olly - Fotolia
The state of Texas is serious about shedding its legacy IT systems.
But the size of the task is like the state of Texas: pretty big. The Texas Department of Information Resources (DIR) found that 58% of its 4,130 business applications are legacy systems, said state CIO Todd Kimbriel -- and that is cause for concern.
"Generally the legacy problem is one of increased risk of cyber vulnerabilities, loss of market support [for parts and labor] and increased risk of unexpected operational failures," Kimbriel said.
Of course, the state is still open for business, and its workers still handle all manner of transactions, Kimbriel added. But the preponderance of legacy systems keeps IT from deploying technology that could make those transactions easier.
"Legacy hinders innovation because [these systems] are by their nature rigid and not easily adaptable to new and emerging technology changes, such as new development frameworks and communication protocols," Kimbriel said. There are ways to counter this challenge by, for example, "wrapping" new technology around the legacy IT systems to accommodate functional needs, he said, but that still doesn't address the risk of the underlying legacy technology.
Vulnerable to technology disruption
The state of Texas is not alone when it comes to the size of its legacy problems, nor in its concerns about the security risks and obstacles to innovation that these systems present.
The first annual "Insight Enterprises Intelligent Technology Index," released in February, found that 55% of the 403 IT decision-makers it polled reported that the technology currently in place at their companies is a hindrance to incorporating or adopting new technologies. Moreover, a majority of those polled felt the inability to adopt new technologies put their companies at risk: Nearly two-thirds (65%) of those polled said they are worried about disruption from technology innovation; at midsize and large companies, the percentage was even larger -- 75% and 74%, respectively.
The study, conducted by independent research firm, Market Intel Group, found that the three areas where companies see the greatest needs are network infrastructure/moving into the cloud (61%), hardware and devices (58%, and data security (56%).
Todd KimbrielCIO, state of Texas
"What makes it legacy is when it can no longer perform its purpose and deliver value to the business at any cost. That's when it becomes a hindrance to move your business forward," said David Mayer, vice president of product management-software at Insight.
He pointed to legacy-related issues with corporate networks as case in point. Many companies have networks initially built to handle data moving only through internal systems; now those companies expect their networks to handle significant amounts of data moving both internally and externally.
"There are a lot of networks designed for 'Old World' interchanges and not for interchanges out in the cloud," Mayer said, adding that legacy networks create bottlenecks that slow down business.
Methodology for dealing with legacy systems
Despite legacy's increased risk of problems and its impediment to innovation, companies often determine that the cost and disruption associated with replacing legacy IT systems is more than they can take on right now, analysts said. But that is a mistake, they said.
"It's going to blow up at some point if you don't manage your technical debt," said Holger Mueller, vice president and principal analyst at Constellation Research, who added that the trend toward layering technologies onto legacy systems over the years leaves many afraid to turn them off. "Your landscape has been built up over the past 30, 40 years, so even if you want to move as fast as you can, it takes time. It's a yearslong process," he added.
Established companies don't have the luxury of working from a clean technology slate. So now they have to prioritize what stays and what goes, and that can be one of the biggest challenges when devising a legacy strategy.
"I'm a big believer in understanding what's good enough and what's not, and what's something that's perfectly optimized," said Vikram Desai, managing director and global practice lead of analytic security at Accenture, explaining that not all systems have to be perfectly optimized.
Rather, enterprise IT executives should consider the effectiveness, security and efficiency when evaluating their legacy IT systems and determining which ones need to be replaced.
"It's not about automatic upgrades. They have to look at their objectives and determine if [their systems are] hitting those. The systems, particularly the older ones, don't have to be replaced if they're doing their jobs," he said.
But Desai isn't giving legacy a pass by any means. Although companies should evaluate their legacy systems based on such criteria when determining replacement priorities, they still need to recognize that legacy systems can hinder agility, innovation, security, responsiveness -- and, as a result, competitiveness.
"If my competitor makes the investment [and upgrades] and can do many more things quickly and more flexibly, there's a competitive advantage they have over the company that stays the course," he said.
Texas statewide IT legacy study identifies 90 remediation projects
Although state governments don't face the same competitive pressures as for-profit businesses, state of Texas leaders are trying to tackle their legacy debt based on such ideas.
DIR undertook its Legacy System Study, which was created by a legislative act, to evaluate the state's technology landscape and determine how to best make decisions about its aging infrastructure. (State statute even went so far as to define what legacy means: "a computer system or application program that is operated with obsolete or inefficient hardware or software technology.")
Although Kimbriel said that "prioritizing the resources around solving the problem in terms of funding and people" was the biggest challenge around legacy, DIR is ready to tackle the work.
As a result of the study, the findings of which were published on Oct. 1, 2014, DIR has identified and prioritized some 90 remediation projects, which include network infrastructure improvements, security enhancements and legacy application modernization. Kimbriel said those projects will go before lawmakers for funding considerations in the state's next legislative session, which starts January 2017.
Recent articles by Pratt for enterprise CIOs:
Is Facebook's Workplace the key to enterprise collaboration?
A public agency CIO sells the scalability of cloud to users