The replacement of legacy IT systems in 2023 is a priority raised by the majority of those responding to this research. For example, recent analysis across the UK public sector by HP suggested that over 75% of public services have third-party IT systems are not fit for cloud migration, and that legacy infrastructure is now a major barrier to progress.
This is not just because older systems often create avoidable costs, inefficiency in IT management time or barriers to the introduction of innovative new technologies, but also because of inherent and growing risks, which can be hard to quantify or are even unseen until the risks materialise. These risks typically lie in the ability to maintain the same level of resilience, responsiveness, and security that newer systems or cloud services can offer.
“The prison and probation services are reliant on outdated technology that is swallowing taxpayers’ money just to stand still.” (Source)
Dame Meg Hillier MP, Chair of the Public Accounts Committee, UK Government
There is, at the same time, a misplaced assumption that ‘legacy IT’ is always a ‘bad thing’: outdated and inefficient, a reflection of ‘technical debt’ because of short-term workarounds that are often needed. Suppliers may offer a ‘shiny new’ cloud upgrade that is not necessarily a better solution, and may increase risk, cost, disruption, and distraction from other critical work.
If older systems are functioning well, and the cost of change is not justified, then replacing ‘legacy IT’ may be a misplaced priority in 2023. Rather, a systematic assessment of the need for change will be required (see Figure 1).
Indeed, while rationalisation and replacement of some outdated IT systems in public service organisations will take place, often accompanied by significant new expenditure, there is also feedback from some CIOs that many legacy applications need not be replaced, if they are stable, trusted, functionally capable, or can be adjusted or contained affordably to ensure frictionless data integration, resilience, responsiveness, efficiency, and security.
Simply migrating to public cloud is not always an easy or a cost-effective option. Some traditional IT solutions are simply not well-designed for the loud, especially where large data sets are involved.
“The challenge for us is the legacy of state and the complexity of the systems – too many of which have been operating since DWP was founded over 20 years ago. They cannot be easily moved into a cloud environment. We were also cognisant of the long-range cost implications of investing in cloud – especially when storing enormous quantities of data.”
Bryan Nelson, Lead Transformation Manager for Hybrid Cloud, Department for Work and Pensions (DWP), HM Government
There are often ways of ensuring legacy applications can conform to new digital architectures. Priority for technology modernisation in 2023 will depend as much on process innovation and modernisation as it does on IT replacement. IT leaders need to ensure they have a grip on systems assets and their interdependency, to pinpoint areas where legacy constraints are costly, risky, or barriers to progress. This is likely to be a longer-term project beyond 2023.
Case study
UK National Audit Office – replacing legacy systems
NAO highlights problems in Defra’s digital estate (ukauthority.com)
The UK National Audit Office (NAO) has advised that the Department for Environment, Food and Rural Affairs (Defra) faces serious problems in upgrading its digital estate:
“Government continues to rely on many outdated IT systems at significant cost. Defra faces a particularly challenging task in replacing its legacy applications and has begun to tackle it in a structured way. The full potential of technology in improving public services and reducing cost to the taxpayer can only be accessed if this programme and others like it across government are delivered effectively.”
– Gareth Davies, Head of the NAO.
The programme seeks to replace 2000 ageing legacy applications, 30% based on unsupported software, with a serious risk of service failure or cyber-attack. With £871m investment plans for 2022 to 2025 it still has insufficient resources to deliver all its ambitions.