IBM i professionals reveal security and compliance concerns with legacy enterprise applications
October 2018 by IBM
63 per cent of IBM i users in a new survey reveal their organizations are keeping legacy IT applications alive – either on IBM i or other platforms – because the historical data those systems hold remains useful. This is despite many survey respondents agreeing that running these obsolete systems poses a risk to digital transformation, data privacy and security.
The survey of 46 IBM i users, conducted by SoftLanding® Systems, a division of UNICOM® Global, was completed by attendees at two recent IBM i conferences, International i-Power 2018 and PowerUP18.
“Most IT applications, whatever the platform, will eventually be replaced by more modern systems because they have outgrown their usefulness. Interestingly, though, many organizations appear to keep the old applications alive because the data is still useful – whether for compliance, customer service or other operational reasons,” explains Jim Fisher, SoftLanding Operations Manager.
Fisher points out that legacy systems are typically harder to fix when they go wrong, and cost more to support as maintenance charges increase for older applications. This potentially takes away resources from new IT projects including digital transformation initiatives.
SoftLanding’s survey highlights a variety of other problems that arise when legacy systems are kept running, rather than moving the data to an alternative location or platform so that the original application can be retired.
When respondents were asked whether they felt legacy applications are often difficult to integrate with newer systems introduced as part of digital transformation strategies, 63 per cent said that they agreed or strongly agreed.
On the same basis, 55 per cent agreed (18 percent strongly agreed) that it is harder to control access to sensitive data on legacy applications in line with data privacy regulations such as the General Data Privacy Regulation (GDPR).
44 per cent strongly agreed that legacy applications on older operating systems are more vulnerable to security threats.
Lack of resources (52 per cent), resistance from business users (39 per cent), lack of in-house skills to retire applications (37 per cent), and having no-one with overall responsibility for retiring applications (35 per cent) are among the main reasons cited by survey respondents for businesses deciding to keep the legacy systems alive to retain access to the data rather than moving the data elsewhere.
According to Fisher, correctly handling the end of life process for aging applications is just as important as managing any other stage of the application lifecycle and the IBM i platform has a role to play in this:
“There are several advantages to moving historical data away from obsolete applications and into a content repository where business users can continue to access it. For instance, with the Columbus solution that we have developed for IBM i, customers are not only able to retire the original application, but can also integrate decommissioned data with other live systems using non-intrusive technology and bring about better security and control with compliance features such as enhanced data classification and minimization.”
Fisher advises that IT departments should create a repeatable decommissioning process that will work for any legacy application that needs to be retired. They should ensure that their chosen repository can manage all decommissioned data in a secure and compliant manner – and provide ease of use to address any potential concerns from staff around the business.