Legacy Apps Kept Alive Just for Data, Survey Suggests
October 17, 2018 Alex Woodie
A good percentage of IBM i shops are keeping legacy applications running after their “use by” dates have expired for no other reason except the data they hold still has value, despite the security and privacy risks that those old systems pose to the organization, according to a new survey released by SoftLanding Systems yesterday.
SoftLanding Systems surveyed several dozen IT professionals at recent industry events, including International i-Power 2018 and PowerUP18, and concluded that 63 percent of IBM i shops are maintaining a legacy application just to access the data.
Asked why the organizations had not migrated the data to newer applications, 52 percent of the survey-takers cited a lack of resources as the top reason, followed by resistance from business users for losing access to the applications (39 percent). A lack of in-house skill (37 percent), the absence of a person with authority to sunset the app (35 percent), and the overall difficulty of moving the data while maintaining accessibility (33 percent) were other answers given.
The survey results didn’t appear to surprise SoftLanding Operations Manager Jim Fisher. “Most IT applications, whatever the platform, will eventually be replaced by more modern systems because they have outgrown their usefulness,” he says. “Interestingly, though, many organizations appear to keep the old applications alive because the data is still useful — whether for compliance, customer service or other operational reasons.”
Whatever the reason IBM i shops are running older applications, the practice carries non-trivial risk. This is based on the assumption that older applications are not as secure as newer applications, and do not protect the privacy of users or customers as well as newer applications. This assumption holds up under scrutiny if the older application was designed with OS/400’s old menu-based security system, but the generalization may not hold true in all circumstances. (After all, so-called legacy platforms, such as the IBM i server, for example, offer security capabilities that can exceed younger, more “modern” systems.)
SoftLanding’s survey-takers agreed on the security front. The company says that 55 percent agreed (18 percent of them strongly) that it’s “harder to control access to sensitive data on legacy applications in line with data privacy regulations such as the General Data Privacy Regulation (GDPR).” It also said that 44 percent strongly agreed that legacy applications on older operating systems are more vulnerable to security threats.
Needless to say, there is room for improvement among the IBM i installed base for handling the end-of-life process for legacy applications, Fisher says. As far as the application lifecycle management (ALM) process goes, not enough attention is given to the part at the end as the part at the beginning.
One approach to the ALM end game could involve moving the data from a sunsetted application into a content repository. Fisher says that SoftLanding’s Columbus offering could benefit IBM i shops. “There are several advantages to moving historical data away from obsolete applications and into a content repository where business users can continue to access it,” Fisher says.
Customers who adopt the content management repository approach can get the security, privacy, and compliance benefits of turning off a legacy application while still allowing the data to live on, the company says.