IT Security

What is a legacy system?

Legacy System 

The term “legacy” has long been used to connote possession of some charming artifact or privilege that has been handed down from generation to generation. In IT parlance, it means your IT equipment is outdated, and quite possible insecure. It is no surprise then, that the general advice regarding your legacy IT artifacts is to move on to some new, supported system and/or software. Before you take that leap, are your old IT artifacts truly legacy IT artifacts? Let’s explore. 

What is a legacy system? 

A legacy system is old and obsolete computer system, programming language, software application, process or technology that can no longer be maintained, replaced, or easily upgraded. A legacy system can still be in good working order and may in fact still be essential for an organization’s daily work. Rather than considering the operability of a legacy system to determine whether or not a system is a legacy system, the following questions can help to reach that determination: 

  • Is the system able to support and organization’s software needs? 
  • Does the system require personnel with archaic technology skills sets to manage and maintain it? 
  • Are there excessive costs associated with maintenance? 
  • Has system performance decreased substantially? 
  • Is it cost-prohibitive to upgrade the system? 
  • Is the system unable to handle the required number of users simultaneously? 
  • Is the software supported with feature updates but no security patches? 
  • Is the platform incompatible with new systems and drivers? 
  • Is the software non-compliant with recent standards? 
  • Does the software require new updates to be functional? 

Legacy systems can include hardware such as mainframe computers, older personal computers, and outdated network equipment, and legacy software such as Microsoft Windows 7, COBOL, or discontinued Oracle products. The use of legacy systems is quite common and can be found in many industries such as government, banks, background checking systems, and businesses1. Even though these legacy systems may be difficult and expensive to manage, there are many reasons why organizations continue to use them. Common reasons for not modernizing include lack of financial resources to support the transition, fear of major disruption to the business during modernization, lack of ability to retrain staff and prevent service delays, and being overwhelmed by the prospect of upgrading a cumbersome system.2 

If you have determined that you are in fact operating a legacy system and recognizing that it may be time to modernize, the following steps may help you to determine your modernization path, whether it includes cloud migration, automation, DevOps, container-based applications, or microservice architecture: 

  1. Evaluate your current legacy system to determine which components can be eliminated 
  1. Evaluate project goals and resource requirements including application source code and data conversion milestones 
  1. Rewrite and restructure applications as well as staff training 
  1. Implement the modernized system with verification of functionality, scalability, and reliability 

1 Vasilkovsky, 2020, “5 Examples of Legacy Systems” 

2 Brehm, 2021, “Modernize Your Legacy System to Improve Productivity and Security”