Home Uncategorized Legacy System Evaluation, Security Risks, And Continued Usage Acceptance
Uncategorized

Legacy System Evaluation, Security Risks, And Continued Usage Acceptance

Abbreviations

Discuss about the Legacy System Evaluation, Security Risk & Continue Usage Acceptance.

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

A  legacy  application  is  any  business  application  that  is  based  on  older  technologies  yet  continues to support core business functions of an organization (NASCIO;2008; Survey Section 2.1). This paper explains the constraints in using the legacy systems and the necessity of modernizing the legacy system. It briefly covers different approaches towards modernizing the legacy systems. The paper intents to evaluate a Legacy system, describe security risk associated with a legacy system. We will also cover a counter (Jones; 2010; The Closure Rule) thought as to why Legacy systems do not pose a problem.

Abbreviation

Description

NASCIO

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

National Association of State Chief Information Officers

AD&M

Application Development & Maintenance

IT

Information Technology                                              

SOA

Service  Oriented Architecture

COTS

Commercial-off-the-Shelf software

EAI

Enterprise Application Integration

ROI

Return on Investment

Often Legacy systems are defined by the age of the IT system set up and grossly older IT setups are categorised as Legacy System. BUT, this defining criteria is not the sole factor but there are additional factors like supportability, risk, agility, staffing, adequately support ‘line-of-business’ that need to be factored in as well (NASCIO;2008; Survey Section 2.3). Legacy applications can be defined as a group of functions that share a common set of data and address the business needs for a particular domain. Often time the boundaries of a system are based on historical development not based on business needs. Mostly Legacy systems utilize a variety of non-relational database products are coded in 2nd or 3rd generation languages, and often run on obsolete mainframe computers.

There has been a rapid change in the integration scenario in the last two decades. There has been a steady increase of new techniques and products needed to support them. With the rapid emergence of new technologies, businesses are facing a tremendous challenge to balance their current legacy investments, which they had made in the past.

Some of the key challenges (NASCIO; 2008; Survey Section 2.5) faced by larger organisations to maintain and sustain with Legacy Systems are:

Applications running on legacy systems are dependent on specific set of skilled resources.

Retention of operations and skilled team becomes crucial for business.

Maintenance required even for small legacy business system.

Same functionality provided by duplicate set of applications functionality but possibly running on different technologies in isolation within same organization.

Customization leading to different versions of same product.

Cost of IT operation is higher.

Legacy application may not be having good UI and may be difficult and costly to maintain and enhance.

Difficulty in enhancement may lead to non compliance with regard to regulatory requirement.

What are Legacy Systems?

Difficult to roll out companywide changes as individual modules will be dependent on legacy systems.

Due to legacy nature of the systems, functions like document generation, document printing may be not be achievable.

Legacy  modernization the term can be described as the  practice  of  understanding  and  evolving  the  existing  software  to  high  performing  assets  with  low total cost  of  ownership  (TCO)  and less  investment. This is achievable by either one or combination (NASCIO; 2008; Survey Section 2.7) of the following:

  • Data conversion
  • Extension
  • Virtualization/ Emulation
  • Re-engineer or replace with a COTS software
  • Applications wrapping
  • Re-hosting/ Re-platforming
  • Automated migration
  • Renovation/ Re-architecting
  • Utilize EAI to encapsulate and link legacy applications
  • SOA integration

The modernization process can be as simple as upgrading or enhancing the current legacy application or it can be as complex so that it may end up into high end migration. To summarize the overall purpose is to improve the functionality of IT system to achieve business objectives in a leaner fashion.

Till now we have covered the different aspects of Legacy applications, challenges, requirement to modernise and benefits of modernization. Let us evaluate a Legacy IT system. The system we are going to analyse is an in-house system build in Mainframe/ COBOL code and is used as Core Banking Platform for a Large European private wealth management bank. The  Legacy  environment  is an  application  sending  screen  images  then  receiving  keyboard  responses  to  and  from  a  fixed  function  terminal.  The terminals  are  usually  3270’s  with  the  screen  images  being  3270  formats  created  from BMS  (Basic  Mapping  Services)  source  members  for  CICS and MFS (Message Formatting Services) source members for IMS.

Legacy environment Layout

Layer- 1 is an example of a mainframe that is configured to handle requests from 3270 terminals which are like fixed functions, majorly able to scroll text from left to right and from top to bottom. These 3270 terminals have functionality built into hardware.

 Layer-2 is an SSCP-PU connection

Layer-3 is an example of set of 2- 3270 controllers.

Layer-4 This layer is connection between the 3270 controller and the 3270 terminal and is LU-2 connection.

Layer-5 Is actual 3270 terminal which is customer facing and has screen of 24 lines and 80 characters. Some customers customize the terminal to allow more rows and columns.

There are various limitations with the Legacy System and are summarised below:

  • Shortage of skill sets required for supporting the old system
  • Technologies or software supports from respective vendors may not be available
  • Build on old technologies and scope of improvement on the old technologies are limited
  • Non-alignment between business strategies and IT
  • Old system is resistant to agility an new changes in business models
  • Total cost of ownership is high

Legacy code imposes an unmeasured & unaccounted risk. While substantial budget is spent on small enhancement and maintenance of legacy applications; sufficient security attention is not paid to them compared to new application development although legacy applications are equally under regulatory scrutiny. Many legacy applications developed for internal use with less focus on security sometimes exposed to internet due to reasons like business pressure, merger & acquisitions, partnership and automation. (NASCIO; 2008; Table 6)

Challenges with Legacy Systems

Legacy applications are susceptible to security risk because many were designed with physical access restriction model in focus, at a time when computer crimes were rare and compliance mandates were negligent. Legacy applications exist in every organization and they function perfectly however operating system may no longer supported, patches are not provided the vendor (i.e. ATMs running Windows XP) or supported utilities are no longer compatible with upgrades. The way users interact with systems has changed drastically over the past few decades and each access method raises security concerns for legacy applications spanning across mainframe, desktop, client-server and web 1.0 applications. Legacy applications maintained by less-skilled administrators also poses significant threat as their ability to perform corrective and preventive action in-time is limited.

