The most powerful business benefit for large enterprise organizations migrating to the Cloud is the modernization of their legacy applications. This presents the biggest hurdle to overcome to achieve their Digital Transformation goals.
As Gartner describes Gartner described Canadian CIO’s face a scenario where there is lower buy in to the value of technology and thus a perception it is more of an operational cost not a strategic enabler, the biggest consequence being a lack of investment in upgrades and modernization, vs ‘keeping the lights on’.
The Royal Bank of Canada’s CEO noted that the issue presents the most signficant of digital transformation challenges, far more so than the threat of FinTech startups:
“Does [the lack of regulation for fintechs] hurt us? No, regulation is not the problem. The biggest barrier to adapting is the incredible legacy systems,” McKay said, noting that many banks have systems that are essentially 50 years old.
Government is another sector struggling with this same challenge.
For example in the Government sector elderly systems like COBOL are still prevalent, indeed in the USA they account for 70% of IT spend, and cost the government nearly $40 billion a year to maintain. This is why they aren’t investing as much in new innovation-enabling technologies like Cloud as they might.
In Oct 15 the UK Authority web site reported that the National Audit Office said the public sector is still struggling to master and realize the potential of digital transformation, despite the citizen and cost benefits it’s known to deliver.
They also identified legacy applications as the root cause of this lack of progress in all of these areas, reporting that over £480 billion of government revenues were reliant on them highlighting the many risks this presents, most notably resistance to the new digital innovations governments are required to adopt to achieve new online services:
“The government’s ICT strategy, published in March 2011, recognized legacy ICT as a barrier to the rapid introduction of new policies and particularly the move to ‘digital by default’. Legacy ICT reduces the flexibility to improve public services, makes it harder to protect against evolving cyber threats and increases government’s reliance on long-term contracts with large ICT companies. It is also likely to increase the cost of operating public services by preventing higher levels of automation and hinder data sharing intended to prevent fraud and error.”
In their audit they review a sample of government department situations and their legacy application challenges – the DWP Pension Service, HMRC VAT Collection, NHS Prescription Payment Service and the OFTs Consumer Credit Licencing Service.
These scenarios feature a variety of aged technologies, some originating as far back as 1973 running on a mainframe computer. The HMRC identified in 2009 that their 600 systems were “complex, ageing and costly”, and the report highlights how expensive a burden this is: The VAT collection service costs £430 million per annum to operate, and the DWP’s Pension Payment service £385 million per annum. That’s almost a billion pounds a year just for two applications.
Different options for addressing the situations are explored – ‘No Change’, ‘Enhance and Maintain’ and ‘Replace’ approaches, detailed in these in-depth case studies.
Similarly the Canadian Government audit office also identified their estate of legacy applications presented considerable risks of revenue-collecting downtime, and also inhibited the development of modern, online systems.
Legacy IT – Risks
The report identified eight key risks of legacy IT:
- Disruption to service continuity – Legacy ICT infrastructure or applications are prone to instability due to failing components, disrupting the overall service. Failure of the legacy ICT may be more difficult to rectify due to the complexity or shortage of components.
- Higher security vulnerabilities – Older systems may be unsupported by their suppliers, meaning the software no longer receives bug fixes or patches that address security weaknesses. The system may not therefore be able to adapt to cyber threats.
- Vendor lock-in – Legacy ICT systems are often bespoke and have developed more complexity over time to the extent that only the original supplier will have the knowledge to support them. For example OFT felt that only the original developer could maintain the application, due to its bespoke complexity and lack of documentation, consequently extending their outsourcing contract.
- Skills shortages – The HMRC VAT system is facing a skills gap due to the age profile of the support staff and declining skills internally and with the supplier.
Inhibiting Business Transformation
The remaining four risks of legacy systems that were identified directly inhibits an agencies ability to achieve their Digital Transformation goals.
- Manual workarounds – More manual processing can be required due to the lack of functionality within the system or its inability to interface with other systems. Examples of workarounds include performing detailed calculations outside the system on spreadsheets; re-entering data on to other systems or having to manually check for processing and input errors.
- Limited adaptability – New business requirements may not be supported by the legacy ICT. These may include requirements such as the provision of digital channels, the provision of real-time information and not being able to process transactions in a new way.
- Hidden costs – The true cost of operating the system may not be known. Workarounds to the system and the cost of the additional manual processes may not be recorded. By not having all the information available at the right time, legacy ICT may not be able to provide real-time performance information which could lead to poor decision-making.
