Spiria logo

The cost of legacy systems

A legacy system is any software, hardware, or storage peripheral that is still in use despite being obsolete. And it doesn’t have to be that old; for example, it could be a version of a software that’s just been out a couple of years but no longer supported by the supplier. Worse yet: sometimes, a company’s or institution’s most strategic system, which is often tailor-made, runs on hardware or software that have become outdated.

Some technologies die hard

Strange but true: to this day, some major enterprises and institutions rely on crucial programmes that were developed in COBOL and run on mainframes. These programmes have probably outlived their programmers, the spaghetti code is probably undocumented, but hey, it still works! CIOs swear that these systems are 100% secure, explaining that they are not Internet-enabled, and today’s hackers don’t know COBOL. And though security through obscurity isn’t a best practice, it is true that few hackers are inspired by COBOL and its attendant operating systems, like z/VSE, z/OS and VME. In fact, COBOL, born in 1959, has been vegetating in a coma since Y2K. COBOL programmes are monolithic and their ability to evolve is zero to nil. Besides, COBOL programmes are incredibly expensive to maintain and their future is uncertain, if only because good COBOL programmers, the highest-paid development professionals around, are getting on in years, and are not being replaced. As far as I know, no young programmer dreams of learning COBOL one day. In any case, it’s no longer taught in school.

Antiquated systems

In June of 2015, hackers targeted the American Office of Personnel Management, making off with data pertaining to 20 million current and former federal government contract workers. The ensuing investigation revealed that the software on the mainframe that hosted the database was 30 years old, written in COBOL, and “too obsolete from a technical standpoint to encrypt personal information”. Which shows that these ancient systems do indeed pose security problems...

In 2016, the Government Accountability Office, the organisation responsible for auditing the United States’ federal budget and accounts, stated that one of the federal government’s oldest investments still in use was the Strategic Automated Command and Control System (SACCS), a system to coordinate the operational functions of US nuclear forces. This system is still running on 1970s-era IBM Series/1 software and 8-inch floppy disks.

In April 2018, the IRS Web site crashed on the last day of filing. The problem was that the Individual Master File, the system that stores taxpayers’ tax data, stopped responding to queries. This system, made up of 20 million lines of assembler code, was developed when John F. Kennedy was President. It is set to be replaced in 2022, after 55 years of service, but that remains to be seen, since Donald Trump has slashed the IRS’s budget by US$239 million.

IBM System/360.

IBM System/360 mainframe computer at the Grenoble Olympic Winter Games computing centre, January 1968. Photo Ron Kroon/Anefo. Dutch National Archives.

The real cost of legacy systems

Maintaining 20-year-old or even 50-year-old systems is increasingly expensive. COBOL and Fortran specialists, old-school coders able to write assembler code and older mainframe engineers are thin on the ground, and therefore in high demand and expensive. And that’s not counting the hardware platform, often supplied by long-gone builders, adding to the complexity and expense of the problem.

Despite their shortcomings, these systems are often vital to a company, which is why they’re being preserved at all costs. Therefore, their slightest hiccup can be extremely painful. When Delta airlines’ old reservation management system crashed in 2016, its entire fleet was grounded. The US$150 million dollars it cost the company would have been far better spent on infrastructure modernisation, redundance and security. Comair, a subsidiary company of Delta, went through a similar experience in 2004. In that instance, the crew dispatching software, written in Fortran (a language that nobody knew in Comair’s IT department), froze for unknown reasons. Some 3,900 flights had to be cancelled, leaving 200,000 passengers stranded during the Christmas rush. It turns out that the software was limited to 32,000 schedule changes per month, a limit that had never been reached before. However, a record-breaking snowstorm on December 22 and 23 caused innumerable changes, causing the software to hit its limit and shut down on 25 December. After this embarrassing gaffe, Comair’s President, Randy Rademacher, was forced to resign. In fact, the replacement of the legacy system by Sabre Airline Solutions was approved in 2003, but at the end of 2004, it still hadn’t been rolled out. This was the last system that still ran on the airline’s ancient IBM AIX platform (all other applications ran on HP Unix).

With an obsolete system, the slightest functional change or its integration in any modern system takes an insane amount of time, when it is even possible. The problem with these systems is that they’re rarely scalable, meaning that they have to be complemented by yet another technology layer to meet current needs, resulting in a complex and delicate balancing act. And these systems are often vulnerable due to obsolete technology or unavailable support.

Further, the real costs of these systems cannot always be estimated. For example, how do you quantify loss of agility, or the inability to change and adapt to an evolving environment? How do you value lack of competitiveness? What is the opportunity cost of strategic data that you just can’t obtain because the system is unable to produce them? How do you know how much growth was missed? How many clients were lost to the competition? Etc.

The greater part of the IT-related federal budget of the United States (US$80 billion) goes to maintaining legacy systems. Federal agencies still employ over 1,000 COBOL and 600 Fortran developers. Companies that spend 60 to 80% of their IT budget on maintaining legacy systems do so at the expense of innovation, since there is precious little time or energy left to prepare for the future once you’ve finally finished installing patches. And you just can’t consider modernizing until you build a replacement system, which is a long and costly operation. Real modernization happens when the old system is unplugged; but when you can only spend 20% of your budget on modernization, things move even more slowly. In other words, obsolete systems drag you into a vicious circle.

Often, the right decision is to make massive investments to quickly and mercifully unplug a legacy system that has been on life support for years. Of course, this is always a scary move, and there is no such thing as zero risk; but sometimes, drastic measures are called for. The return on investment is assured over the medium and long terms. Besides, modern systems are developed with an eye to upgradability and scalability, making them easier and cheaper to update or migrate to a new technology.

This entry was posted in Method and best practices
by Laurent Gloaguen.
Share this article