Managing a blend of legacy and modern IT during digital transformation

Laptop and a typewriter sitting on a blue table

Not all companies mastering digitalisation are young, agile start-ups. In fact, most businesses tackling digital transformation have old technology stacks, which can leave IT leaders managing a mixture of old and new technologies and infrastructure for an extended period of time.

Planned digital transformation projects are just one of several scenarios that can lead to this situation. Mergers and acquisitions (M&As) are one of the most common, says Andrew Hewitt, senior analyst at Forrester, and, as seen during COVID-19, when a company must respond to unexpected challenges.

“This happened a lot during the pandemic, as people needed to quickly invest in cloud-based technologies," he says. "Another cause of this type of mix is when an organisation makes substantial customisations to a particular application – to such an extent that it’s really difficult for them to replace and so they hold on to that legacy technology.”

The challenges of a mixed IT estate

An IT estate of this kind creates a lot of complexity regarding interoperability, compatibility and knowledge gaps. “Depending on how old the technology is (I just talked to a CIO still using green screen applications based on AS/400), it’s challenging to support old systems in the long run," says Alexander Buschek, senior director analyst at Gartner. "People proficient in these legacy systems are often close to retirement, so working fluently with teams supporting old and new systems can be challenging.

“However, the main question is where does the data live? Often it has to be the old legacy ERP. Requirements of data and analytics will then need to be met by implementing yet more systems, which makes matters more complicated and expensive.”

Some issues can even be caused by problems accessing and retaining talent, adds Michel Savoie, technology transformation and trusted intelligence consulting leader at EY UK&I.

Attrition is a big problem with technical talent, and if organisations are facing a high employee turnover, then they’re constantly losing knowledge on how current tech works,” she says. “This can lead to new tools being implemented as a way to resolve this lack of expertise, resulting in various solutions across the business, all at different stages in their lifecycle.”

Taking all this into account, it’s not surprising that 30% of midsize enterprises plan to increase their investment in legacy application modernisation. However, for those in the midst of managing mixed estates, temporary solutions are possible.

Security, compliance and behavioural challenges

As was the case for many organisations, COVID-19 was the trigger for the Disability Trust’s digital transformation journey, as it wasn’t set up to operate in an agile way. The minute it had a hybrid estate of legacy and new technologies, though, it was faced with a range of security, compliance and behavioural challenges.

“When we moved our on-premise data to a cloud structure, we were confronted with challenges around making that data more easily consumable for end users who were comfortable with our traditional approach," says Graham Fisher, the organisation’s head of digital. "We also had difficulties joining up certain data sets and sources, and the security implications that came with that. Also, in the short term, decommissioning some systems and procuring a new capability drives further complexity into the business from a technical point of view, especially at an architectural level.”

When it came to cyber security, Fisher decided to implement an ‘as a service’ approach. “We’re not security specialists – to buy endpoint products and implement them ourselves is expensive and complicated,” he explains. “The economies of scale of using [an as a service] approach were far better.”

Where they faced data consistency challenges, they looked to virtual private networks (VPNs) and similar solutions to move data into another position where it can be accessed more easily from cloud solutions and consumed more easily by employees. This, however, drives a huge security risk.

“The biggest concern for us is the insider threat, whether that’s leavers exfiltrating our IP or confidential patient information being unwittingly shared on public forums, the impact could be critical – both reputationally and for the people we support," he continues.

“That means we need to be able to carefully control which sites are used, and what apps our data flows across. At first, we were trying to manage web filtering through large, externally-managed firewalls. It was complicated and far from agile. Censornet then helped us to own and drive the filtering ourselves and get a clear understanding of the patterns of information coming in and out.”

Creating a common platform

Many travel companies have large networks made up of acquired companies and/or partners, which leads to multiple tech stacks running different, often legacy, architecture. In the case of Expedia, this led to difficulties with compliance and resiliency and created work redundancies, with every team trying to automate their own database.

“Adopting a common platform helped us get our arms around the hundreds of tools Expedia Group uses and enabled us to create a scalable architecture without adding more complexity to the database infrastructure,” explains Rathi Murthy, Expedia Group’s CTO.

“We built database as a service (DaaS) to support monitoring and resolve incidents without the need for manual intervention, freeing up developers’ time. This solution also gave our database engineering team more control and visibility across the enterprise and broke down silos that made it difficult to keep costs under control and enforce best practices.”

Meanwhile, TUI’s digital transformation project accelerated during the pandemic as it looked to transition from a set of localised organisations, traditionally acting in silos with separate tech stacks, into one microservice-based platform that serves all markets at scale. It still has legacy systems in place, however, and is in the process of gradually onboarding all markets to start providing new services.

“Naturally this comes with challenges. For a big business, it can feel like there’s a constant cycle of decommissioning products as we sunset legacy systems,” says Milan Juza, CIO of web, mobile and payments at TUI Group. “The risk can be to do this too quickly or oversimplify the process; in reality, this process takes much longer than anticipated as each country has its own nuances and tech stacks. The art lies in responsibly managing the paradigm between decommissioning the technology properly, and not impacting the customer while doing it quickly to avoid long-term costs.”

TUI’s approach was to look at what products it had, how it wanted to sell them and how customer needs had changed. “The reality was that, in most of our legacy systems, many existing capabilities just weren’t being used, so it was important to ask ourselves whether each piece of the tech stack was valuable and justifiable," Juza continues.

"We began making changes based on value and experimentation. This allowed us to work out which parts of the tech stack were no longer needed, which still served us and where we needed to innovate. This is helping us to dramatically reduce the complexity of our systems, time spent working on them and ultimately produce less waste and more business and customer value.”

Keri Allan

Keri Allan is a freelancer with 20 years of experience writing about technology and has written for publications including the Guardian, the Sunday Times, CIO, E&T and Arabian Computer News. She specialises in areas including the cloud, IoT, AI, machine learning and digital transformation.