The image above is a great illustration of the Innoculator ethos. It of course is an old computer running a “green screen” legacy application. But (keen observers will have noticed), it is also an image generated using A.I. This really encapsulates the approach we are bringing to the market. Talking to people in the industry has really confirmed we are on the right track with a focus on Legacy applications. But occasionally we get asked “Why Legacy”? The short answer is that legacy applications are a growing problem for the industry, and how to protect them is often left in the “too hard basket”.
When understanding why legacy applications represent a problem, it is important to understand how they came about in the first place, as there are several reasons why they exist. Firstly, you have the common occurrence that it is a critical application to the business, it all works as it should and NO ONE wants to be responsible for any outages or problems that change to it could create. So, the application is left performing and working (as it should). Over time the technology that it is built upon gets updates, but for many possible reasons, no one applies these to the underlying technology for fear it could break the application and cause a major disruption to the organisation. As time goes on, this problem becomes more and more acute. Due to staff turnover, the knowledge and dependencies of the application become lost or forgotten, so the danger in breaking or making changes becomes greater.
The second reason legacy can exist is because the application (again, all working very well) is left technologically stranded. A vendor might phase out a technology in their platform for whatever reason, but if your application requires that functionality to continue, you are left with the choice of re-writing your application or sticking with an out-of-date platform. Many organisations struggle to justify the budget required for an application rebuild when the existing system is working fine, and refactoring or rebuilding a new application is both costly and risky. So, a trade off occurs where an organisation decides the risk is worth more than the risk & cost of a redesign.
Of course, these reasons don’t cover all ways a legacy application comes into existence, but they are common stories we have heard over the years. But how big a problem is this? The answer is complicated! A recent survey found “Over two-third of the respondents are using mainframe or legacy applications for core business operations and over 60 percent for customer-facing functions.” Different surveys provide different answers, and vary wildly by industry type (for example Retail 58%: Retailers Spend 58% Of Their IT Budget On Legacy System Maintenance – Retail TouchPoints Government 70%: Legacy Technology in Government – and How to Break Free | Dell USA, Healthcare 73% – 2021_himss_cybersecurity_survey.pdf) ) but the consensus is that almost any company over 10 years old will have a legacy application lurking somewhere on their network, and this represents a problem when it comes to securing the application. No more security patches, no more fixes, no more support. You’re on your own when it comes to legacy applications.
So, in answer the blogs heading: Why Legacy? – Because everyone has this problem, and everyone is trying to solve it themselves. As a Security professional you are told to “make it secure” but have no tools at your disposal to really achieve this! That’s why…
