The Business Case for Legacy Modernization
Our article ‘Business Architecture for Planning Cloud Migration‘ highlights the key point that it’s possible to migrate a business system “as is” to the Cloud.
In short you simply move the code to a different server environment, from in-house servers to Cloud hosting, the application itself remains unchanged, what is also called a “lift and shift” exercise.
Legacy Modernization refers to a scope of transformation that includes changing this software. This can include a partial technique through a wholesale rewrite.
The need for such a transformation is very clearly and quite bluntly documented, particularly so in the Public Sector, where it is a common and persistent issue for governments across the world.
In Canada it was identified in 2010 that aged IT was a major problem for the government, and still in 2019 remain unaddressed with critical systems at risk of collapse due to a chronic lack of IT investment. In the USA the Federal Govt spends nearly $100 billion annually on IT, much of it allocated to sustaining aging applications, with only 10 systems alone consuming costing $337 million per annum.
This includes many that depend on ancient programming languages like COBOL, have unsupported hardware or software, and operate with known security vulnerabilities.
Digital Government – Lipstick on pigs
What this defines is a common issue for governments worldwide that sees a twofold problem compound into a massive expense: The cost to maintain aged IT and the consequent inhibition of new, more efficient services.
In this 2019 news from The Register, they highlight how current Digital Government initiatives are in essence “putting lipstick on a pig”. They create an improved front-end interface but still don’t address the underlying challenges of legacy IT and indeed this can cause more problems not less.
They’re summarizing a 2019 report from the NAO, which illustrates how like Canada and the USA this is a long standing problem for the UK too; the NAO reported in 2013 the massive cost to the public sector of their legacy IT.
They highlighted similar situations, a variety of aged technologies, some originating as far back as 1973 running on a mainframe computer. The HMRC identified in 2009 that their 600 systems were “complex, ageing and costly”, and the report calculates how expensive a burden this is: The VAT collection service costs £430 million per annum to operate, and the DWP’s Pension Payment service £385 million per annum. That’s almost a billion pounds a year just for two applications.
They explain that most of the government’s data resides in its legacy systems and consequently agencies are making life-changing decisions using “incorrect data from systems that are not fit for purpose” and has not fixed the “appalling defects”.
Some government departments have not always prioritised replacing older technology, it said, adding that “until they do so there will be ongoing costs and inefficiencies in decision-making.” The NAO previously found the Department for Work and Pensions had to use manual intervention when using data matching tools to help detect incorrect payments of Carer’s Allowance.
“The newer systems provide more timely and accurate data matches, but the underlying data does not provide all the information that DWP needs, such as length of employment or allowable expenses. Officials looking at these matches therefore need to validate the carer’s circumstances manually and a shortage of staff to do this led to significant backlogs of cases.”
It said often departments will produce a new customer interface, for example rolling out the online application for the state pension, without fundamentally reconsidering what data their department needs and whether their current data remains fit for purpose.
In short Digital Government initiatives are guilty of building atop sand foundations, where the ‘cool’ new technologies like AI and RPA result in a situation where “layering new technology on top of existing data carries a significant risk of magnifying rather than overcoming the problems associated with data quality”.
“In our report, Digital transformation in government, we reported that 17 of the government’s ‘Exemplar’ programmes largely redesigned the user interface online and linked it to a pre-existing system.”
The series of NAO reports provides a detailed analysis that clearly describes how a process of Cloud Migration and Digital Government enablement must address this full scope of Business Transformation, with Legacy Modernization as the driving force for achieving this.
“The government’s ICT strategy, published in March 2011, recognized legacy ICT as a barrier to the rapid introduction of new policies and particularly the move to ‘digital by default’.
Legacy ICT reduces the flexibility to improve public services, makes it harder to protect against evolving cyber threats and increases government’s reliance on long-term contracts with large ICT companies. It is also likely to increase the cost of operating public services by preventing higher levels of automation and hinder data sharing intended to prevent fraud and error.”
In their audit they review a sample of government department situations and their legacy application challenges – the DWP Pension Service, HMRC VAT Collection, NHS Prescription Payment Service and the OFTs Consumer Credit Licencing Service.
Different options for addressing the situations are explored – ‘No Change’, ‘Enhance and Maintain’ and ‘Replace’ approaches, and the reports identified eight key risks of legacy IT:
- Disruption to service continuity – Legacy ICT infrastructure or applications are prone to instability due to failing components, disrupting the overall service. Failure of the legacy ICT may be more difficult to rectify due to the complexity or shortage of components.
- Higher security vulnerabilities – Older systems may be unsupported by their suppliers, meaning the software no longer receives bug fixes or patches that address security weaknesses. The system may not therefore be able to adapt to cyber threats.
- Vendor lock-in – Legacy ICT systems are often bespoke and have developed more complexity over time to the extent that only the original supplier will have the knowledge to support them. For example OFT felt that only the original developer could maintain the application, due to its bespoke complexity and lack of documentation, consequently extending their outsourcing contract.
- Skills shortages – The HMRC VAT system is facing a skills gap due to the age profile of the support staff and declining skills internally and with the supplier.
