View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Mind the gap! Legacy systems and diminishing expertise leaves the public sector at risk

Legacy systems and loss of expertise from the sector means that old software is now causing a real headache.

By James Nunns

Legacy systems in any sector cause IT departments real headaches, none more so though than the public sector as the skills gap created as those who helped implement the original code come to the end of their careers. 

The public sector is one of the few remaining areas where a ‘job for life’ is still a reality and as such many of those who were in place when software such as COBOL or Delphi were implemented remain in their roles, but are quickly coming to the end of their careers. As other sectors have a continuous roll-over of staff there are practices in place that solve such skills gap issues, but the longevity of public sector careers means that these gaps are only now appearing.


Can you fill the gap?

Not only is the public sector losing a huge amount of technical expertise, finding the right people to fill the gap is immensely difficult. Those who are replacing the recently retired or are entering the software profession for the first time, understandably, don’t want to learn code and systems that are outdated. Those that do understand COBOL or Delphi or the like, have already gone, or, as it was decades after the implementation have simply forgotten the processes behind the tool. Some organisations that can provide support and ongoing management of such systems are not only extremely rare but, where they do exist, are traditionally seen as prohibitively too expensive for the public sector.


The risk of legacy systems

For all of the reasons above it is easy to see why so many public sector organisations have ignored the issue. The nature of the skills loss means that it is not going to go away, and instead will get increasingly worse. Deciding how to manage these systems is then, one of the key decisions for public sector IT departments over the next five years.

The rip and replace policy is one commonly adopted in the private sector, again the budgetary restraints of the public sector make this difficult, but it also opens up risk. Without having an in-depth knowledge of the source code, or having access to those who originally implemented the system, organisations can never be sure that every user journey, functionality and process are covered with the new system.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

The risks of doing nothing are high though. COBOL and Delphi were at the time of implementation extremely secure. The world of cybercrime and risk has moved on considerably though and new threats such as injection attacks are simply not covered by such legacy technology.

The sheer size of the risk has also increased. Not only do we have a considerable number of new threats, but the landscapes in which public sector systems now sit means they are more open to attack. Some may sit on wider corporate networks or the public internet, neither of which would have been considered at the time of original implementation, putting public data at risk and compromising regulatory compliance.


Papering over the gap

One of the key issues driving change is customer experience (CX). This is being recognised by increasing numbers of public bodies as a key aspect of their digital strategy. However, by making websites and customer portals easy and intuitive only half of the problem is solved. The back-end that these portals link to are run by the legacy systems described above, and something will eventually give. Simply updating the customer-facing end and not addressing underlying issues such as COBOL opens organisations up to the risk of poor system integration and data management.

What is the solution?

So where does this leave public sector organisations? The rip and replace approach adopted by much of the private sector who have found themselves in a similar situation, is simply not an option for those in the public sector. Those who do know about the legacy systems are coming to the end of their long employment in the public sector and no-one with the right level of specific expertise is available to replace them. It seems a pretty desperate state of affairs, but some are turning to a halfway house.

Some in the public sector are turning to organisations that have retained the knowledge of legacy systems such as COBOL or Delphi. Instead of offering a rip and replace solution or an ongoing management solution, they can re-innovate the existing legacy software. By stabilising and re-building from the original code, these experts are able to modernise the legacy systems to ensure that they are relevant and in-line with today’s challenging environment of increased risk.

Understanding the source code also allows you to take a piecemeal approach to modernisation. By taking parts of the code, one bit at a time, and modernising each part as you go, you can ensure that you are replacing like for like, manage the risk and ensure that are protected from threats.

The better suppliers in the market can re-create the source code if it is lost or doesn’t exist. That way, their developers can also start to efficiently integrate new CX, mobile and cloud solutions with existing systems to really protect the public sector from risk.

Topics in this article : , ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.