Strategy and Governance /

Dealing with Legacy IT must be an integral part of the Digital Transformation

Blue waves and arrows

Over the last few years, there has been and continues to be a significant focus on Digital Transformation. It is driven by a varied reasons from innovation focused management through to poor results and stakeholder concerns.  There is clearly significant momentum for organisations to adopt technologies which allow the customers to interact with them digitally at every point in their customer experience. This has created huge ongoing challenges for organisations … Digital Transformation is a journey.

This is a challenge for all organisations, small, medium and large, as customers make greater demands and have raising expectations.  Further, it is not only limited to B2C markets where it is probably most obvious but B2B customers are making similar demands around their customer experience.

In many organisations, this has led to just building new applications and systems to deliver services digitally because it is proving very difficult to adapt existing IT systems. Many of these existing IT systems were built with outdated techniques and expensive technologies.  Additionally, they have subsequently been adapted in a piecemeal manner to meet the evolving business needs, often without an overarching architecture or plan.  The consequence is that it has become extremely difficult to continue to evolve these existing systems and they are quite rightly considered as legacy.  So, little or no attention is being paid to them in relation to digital transformation efforts.

Digital transformation efforts have been mostly focused on the customer experience and not necessarily on the end to end process required to deliver a complete service, including all of the operational functions that the customers do not see.  Often, it is these operational functions which are highly dependent on the legacy IT systems. However, these systems often lack the flexibility required to adapt to the rapidly changing business processes triggered by new digitalised business models, and have the potential to lead transformation into failure.

A successful Digital Transformation programme needs to include “how to deal with legacy IT” and preferably its decommissioning or “sun-setting”. This is difficult, complex and unglamorous so it is far too frequently ignored or forgotten.   It is also often swept under the carpet by short-termist business models which encourage executives not to make difficult decisions.

In addition to the lack of flexibility, legacy IT systems need to be regularly upgraded to maintain support and patched with at least security related patches as vulnerabilities are fixed for as long as the vendors are providing them.  These ideas have been explored in our previous article titled “What are the Cyber Security Challenges created by Legacy IT?” as well as an approach to addressing these challenges.

The first step is to stop building more legacy otherwise at best you will always be chasing your tail but more likely making the problem even bigger and harder to resolve when someone finally attempts to tackle it.

To improve the cyber security in the legacy IT systems, we recommend creating of a common toolkit of security components which can be retro-fitted into the legacy IT systems either as a corrective programme of work or alongside other upgrades to these systems.

The creation of a common toolkit of security components should be viewed as best practice and equally applied to all IT systems being developed and deployed as part of the Digital Transformation.  Surely, this toolkit should be the same for all IT systems.  From a security perspective, this will improve the inter-operability of the old and new worlds simplifying an already complex environment.

In the long-run, continuing to introduce new IT systems, solely designed to meet the short-term goals of Digital Transformation without fixing legacy problems, will significantly increase not only the cost base but also the risk exposure of the organisation as a whole. Using the momentum and the revenues generated by the Digital Transformation to address long-standing legacy IT issues, is key to the lasting success of the Digital Transformation journey.


Neil Cordell


Corix Partners

Find out more about how your business can truly protect its future from cyber threats by contacting Corix Partners. Corix Partners is a Boutique Management Consultancy Firm, focused on assisting CIOs and other C-level executives in resolving Security Strategy, Organisation & Governance challenges.