Quantifying Legacy Software Exposure with Application Portfolio Analysis

by

For most businesses that rely on technology, it can be a double-edged sword. Software is necessary to keep the business running, remain competitive, and even sell a product. At the same time, it can be difficult to keep software and hardware updated - doing so requires ongoing investment in talent, time, and development.  For this reason, business owners and CIOs hold onto legacy systems for too long, increasing costs and decreasing productivity while stagnating their system.

What is Legacy Software and Why is it Risky?

Legacy software is typically code written in older languages (E.g. Cobol, C, Assembler, PL/I) and while it isn’t necessarily bad software or even poor quality, it can be outdated. Most often, legacy software is a piece of software that was once cutting edge, still supporting critical business processes, but has since become difficult to enhance or maintain. Now, age isn’t the only thing that dictates whether or not something is legacy - there are some software designs that stand the test of time. 

New call-to-action

Risks of Legacy Software

Legacy software forms the backbone of many large financial, insurance, and telecommunications companies - and they are at the most risk. Most enterprises know they have a lot of legacy software, but they don’t know exactly how much or to what extent they have put themselves at risk. Some of the risks of keeping legacy software include:

  • Legacy software is harder to migrate to the cloud
  • It may not benefit from modern capabilities such as AI, ML, auto-scaling, etc.
  • Few developer and engineers truly understand its codebase
    • Those who do understand it are retiring quickly
  • Enhancements might add even more risk 
  • It is difficult to keep pace with digital businesses

What is Application Portfolio Analysis (APA)?

Application Portfolio Analysis or APA catalogues software or application portfolios and associated application demographics. It provides software intelligence that combines objective technology insights with qualitative business context.

Application Portfolio Analysis inventories the number of different technologies within an enterprise while also evaluating the health, cloud readiness, and open-source risk of code within the enterprise. It also provides a platform to help make portfolio-level decisions through an objective source code scan and qualitative business context for each application across the enterprise.

Application Portfolio Analysis (APA) can help to find any existing problems with systems and then use those insights to forecast any problems that could pop up into the future, including cloud readiness, complexity, and the cost of your application portfolio. 

What Does A Good Application Portfolio Analysis Program Look Like?

A good application portfolio analysis program should be easily deployable across an enterprise application portfolio of potentially hundreds or thousands of applications - it should not take long to get results. The data provided on the dashboard has to include objective measures and be able to quantify exactly how much legacy software there is in comparison to non-legacy software. For example, it must provide a consistent metric like lines of code for application size, a consistent measure for software health and risks - helping teams to understand just what is happening within a specific application or the overall portfolio in terms of their quality. 

A good application portfolio analysis program should include qualitative business context data to enable a more informed decision-making (e.g. Business Impact of an application). Most importantly, in many cases, APA programs should also have consistent measures for cloud readiness for enterprises developing a roadmap for cloud migration.  Another thing that makes one application portfolio analysis program stand out from another is that the process has to be repeatable and performed periodically. 

How Can APA Help With Legacy Software Exposure?

APA balances the subjective nature of discussions around portfolio rationalization with objective data. It also creates a consistent language and foundation for making decisions regarding legacy software (around the world).

This benchmarking allows decision making, enabling teams to come to an agreement on how they want to deal with their legacy software:

  • Retire
  • Consolidate
  • Sustain
  • Invest
  • Replace with a COTs Alternative

In the end, it provides the support needed to make important decisions quickly and objectively.

How CAST Highlight Helped a Large Insurance Customer

One of the largest Insurance companies in North America wanted to take a digital first approach to modernization, but didn’t know how much risk it was exposed to due to its low understanding of the legacy exposure. Continuity issues due to a retiring work force and innumerable software integrations over the years without modernizing its legacy software compounded this problem further. 

This well-established firm used CAST Highlight to:

  • Perform Application Portfolio Analysis on over 1,000 applications representing 150 million lines of code (MLOC)
  • Quantified that that 25% of its software was legacy
  • Broke down the analysis by their 12 business units
  • Aligned executives enabling them to make informed decisions to retire, consolidate, sustain, and invest in all of their legacy applications.
  • Leveraged Business Impact data to help prioritize the more important applications for the enterprise
  • Adjusted existing strategies to ensure there is a path toward digital-first.
Schedule a free demo with a CAST APA expert to undertsand how you could leverage CAST Highlight for Application Portfolio Analysis
Get the Pulse Newsletter  Sign up for the latest Software Intelligence news Subscribe Now <>
Open source is part of almost every software capability we use today. At the  very least libraries, frameworks or databases that get used in mission critical  IT systems. In some cases entire systems being build on top of open source  foundations. Since we have been benchmarking IT software for years, we thought  we would set our sights on some of the most commonly used open source software  (OSS) projects. Software Intelligence Report <> Papers
In our 29-criteria evaluation of the static application security testing (SAST)  market, we identified the 10 most significant vendors — CAST, CA Veracode,  Checkmarx, IBM, Micro Focus, Parasoft, Rogue Wave Software, SiteLock,  SonarSource, and Synopsys — and researched, analyzed, and scored them. This  report shows how each measures up and helps security professionals make the  right choice. Forrester Wave: Static Application Security Testing, Q4 2017  Analyst Paper
This study by CAST reveals potential reasons for poor software quality that  puts businesses at risk, including clashes with management and little  understanding of system architecture. What Motivates Today’s Top Performing  Developers Survey
Greg Rivera
Greg Rivera Vice President
As Vice President of CAST Highlight, Greg leads product strategy for the CAST SaaS platform helping customers and partners accelerate app modernization / cloud migration, rationalize their app portfolios, and reduce open source risk. He has worked with Fortune 1000 companies such as Microsoft, IDG Communications, and Arrow Electronics for over 20 years in technology and media, helping them make successful digital transformations. Greg has a B.S. in Electrical Engineering and an M.S. in Management of Technology and is passionate about applying technology to improve business and our everyday lives.
Load more reviews
Thank you for the review! Your review must be approved first
Rating
New code

You've already submitted a review for this item

|