CIO Perspective: Applying Software Intelligence to Analyze Legacy Stacks

by

It’s not uncommon for organizations to hold onto their application software and IT systems longer than they should. When you combine an “if it ain’t broke, don’t fix it” mentality with bottom-line pressure and rapidly changing regulations, there is often little impetus to change what works.

Gary Curtis, Senior Advisor at the Boston Consulting Group, says this is particularly true among financial institutions, and a big reason why CIOs need to employ Software Intelligence, which provides objective insight into complex software structure.

Gary Curtis-BCG-Software Intelligence

“If you look at the internal, core application suites of almost any major financial institution – especially those that buy and sell assets – you see a lot of legacy apps, old frameworks, and old architectures,” said Curtis. “These build up like sedimentary layers, and the resulting application stacks are often duplicative and difficult to maintain. When these old apps are impacted by the need to implement new regulatory-driven functionality, companies are often left without clear vision as to how best to begin and how to manage the resources and costs of remediation. Without Software Intelligence, it’s difficult to do this.”

Curtis, who previously served as on the Technology Risk Working Group of the U.S. Securities and Exchange Commission (SEC), spoke to CAST recently about what CIOs need to do when facing new regulations that require major changes to their organizations’ IT systems.

“I recently finished a project with one of the world’s major banks. Imagine this: You’re a new CIO, and one of the first things you learn is that your legacy stack has two-billion – with a ‘B’ – lines of code…more than that, it has more than 100 programming languages and frameworks,” said Curtis. “How does one get a grip on this?”

Curtis says that when regulatory updates need to be made, these legacy stacks are problematic and consume a lot of an organization’s IT budget. He says they are often unstable and make it very difficult for an organization to incorporate new capabilities into the stack.

“Near term, we could be looking at continually regulatory changes in the Financial industry,” said Curtis. “CIOs face a major problem due to the time and cost crunch of these mandates, and it’s common for them not to meet their deadlines.”

Part of the problem is that the people now working in IT departments have little of no experience with the programming languages and platforms used to build the applications in the legacy stack. Curtis says this puts a great deal of pressure on a CIO, part of whose job it is to avoid getting the company into regulatory trouble due to technical issues.

“The first thing that I think the CIO should do today is to get an analytical basis for what comprises that stack – what are the major problems, where are the architectural issues that need to be dealt with, especially where are there things like exploits that in the past nobody cared about, but which today hackers understand well,” said Curtis. “That helps them decide exactly how to approach the problem and delivers the data they need to provide to regulators when an extension is sought.”

Curtis says that Software Intelligence solutions like CAST’s Application Intelligence Platform (AIP) enable an accurate proof-case for the next steps to be taken within the legacy stacks when faced with mandated regulatory changes. “The kind of analytical tools that CAST provides are world-leading tools to get that kind of information,” said Curtis.

Our full interview with Curtis can be viewed here: http://bit.ly/CASTCurtisSWI.

Filed in: IT Leadership
Get the Pulse Newsletter  Sign up for the latest Software Intelligence news Subscribe Now <>
Open source is part of almost every software capability we use today. At the  very least libraries, frameworks or databases that get used in mission critical  IT systems. In some cases entire systems being build on top of open source  foundations. Since we have been benchmarking IT software for years, we thought  we would set our sights on some of the most commonly used open source software  (OSS) projects. Software Intelligence Report <> Papers
In our 29-criteria evaluation of the static application security testing (SAST)  market, we identified the 10 most significant vendors — CAST, CA Veracode,  Checkmarx, IBM, Micro Focus, Parasoft, Rogue Wave Software, SiteLock,  SonarSource, and Synopsys — and researched, analyzed, and scored them. This  report shows how each measures up and helps security professionals make the  right choice. Forrester Wave: Static Application Security Testing, Q4 2017  Analyst Paper
This study by CAST reveals potential reasons for poor software quality that  puts businesses at risk, including clashes with management and little  understanding of system architecture. What Motivates Today’s Top Performing  Developers Survey
Jonathan Bloom
Jonathan Bloom Technology Writer & Consultant
Jonathan Bloom has been a technology writer and consultant for over 20 years. During his career, Jon has written thousands of journal and magazine articles, blogs and other materials addressing various topics within the IT sector, including software development, enterprise software, mobile, database, security, BI, SaaS/cloud, Health Care IT and Sustainable Technology.
Load more reviews
Thank you for the review! Your review must be approved first
Rating
New code

You've already submitted a review for this item

|