Reduce Business Risk by Migrating your Legacy Software to Modern, Secure Platforms and Programming Languages
Businesses drag their feet when mobilizing line of business #apps via legacy #software migration thinking it’s cheaper to maintain a codebase than to rewrite for #mobile.
I get it. Migrating all those apps to mobile seems like eating the proverbial elephant. They cost a lot of money to build, the highly-skilled developers needed to rewrite the code are harder to find than ever, the code isn’t commented and there aren’t any docs. This often leads to IT decision makers putting off these projects, perhaps until it’s not their problem anymore. So why do it?
For starters, your employees will be significantly more productive running your apps on the mobile devices they actually use. Since work is not a place to go but a thing to do, employees can get their jobs done from anywhere. Millennials won’t be chained to a desk and they’re going to use the devices they like best. Face it, those Win32 apps are never going to run on someone’s iPhone and your new generation of employees haven’t ever heard of Windows 95. Not changing is a non-starter as you’ll just miss out on younger talent entirely.
Another good reason migrate all these apps and systems is because they’re running on outdated hardware and software. It goes without saying that this infrastructure has far surpassed its end of life (EOL) and there is absolutely no support coming from the original vendors of the computers, operating systems, software and development tools. I’m actually not 100% correct on this point. There are some giant technology vendors that charge tens of millions of dollars per year to support old systems that reached EOL without migrating. In the end, migrating is significantly cheaper and it rescues your valuable intellectual property from fragile, unsupported, failing systems.
There’s a more ominous reason to migrate your apps. Most data breaches are due to running unpatched, out-of-date, and therefore unprotected software. This includes:
- Software written before PCs were pervasively open to Internet attacks.
- Apps that don’t require authentication.
- Apps that don’t encrypt data at-rest or data in-transit.
- Apps written before established secure development lifecycle procedures.
- Un-patched software.
- Software oblivious to buffer overflows or SQL injection attacks.
- Software and services built with the assumption that they would always be “inside the firewall” and therefore protected.
- Apps that don’t follow “least privilege” principles.
- Apps that don’t work with modern sandboxed operating systems.
This older and often unattended software is putting your company at risk. Individual and state-sponsored hackers are attacking the software of companies all over the world. Valuable intellectual property and sensitive customer data is being stolen daily. Company executives are getting fired. You absolutely don’t want this to be your priceless intellectual property or your customer data. This is a fast ticket to losing your competitive advantage as well as the trust of your customers. Oh, and you might be looking for a new CEO and CIO.
So what’s the game plan?
- Catalog all your Win32 and Web 1.0 apps and assemble a v-team to take ownership of them.
- Send out surveys to all your employees to find out who’s still using which apps.
- Utilize asset management discovery software that scans the company network searching for apps running on Windows, Macs and servers.
- Pull the plug on apps that don’t show up in a survey or via asset management scanning.
- Listen carefully for screaming employees and turn those apps back on. I expect you’ll find a good percentage of those apps aren’t used anymore.
- Eliminate the next chunk of apps by seeing if employees can use a new or different process to accomplish certain tasks. Your business and processes may have changed so much over the years that some of these apps aren’t relevant.
When rewriting the remaining apps, focus less on the code and more on data sources, workflows, user interfaces, performance and latency. I’ll talk later about new ways to connect to data and build new apps. It’s more important to reverse-engineer the way employees perceive these apps to work than how the existing code actually makes them work. This provides a good opportunity to stealthily update business cases.
Reduce risk to your company by migrating unsafe, unsupported, end of life software to modern, secure platforms and programming languages. How rapidly is your company de-risking its exposure to legacy business applications?