A common issue we encounter when working with organisations with legacy IT systems is that their IT is making it difficult to scale the business. Many companies are using hardware and software that was built or purchased in the 80s and 90s to run back office systems. Yes, the 1980s when the PC was new technology, CDs were first launched commercially and people still used cassettes in their Walkmans!
So it should be no surprise that what worked for an organisation 30 odd years ago, doesn’t really cut it today. But some organisations are tied to their legacy systems and these present a significant risk to their operations.
It can make them uncompetitive, unable to innovative, and make it hard to grow the business. It can also be difficult to integrate new products or services, or even expand into new markets. Many banks, for example, have had a nightmare trying to offer customers digital tools because of their legacy systems. They’ve essentially had to bridge the gap with expensive data management systems to allow customers to access accounts online.
Many organisations also find that their legacy IT systems are now incredibly complex. Over the years they’ve been added to and tweaked to provide the functionality they require. However now, if they needed to replace their IT systems, it would be impossible to duplicate. Moreover, legacy software is generally unsupported and therefore more vulnerable to IT risks.
These risks include threats such as vulnerabilities being exploited by hackers (patches are often not available), but also downtime because of errors and system failures.
How to future proof your business
If your organisation is in this situation you have 3 options for addressing legacy IT systems:
- Keep calm and carry on
If your IT systems are not causing too much pain, then you may prefer to carry on tweaking and enhancing as you go along. But if you can foresee a time in the future when they’re going to cause more problems – for example if your organisation has plans to expand geographically or in terms of your service offering – now’s the time to put a plan in place to migrate either in whole or in part to a more effective and scalable solution.
- Replace with another on-premise solution
It’s a significant undertaking to replace legacy IT systems with a new on-premise solution. Not only is it expensive but it can also be very disruptive to business productivity while the migration is taking place. However, if your legacy IT system is costing the business in lost productivity, cost of maintenance, or lost opportunities, or if you’re struggling to find IT staff with the right skills to maintain it, it may be the right decision.
But it’s also important to consider whether a new on-premise solution now is just going to be another legacy problem in the future.
- Cloud solutions
Outsourcing to a cloud service provider could be the right option if it’s possible to achieve at least 80% functionality ‘out of the box’. Those gaps in functionality could be addressed with a hybrid model where some functions remain on-premise, while others migrate to the cloud. This option is more cost effective than on-premise replacement, and offers more flexibility. It can make organisations a lot more agile, allowing them to scale or contract virtually at the click of a button.
Migrating to the cloud is not without some disruption, but with the support of an IT partner pain and stress can be reduced.
Legacy IT systems – reducing the risk
If your organisation isn’t ready or has decided to ‘keep calm and carry on’, there are some things you can do to reduce the risks of cyber threats. In many cases a bigger threat to businesses are the limitations imposed by their legacy systems. However, cyber threats can’t be ignored and organisations that are reliant on out-of-date hardware and software are particularly vulnerable.
Here are some best practices to adopt to protect your business:
Audit your systems – if you haven’t got a clear picture on what you have to protect, you won’t be able to protect it. Conduct an identification and audit process to understand exactly what you’re responsible for.
Perform penetration and vulnerability assessment testing – find out where the weaknesses are and understand the network attack surface of the platform.
Make legacy systems smaller – clean up any unnecessary protocols, ports, services by disabling them. Remove non-essential applications and services. Apply highly granular network filtering controls to prevent or control access especially from web proxies and email which are common attack vectors.
Hide legacy systems from view – physically isolate or separate high risk systems in managed security zones. Use software wrappers to restrict non-essential interactions. Separate critical systems from more general infrastructure by using VLANs. Employ additional firewalls to secure the boundary to the main LAN.
Minimise potential damage – clean up data and remove non-essential sensitive information from the platform. Revise and test your disaster recovery plan. Ensure regular back ups take place to aid recovery. Install anti-virus software.
Test and monitor – keep looking for weaknesses with regular penetration and vulnerability testing. Use monitoring solutions to detect attacks, whether successful or unsuccessful, and provide alerts and reports to help determine threat levels.
Cost / benefit analysis – is it worth it? Perform a cost / benefit analysis to understand whether the investment in legacy systems is sustainable.
To discuss any of the issues raised in this article in more detail, please get in touch.