As the number of legacy applications continues to grow, the associated technical migraines are gaining in strength. Ryan Mangan CITP FBCS, cloud and end user computing technologist, assesses organisations’ pain killer options.

The pace and depth of technology’s global advance have hastened over the past few years. The introduction of cloud technology has enabled organisations to modernise and adapt to market changes and competition more quickly. There have also been strategy changes. Many organisations are now focusing on being cloud first and are shaking off legacy processes.

The cloud has been a great enabler because it quickly provides organisations with compute resources. However, this leads to a fundamental question when we look at migration and digital transformation: what about the applications?

The application problem

In 2018, Microsoft estimated that there were over six trillion applications and application titles in the wild. In addition, in recent years, Microsoft has reduced its operating systems servicing timelines for enterprises, businesses and consumers, which essentially increases the number of migrations an organisation may need to endure during a decade.

As newer Windows operating systems are released, older versions become deprecated with a support expiry date, forcing organisations to consider the risks of not migrating and the security implications of not doing so. This particular dynamic puts organisations and IT leaders in a difficult spot.

IT leaders typically focus on ensuring that the organisation is modernising systems, improving security and keeping up to date with technology and internal technology innovation. However, many organisations rely on bespoke or critical business software, which has carried out the same process for many years. These software products are seen, within organisations, as being essential to day–to–day business activities.

Project roadblocks

As organisations look to migrate away from the older operating systems and comply with security frameworks and others like the Cyber Essentials scheme (National Cyber Security Centre, 2021), they tend to hit roadblocks due to the application challenges. This can have knock–on effects on the organisation, including increased costs and project times.

Here are a few technical blockers organisations typically face with legacy and old applications:

  • The assumption that the legacy system's technical debt is much more expensive to fix than redevelopment using newer technologies
  • Lack of documentation and missing installation media
  • Age of the hardware and the ability to find replacements or make repairs if a failure occurs
  • Size of the system and the time to migrate.

There are also non–technical blockers. Here are three examples:

  • Supplier influence can impact an organisation in many ways. To call out a few: Managing multiple suppliers, contractual arrangements, resources and responsibility in general.
  • Competing priorities, with more urgent issues taking precedence over the older applications. This potentially makes the older/legacy applications an afterthought. The knock–on effect can be seen when users cannot access the older application on the go–live of the new system.
  • Commercial decisions: Organisations may provide limited choices based on the their technology strategy – even though the application can still be used, the organisation proceeds with redevelopment.

Application approaches

There are five typical application strategies that organisations can consider:

  • Retain: Retaining the application is a general approach that avoids the complications and other issues associated with attempting to migrate. However, this approach has associated challenges and can cause security teams headaches regarding risk exposure and isolation.
  • Retire: An excellent question to start with is: ‘Do we require the application?’ Retirement is a typical approach organisations should follow if they can do without the older application. However, considering risk and other business impacts, sometimes it is more straightforward to use a different application rather than keep a legacy application running.
  • Re–host: Undoubtedly this is the approach most organisations want to take and it is possible in most situations. Moving an application from the older operating system to a modern one eases some headaches. However, runtime, dependencies and compatibility with other applications must be considered before starting such projects. Application migration vendors can support organisations with assessing application estates and any blockers that may be present.
  • Repurchase: The software vendor's favourite is purchasing new software and retiring the old. This particular approach can become costly if due diligence has not been thoroughly carried out.
  • Re–platform: Updating specific components, using emulation technology or fixing specific application compatibility issues are excellent alternatives to repurchasing and are similar to re–hosting. Organisations will often use both re–platform and re–host approaches during a workspace or application migration project.

For you

Be part of something bigger, join BCS, The Chartered Institute for IT.


Legacy applications are becoming somewhat endemic in the IT industry. As advancements in the cloud and platforms progress further, more applications will become deprecated or classed as legacy products. Organisations have, and will continue to have, some difficult decisions to make when considering the impact of adopting a cloud–first strategy and how they approach migration projects. It is important to note that classifying an application as legacy does not necessarily mean you will have issues with migrating to a modern operating system or that the organisation will suffer from delayed projects. Organisations need to identify older or legacy applications on day one and then apply the appropriate approaches to take each project forward.

Application challenges

In 2019 there was an article published by Digital Health with the title, ‘Login delays are the least of the legacy tech problems facing the NHS’. The article detailed some of the NHS's dependencies on legacy applications.

In January 2022 the news outlet The Register published an article suggesting that the UK government was experiencing expensive delays on its tooling to track and monitor legacy applications.

As detailed in the above examples, it is becoming apparent that legacy applications are growing in quantity, are an ongoing cause for concern, and are potentially impacting organisations and decisions.