As part of Solutions Review’s Expert Insights Series—a collection of contributed articles written by industry experts in enterprise software categories—Miten Marfatia, the CEO of EvolveWare, outlines some of the hidden (and not-so-hidden) costs that can arise from delaying application modernization initiatives.
CIOs are scrutinizing IT budgets closely as economic volatility increases. While application modernization is cited by 87 percent of IT, security, and executive leaders as critical to digital transformation success, 42 percent are experiencing budget constraints to fund such initiatives. However, if organizations wait to modernize, problems will grow exponentially. An independent survey commissioned by EvolveWare found that 51 percent of organizations already have faced or anticipate critical issues with systems that have not been modernized. It’s a situation that the Federal Aviation Administration (FAA) and Southwest Airlines experienced not too long ago.
The FAA’s legacy air traffic safety system failed on January 11, 2023, because of a corrupt file, bringing down both primary and backup systems. This error resulted in the cancellation of 9,000 flights that day. Similarly, Southwest Airlines’ legacy point-to-point system that planned the placement of resources for its flights could not keep pace in re-assigning planes and staff to routes that were facing delays and cancellations due to bad weather. This resulted in a massive disruption of Southwest’s operations over the Christmas holidays in 2022. Southwest’s costs are expected to exceed $1 billion due to lost revenues, refunds, and potential regulatory fines. And this cost does not include the non-tangible loss that may result from reputational harm and lost customers.
Understanding the Hidden Costs of Delaying Application Modernization
These recent incidents demonstrate how legacy system failures can impede or even cripple revenue-generating activities. Costs that should be considered include:
The number-one goal of IT Departments when recommending modernization is to improve employee productivity of their personnel. This was cited by 40 percent of the respondents to the above survey. The area of productivity they are looking to improve is related to maintaining applications, as they experience loss of talent, unfamiliarity with legacy systems by replacement personnel, and a lack of current documentation to train them with. This causes many IT budgets to be allocated to maintenance, leaving a gaping hole to fund innovation.
The Internal Revenue Service identifies its “antiquated technology” and staffing issues as one of its most serious problems, which led to an inventory backlog of nearly six million paper tax returns to be processed in 2022. Like many organizations, the IRS expects ongoing talent shortages to exacerbate productivity losses until the agency can modernize core systems.
Increased operational costs
With older technologies falling out of favor and talent retiring, organizations will likely incur higher maintenance, licensing, and labor costs for legacy systems. To support mainframe applications, they must source increasingly hard-to-find specialists in outdated programming languages, ranging from COBOL, CA Gen, and CA Telon to Assembler, Natural, and PL1. A US Government Accountability Office survey found that the ten critical federal IT systems most needed for modernization ranged from 8 to 51 years old, costing their agencies collectively $337 million a year to operate and maintain.
Security breach cleanup costs
Legacy systems represent a significant cybersecurity risk due to vulnerabilities inserted over many years and poor patching practices. A recent security survey found that hackers and malicious actors actively search the internet and deep, dark web for 180 vulnerabilities associated with ransomware, of which only 76 were identified before 2020. Legacy applications weren’t built to withstand these attacks, and many can’t be updated sufficiently to protect against them.
Since 83 percent of organizations will experience an attack, leaders should plan on setting aside an average of $9.44M in cleanup costs in the U.S. and $4.35M globally, which encompasses lost business and cost for detection, escalation, notification of customers, and regulators, and post-breach response.
Reputational damage and loss of market position
Brand and reputational costs can also occur when systems break, and breaches occur. SolarWinds, for example, was supposed to help protect its customers through system monitoring, management, and security solutions. Instead, it harmed them when hackers used their software to gain access to thousands of customers in a supply chain attack aimed at focusing on weaker links in an organization’s systems and resources. In many cases, these weak links are legacy systems. After a major incident like that, organizations must take extraordinary (and costly) measures to recover their prestige and reputation and rebuild their business.
Competitors also take notice of such failures, poaching customers with better service, healthier IT, and robust risk management practices. After a breach, companies have seen an increase of up to seven percent in customers fleeing to competitors.
Navigating Modernization Initiatives Amidst Economic Uncertainty
Given the high cost of not modernizing alongside a volatile economic environment, how can organizations mitigate the risks associated with legacy systems while working within stricter budgets?
The good news is not every application needs to be modernized at once. In addition, the modernization process for each application or set of applications can be broken up into phases, enabling organizations to stretch lean budgets and sequence initiatives to accomplish strategic objectives and solve the most pressing business issues. They can begin by:
Understanding their application portfolio
Organizations often have large application portfolios developed using multiple programming languages. However, these applications don’t have current documentation and base their understanding on the memory retention of their personnel. At the same time, 81 percent of survey respondents have, or anticipate, challenges retaining or hiring people with knowledge of these applications and technologies.
A state-of-the-art application modernization platform will automate the generation of documentation for the portfolio of applications, enabling organizations to overcome knowledge gaps and analyze the criticality of not modernizing each application. Keeping this documentation current also allows IT Departments to train support personnel effectively and plan for disaster recovery.
Quantifying the opportunity
Using current documentation, the importance of each application to the organization’s operations, and industry metrics, teams can prepare business cases on which applications to modernize. This analysis would also include the priority in which these applications need modernization.
IT teams should work with their business stakeholders when developing these cases to understand pain points, the cost of the application going offline, and how the application might impede strategic goals.
Using a phased approach
The costs and failures of previous attempts at big-bang modernization approaches are well-known. Instead, organizations can take a phased approach, using agile processes to modernize applications over time while keeping budgets in check. This approach aligns with Gartner’s recommendation in a recent report to “implement continuous modernization by identifying, prioritizing, and removing the most severe friction points – business capabilities with poor application support.”
Recent high-profile IT meltdowns may seem shocking to consumers but not to industry watchers. IT leaders know that these issues could be the tip of the iceberg if faster progress on modernization isn’t made. While economic downturns can contract IT budgets, savvy leaders will count the costs of not modernizing to create a compelling rationale to push forward. By executing three steps—documenting applications, focusing on the most critical applications, and using a phased approach—organizations can reduce risk and deliver early and ongoing value.