It’s not uncommon for organizations to hold onto their application software and IT systems longer than they should. When you combine an “if it ain’t broke, don’t fix it” mentality with bottom-line pressure and rapidly changing regulations, there is often little impetus to change what works.
Gary Curtis, Senior Advisor at the Boston Consulting Group, says this is particularly true among financial institutions, and a big reason why CIOs need to employ Software Intelligence, which provides objective insight into complex software structure.
“If you look at the internal, core application suites of almost any major financial institution – especially those that buy and sell assets – you see a lot of legacy apps, old frameworks, and old architectures,” said Curtis. “These build up like sedimentary layers, and the resulting application stacks are often duplicative and difficult to maintain. When these old apps are impacted by the need to implement new regulatory-driven functionality, companies are often left without clear vision as to how best to begin and how to manage the resources and costs of remediation. Without Software Intelligence, it’s difficult to do this.”
Curtis, who previously served as on the Technology Risk Working Group of the U.S. Securities and Exchange Commission (SEC), spoke to CAST recently about what CIOs need to do when facing new regulations that require major changes to their organizations’ IT systems.
“I recently finished a project with one of the world’s major banks. Imagine this: You’re a new CIO, and one of the first things you learn is that your legacy stack has two-billion – with a ‘B’ – lines of code…more than that, it has more than 100 programming languages and frameworks,” said Curtis. “How does one get a grip on this?”
Curtis says that when regulatory updates need to be made, these legacy stacks are problematic and consume a lot of an organization’s IT budget. He says they are often unstable and make it very difficult for an organization to incorporate new capabilities into the stack.
“Near term, we could be looking at continually regulatory changes in the Financial industry,” said Curtis. “CIOs face a major problem due to the time and cost crunch of these mandates, and it’s common for them not to meet their deadlines.”
Part of the problem is that the people now working in IT departments have little of no experience with the programming languages and platforms used to build the applications in the legacy stack. Curtis says this puts a great deal of pressure on a CIO, part of whose job it is to avoid getting the company into regulatory trouble due to technical issues.
“The first thing that I think the CIO should do today is to get an analytical basis for what comprises that stack – what are the major problems, where are the architectural issues that need to be dealt with, especially where are there things like exploits that in the past nobody cared about, but which today hackers understand well,” said Curtis. “That helps them decide exactly how to approach the problem and delivers the data they need to provide to regulators when an extension is sought.”
Curtis says that Software Intelligence solutions like CAST’s Application Intelligence Platform (AIP) enable an accurate proof-case for the next steps to be taken within the legacy stacks when faced with mandated regulatory changes. “The kind of analytical tools that CAST provides are world-leading tools to get that kind of information,” said Curtis.
Our full interview with Curtis can be viewed here: http://bit.ly/CASTCurtisSWI.