy means: "a computer system or application program that is operated with obsolete or inefficient hardware or software technology.")

Although Kimbriel said that "prioritizing the resources around solving the problem in terms of funding and people" was the biggest challenge around legacy, DIR is ready to tackle the work.

As a result of the study, the findings of which were published on Oct. 1, 2014, DIR has identified and prioritized some 90 remediation projects, which include network infrastructure improvements, security enhancements and legacy application modernization. Kimbriel said those projects will go before lawmakers for funding considerations in the state's next legislative session, which starts January 2017.

Next Steps

Recent articles by Pratt for enterprise CIOs:

Is Facebook's Workplace the key to enterprise collaboration?

A public agency CIO sells the scalability of cloud to users

Mobile risks prompt CIOs to add security layers

This was last published in November 2016

Dig Deeper on Enterprise systems management

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

One problem I've seen often is that the replacement systems often are less usable, less reliable, slower, more expensive, or sometimes all of the above. It's great when new products work better than their predecessors, but often that's not the case. Especially with cloud where your buy in is perpetual and you end up spending far more overall than you would with a one-time buy and perhaps a support contract (though maybe not). While it was a bigger problem in the DOS-to-Windows application days when the early Windows apps were so horrid, it's still an issue. And it makes companies less anxious to replace their older systems.

Another issue not often discussed is the higher risk in putting everything in the cloud. Internet issues (slowdowns or loss of access), security (large cloud providers are big targets for hackers vs smaller, in-house systems), things like that. You can use an in-house legacy system in an outage, and your data is often more secure being in house vs being with a large cloud provider who is a much bigger target. Some legacy systems aren't even linked to the outside world.

I know a lot of CIOs/CTOs don't think about this and/or haven't experienced these issues. But everyone really needs to think about the security implications of moving so much to the cloud and losing direct control of your own data. As well as issues with government agencies having direct access to your data when it resides in the cloud, as well as the cloud vendor who often uses it for marketing purposes. I think these will become much bigger issues before long.
Cancel

-ADS BY GOOGLE

SearchCompliance

SearchHealthIT

SearchCloudComputing

SearchMobileComputing

SearchDataCenter

Close