- Business change – Due to the complexity or the limited availability of the skills required, change may be difficult, lengthy to implement and costly. This makes it difficult for the business to be responsive and changes may have to be prioritised.
In short the difficulty of updating legacy applications prevents implementation of new digital government features. The report describes “Legacy ICT is harder to adapt to meet changing business needs. We found that where an organisation has replaced its legacy ICT system, adaptability has increased.”
“OFT commissioned an efficiency and effectiveness review in April 2010, which recommended the redesign of business processes to streamline consumer credit processing. While most changes were implemented, some could not be supported by the legacy ICT and therefore were not adopted.”
One of the approaches, ‘Enhance and Maintain’, is based on keeping the legacy application and creating new interfaces to it such as mobile or web access, described as “wrappers”. However this does not address the core limitations of the legacy technology.
For example although the VAT system has been considerably updated via this approach, it’s still not a fully digital service as customers are unable to view their accounts in real-time, and HMRC has found it challenging achieving a ‘whole customer’ view, as its customer data is stored across a number of legacy ICT systems.
Other key limitations include the ‘batch processing’ approach of older platforms.
“Business transformation, including the drive for digital transformation is proving challenging for departments when it involves legacy ICT. Many legacy systems require data to be processed as a sequence of batches that is incompatible with a fully real-time digital service. In the pension system, for example, online applications have to be manually re-entered into the main system by a DWP operator, as the website and the main legacy ICT system are not integrated. The approach of adding functionality through the addition of interfaces to the core legacy ICT is likely to be insufficient to achieve full digital transformation.”
Additional processes are required due to the limited adaptability of systems using batch processing. The VAT return error correction process is a typical example of such manual intervention. VAT returns submitted online are only partially validated and corrected as they are entered. Full validation, risk identification and correction can only be done after the overnight batch is run. At that stage errors are picked up by the error correction team and addressed manually. This is typical functionality for the technology design of that era. Validating, and identifying more errors, at the point of submission would lead to greater efficiencies.
HMRC had exception processes like this which represented 20% of costs.
Furthermore increased complexity caused by additional interfaces and connections with other systems makes routine changes to legacy ICT costly and protracted. The existing complexity of DWP’s pension legacy system means changes take up to 18 months from planning to deployment.
The report makes the simple and clear point that investment in new technologies can address the situation, that “well planned strategic investments have been successful in enhancing the functionality of legacy ICT” and deliver business value, such as the DWP adopting a new Customer Account Management system that draws together customer information from multiple legacy ICT systems, reducing the cost per customer by 30%.
They also describe that the risks will only continue:
“The risks of legacy ICT will increase over time as the gap between the system functionality and business need widens and the complexity of the systems and software increases. The management and technical resources needed to maintain and make further changes also increases.”
and that to mitigate these risks they recommend:
- Public bodies should ensure that they have a full analysis of the cost, performance, and risks of their services over time and of the impact of legacy ICT.
- Public bodies should draw more on cross-government comparisons and examples of best practice of managing legacy ICT while transforming to digital.
- Public bodies should ensure that service managers are fully aware of the risks to their services, posed by legacy ICT.
In particular they make this critical insight:
“Business owners were not fully aware of the risks to their department posed by their legacy ICT. Our audits of two of the four services found legacy ICT strategies and decisions being the responsibility of the ICT function with insufficient dialogue with the business owner. A more integrated approach between ICT and business functions is necessary to optimise decision-making about legacy ICT and its impact on future digital services.”
In conclusion it is an imperative upon the business leaders of government departments, as well as CIOs, to understand their legacy IT position and follow these recommendations.
- Are Your AWS Workloads Well-Architected? - March 2, 2019
- How AWS Serverless Has Streamlined a Car Factory’s Supply Chain - February 26, 2019
- Smart Apartments with Alexa & AWS IoT - February 24, 2019
- Using Machine Learning on AWS – Raising the Barr - February 22, 2019
- Mastering Chaos – A Netflix Guide to Microservices - February 19, 2019
- Microservices at Netflix – Lessons Learned - February 17, 2019
- Segment: Managing and Monitoring Over 16,000 Containers on ECS - February 13, 2019
- Astadia: Migrating Mainframe Workloads to AWS - February 12, 2019
- Nordea takes Open Banking beyond PSD2 - February 12, 2019