Software

The Perils of Not Modernizing an Agency’s Applications

Agencies face higher costs and potential security vulnerabilities by leaving older apps in place.

Evan Doty is a senior field solution architect at CDW focused on hybrid cloud and Microsoft Azure. His areas of expertise include LAN and WAN network design and implementation, Windows system administration, project management, call center management and deployment, and IT vendor management.

Sam Lakhia

Sam joined CDW as a Cloud Client Executive. His focus will be to help CDW-G shape the most valuable federal opportunities aligned to the company’s Cloud Portfolio. Sam has more than 15 years of experience in the federal space supporting multiple agencies with their program, acquisition and service management needs.

There are numerous reasons why a federal agency would want to make sure its applications were running in as modern an architecture as possible.

Modernizing applications will reduce the total cost of ownership of those apps and the applications will run faster and more efficiently. Additionally, the apps will be more scalable and more easily updated as agencies shift them onto cloud-based Platform as a Service architectures.

What happens, though, if an agency decides not to modernize a legacy application? Sometimes this is done because there is not adequate budget to do so, or there is a lack of qualified IT staff. Or, it could be that the process of upgrading the legacy application is just really difficult, and it runs a mission-critical service that cannot be interrupted in any way. Data might be lost or corrupted, and that could result in a system failure.

While there are some clear reasons why it is sometimes difficult for agency IT teams to modernize applications, they should avoid leaving legacy applications in place as much as possible. Avoiding modernization leads to higher costs and a weakened ability to attract top IT talent. It also could expose the agency to security vulnerabilities. That’s why modernization is the best path forward for agencies.

Why Not Modernizing Applications Is Harmful

One of the clear downsides for agencies that do not modernize their applications is that their IT costs will be higher, in both the short and long term. Short term, agencies will need to dedicate more time, compute and storage resources to maintaining legacy applications than they would if the app were moved to the cloud.

They might also need to pay an outside consultant — perhaps a recently retired agency IT professional who has hung up his or her shingle — with specialized knowledge to help them maintain the application, especially if it is written in a legacy programming language such as COBOL.

It doesn’t get any easier from there. The longer an agency delays modernizing an application, the more costly it will be to catch up, as more data will need to be saved and transferred and the complexity of the upgrade increases.

Leaving legacy applications in place also makes it difficult to attract and hire top IT talent. Young IT professionals and programmers likely will not want to work at an agency that is still running applications that were built before they were born. To stay at least somewhat competitive with the private sector, federal agencies need to be as current as possible with their technology.

Avoiding App Modernization Can Harm the Mission and Citizens

While it’s difficult to quantify the potentially negative impact on an agency’s mission, it’s safe to say that it’s not insubstantial — and harm to the mission can lead to harm to citizens, which should always be avoided.

Legacy applications do not scale at all; certainly not in the way a cloud-based application can. The way it is built is the way it is going to operate. It might still work, but it is not going to ever run as optimally as it could if it were modernized. That means that when demand spikes, for whatever reason, the app cannot scale up to meet that demand, and mission areas may suffer as a result.

Those kinds of legacy applications tend to be monolithic and difficult to upgrade. As the hardware and software underpinning legacy apps get older, the vendors that make that hardware and software are less likely to provide security patches. The longer a piece of technology is around, the longer malicious actors have to study its vulnerabilities.

When those factors are combined, it creates a recipe for a serious security vulnerability. It puts agencies at a disadvantage, because they are chained to a legacy application and cannot be as agile as they should be in responding to a changing threat landscape.

Nearly two decades ago, stories broke about NASA scouring eBay for parts so that the space agency could scavenge Intel 8086 chips, which, as The New York Times reported, played a critical role in the space shuttle and were “at the heart of diagnostic equipment that made sure the shuttle’s twin booster rockets were safe for blastoff.”

No agency should want to be scouring the internet for hardware or software to keep a legacy application on life support. The benefits of application modernization are evident, and the downsides of avoiding modernization are very real.

This article is part of FedTech’s CapITal blog series. Please join the discussion on Twitter by using the #FedIT hashtag.