The remaining four risks of legacy systems that were identified directly inhibits an agencies ability to achieve their Digital Transformation goals.
- Manual workarounds – More manual processing can be required due to the lack of functionality within the system or its inability to interface with other systems. Examples of workarounds include performing detailed calculations outside the system on spreadsheets; re-entering data on to other systems or having to manually check for processing and input errors.
- Limited adaptability – New business requirements may not be supported by the legacy ICT. These may include requirements such as the provision of digital channels, the provision of real-time information and not being able to process transactions in a new way.
- Hidden costs – The true cost of operating the system may not be known. Workarounds to the system and the cost of the additional manual processes may not be recorded. By not having all the information available at the right time, legacy ICT may not be able to provide real-time performance information which could lead to poor decision-making.
- Business change – Due to the complexity or the limited availability of the skills required, change may be difficult, lengthy to implement and costly. This makes it difficult for the business to be responsive and changes may have to be prioritised.
In short the difficulty of updating legacy applications prevents implementation of new digital government features. The report describes “Legacy ICT is harder to adapt to meet changing business needs. We found that where an organisation has replaced its legacy ICT system, adaptability has increased.”
“OFT commissioned an efficiency and effectiveness review in April 2010, which recommended the redesign of business processes to streamline consumer credit processing. While most changes were implemented, some could not be supported by the legacy ICT and therefore were not adopted.”
One of the approaches, ‘Enhance and Maintain’, is based on keeping the legacy application and creating new interfaces to it such as mobile or web access, described as “wrappers”. However this does not address the core limitations of the legacy technology.
For example although the VAT system has been considerably updated via this approach, it’s still not a fully digital service as customers are unable to view their accounts in real-time, and HMRC has found it challenging achieving a ‘whole customer’ view, as its customer data is stored across a number of legacy ICT systems.
Other key limitations include the ‘batch processing’ approach of older platforms.
“Business transformation, including the drive for digital transformation is proving challenging for departments when it involves legacy ICT. Many legacy systems require data to be processed as a sequence of batches that is incompatible with a fully real-time digital service. In the pension system, for example, online applications have to be manually re-entered into the main system by a DWP operator, as the website and the main legacy ICT system are not integrated. The approach of adding functionality through the addition of interfaces to the core legacy ICT is likely to be insufficient to achieve full digital transformation.”
Additional processes are required due to the limited adaptability of systems using batch processing. The VAT return error correction process is a typical example of such manual intervention. VAT returns submitted online are only partially validated and corrected as they are entered.
Full validation, risk identification and correction can only be done after the overnight batch is run. At that stage errors are picked up by the error correction team and addressed manually. This is typical functionality for the technology design of that era. Validating, and identifying more errors, at the point of submission would lead to greater efficiencies.
HMRC had exception processes like this which represented 20% of costs.
Furthermore increased complexity caused by additional interfaces and connections with other systems makes routine changes to legacy ICT costly and protracted. The existing complexity of DWP’s pension legacy system means changes take up to 18 months from planning to deployment.
The report makes the simple and clear point that investment in new technologies can address the situation, that “well planned strategic investments have been successful in enhancing the functionality of legacy ICT” and deliver business value, such as the DWP adopting a new Customer Account Management system that draws together customer information from multiple legacy ICT systems, reducing the cost per customer by 30%.
They also describe that the risks will only continue:
“The risks of legacy ICT will increase over time as the gap between the system functionality and business need widens and the complexity of the systems and software increases. The management and technical resources needed to maintain and make further changes also increases.”
and that to mitigate these risks they recommend:
- Public bodies should ensure that they have a full analysis of the cost, performance, and risks of their services over time and of the impact of legacy ICT.
- Public bodies should draw more on cross-government comparisons and examples of best practice of managing legacy ICT while transforming to digital.
- Public bodies should ensure that service managers are fully aware of the risks to their services, posed by legacy ICT.
In particular they make this critical insight:
“Business owners were not fully aware of the risks to their department posed by their legacy ICT. Our audits of two of the four services found legacy ICT strategies and decisions being the responsibility of the ICT function with insufficient dialogue with the business owner. A more integrated approach between ICT and business functions is necessary to optimise decision-making about legacy ICT and its impact on future digital services.”
Modernizing Technology Act
However it’s clear that these recommendations have not yet found traction, with the “lipstick on pigs” digital service design approach still being the prevailing mantra with no substantive policy programs in place to address the underlying root issue of aged IT, therefore requiring a top level intervention.
The USA leads the way in this regard, taking legislative steps to address the situation. On the 12th December 2017 President Trump signed the Modernizing Technology Act into law, crystallizing into action the headline theme of Legacy Modernization, with an objective of achieving the IT Modernization Goal.
The Federal Times offers this primer, explaining that the act built on and amalgamated two previous modernization bills, authorizing $100m funding for rejuvenating existing IT systems in 2018, with an additional $150m earmarked for the next year: “proposals requesting $2 million to $10 million hit ‘the sweet spot’ for approval.”