Following is a list of Top 10 security issues found during our study:

  • Data exchange over unencrypted channel makes it susceptible to sniffing attack
  • Data stored in unencrypted form which allows unauthorised viewing of business critical and private information
  • Decentralized access control applied through client and critical data/credentials are locally stored in weakly unencrypted form
  • Buffer Overflow due to improper memory management (applicable to unmanaged code written in C/C++ applications)
  • Human error in privilege assignment results in unauthorised users executing important programs/scripts on production data
  • In web application, insufficient input and output validation allows web attacks such as SQL Injection and XSS
  • Running insecure versions of COTS or open source component, lacking security protections built into newer versions give opportunities to adversary to compromise the server
  • Centralized database is accessed to all operating system users. CRUD operations are possible through database client and without application software
  • One user’s terminal-emulation client macro is available to another user allowing impersonated execution
  • Absence of audit trails / Logs make it almost impossible to investigate security incidents

Despite various initiatives and reasons highlighted above there are Enterprises that continue to use Legacy Applications. They accept the usage of this Legacy application for Business functionality and invest on the maintenance and necessary patching, upgrade, bug fixes of these legacy systems. Below are some of the reasons that we could identify and these can serve as supporting points in the context of retaining and maintain legacy application considering all the discussions we have done in above heads:

1) Dependency: Business is heaving dependent on Legacy application which becomes a bottleneck

2) Small functionality: Sometimes enterprise develop new modules for new business functions but for old or small business function which are associated with legacy application, they follow the ‘as-is’ approach

3)  Transformation project Failures: Due to fear of project failure some enterprise does not take a move for modernization

4) Line of Business: If Legacy application is able to serve the business functionality then the approach is not to disturb the current (legacy) ecosystem

5) Funding: Transformation project are generally mapped to technology enhancement and are not business requirement driven and hence minimal or less funding available.

6) Integration hiccups: If one legacy system is transformed then there may be integration challenges with other dependent legacy system or else enterprise has to revamp whole IT system which is difficult and challenging.

7) Legacy Application Know-how: In order to transform current (legacy) system should be known well so that there are no surprises once the new system is launched. But there is always a lack of Legacy application knowledge because of gap in documentation, knowledge sharing. This is also a challenge.

8) Staff Resistance: staff do not want to come out of comfort zone and hence resist any changes.

9) Data migration issues: Transforming Legacy application inherently brings another project of data migration which needs to be catered from following perspective:

  • Data Quality
  • Data Cleansing
  • Data Mapping

10) Customization: Mostly legacy systems are in-house build and are totally customised as per specific business needs which enterprise does not want to lose.

These are just few of the factors that are drivers for business to retain and maintain legacy system.

Conclusion

Migration  of  legacy  to  new  infrastructure  is  an  attractive  proposal  considering  the   challenges   faced   in   running   legacy   applications.   However,   many   organisations are deferring capital investments due to tougher economical situations & various other reasons.  Added  to  that,  legacy  applications  are  often  complex  and  require  good  preparation   &   probably   an   expensive   project   for   migration   to   new   infrastructures.  Therefore, alternate initiatives must be explored.  Optimizing legacy applications can be instrumental in reducing IT costs.  After  necessary  cost & system optimization analysis, if it is observed that there is no scope for further  optimization,  then  the  migration/transformation  can  be  considered  to  be one of the options.

References

Jones.R, 2010, Finding the Good Argument OR Why Bother With Logic?, The Closure Rule

NASCIO, 2008, Digital States at Risk!: Modernizing Legacy Systems, Survey Section 2.1: definition

NASCIO, 2008, Digital States at Risk!: Modernizing Legacy Systems, Survey Section 2.3: criteria

NASCIO, 2008, Digital States at Risk!: Modernizing Legacy Systems, Survey Section 2.5: drivers

NASCIO, 2008, Digital States at Risk!: Modernizing Legacy Systems, Survey Section 2.7: modernization methods

NASCIO, 2008, Digital States at Risk!: Modernizing Legacy Systems, Table 2: drivers

NASCIO, 2008, Digital States at Risk!: Modernizing Legacy Systems, Table 6: Enterprise Risk

Lamb.J, 2008, Legacy systems continue to have a place in the enterprise, Retrieved on Sept 13 from https://www.computerweekly.com/feature/Legacy-systems-continue-to-have-a-place-in-the-enterprise

Hire a Writer
Calculate your order
Pages (275 words)
Standard price: $0.00
Client Reviews
4.9
Sitejabber
4.6
Trustpilot
4.8
Our Guarantees
100% Confidentiality
Information about customers is confidential and never disclosed to third parties.
Original Writing
We complete all papers from scratch. You can get a plagiarism report.
Timely Delivery
No missed deadlines – 97% of assignments are completed in time.
Money Back
If you're confident that a writer didn't follow your order details, ask for a refund.

Calculate the price of your order

You will get a personal manager and a discount.
We'll send you the first draft for approval by at
Total price:
$0.00
Power up Your Academic Success with the
Team of Professionals. We’ve Got Your Back.
Power up Your Study Success with Experts We’ve Got Your Back.
Order Now Order Now