Legacy Software

Modernizing out-of-support legacy software is generally considered a costly and long process. However, not upgrading or migrating to more modern software technology could be disastrous for any organization.

Many organizations keep using legacy software for years or even decades, and the reasons are obvious. They have invested in the product and intend to use it for as long as possible. Typically, employees have already learnt how to use the software, meaning that new software would probably involve time and additional capital in terms of training. In addition, the software may only run on a specific legacy system, which would also need an upgrade, or companies may have developed custom applications that depend on the legacy software, constituting an important discouragement to abandon it.

However, in spite of the many reasons to keep using legacy software, the disincentives are too important to ignore. In fact, two of the most important deterrents are the security risks involved and the potential financial losses due to affected business-critical operations.

The Main Disincentives of Legacy Software

Dependency on legacy platform – A legacy product may only run in a legacy environment. For example, many legacy software products are not supported under Windows 7 or newer versions. In other words, the legacy software itself may not entail a risk, but its dependency on a legacy platform still causes the company in question to be vulnerable to security traits.

Sunset of support services – At some point, the legacy software vendor generally decides to end the product´s support services, which means that, from that moment on, security risks and vulnerabilities may remain undetected or unaddressed.

As an example to illustrate this issue let’s take the case of the Adobe Central (Accelio Central / JetForm Central) legacy document software. Companies running that legacy software have detected that a new Windows server patch -–Microsoft Patch KB3170455– causes the applications to fail when printing. This situation, in many cases, is affecting business-critical document processes.

Adobe recently sunset the support services for Adobe Central, meaning that no fixes will be provided. Like any software company, Adobe communicated the sunset schedule long ago to all its customers. But did the affected companies take action? The reality is that many IT departments oversee the indirect implications that related software may have and only consider that they have no plans to modify or enhance the currently functioning software. If instead they would have planned ahead and researched other possible alternative replacement software, they would surely be in a better position.

The only solution for Adobe Central users will be to look for an adequate replacement software product ASAP, as not applying the Microsoft patch KB31700455 involves important security risks that companies can’t afford to take, as the damage of having hackers enter the business system could have an unforeseeable negative operational and business impact, starting from simple local problems, through data loss, up to data theft and fraud.

Keeping the latter in mind, it is of no doubt to a responsible business owner that applying the Microsoft patch KB31700455 would be the way to go, but how to cope with the problem that this will cause the affected business document printing processes? A quick solution is required, as the business can’t stop operating. In the meantime, until the Microsoft patch KB31700455 has been applied, the company will be exposed to a security breach.

Lack of scalability and flexibility – Using flexible and scalable applications is important for organizations, because it means that valuable resources and investments will not be lost when they need to be modified to meet new business needs. Unfortunately, typically, legacy software is unable to scale to address new business requirements.

Moreover, due to the hard-coded rules of many legacy products, the application tends to be highly inflexible and unable to keep up with the pace of business.

A good example are large companies that need to connect their legacy applications to e-commerce software. Some organizations decide to start a costly process developing individual patches for their legacy software, while the best solution would be to look for a truly scalable and modern replacement software.

Lack of regulation – The legacy software may not be and will most probably not remain compliant to new regulations. In the case of document software, important regulations must be met involving stored data, digital signature and secure data distribution, among many other aspects. And the fact is that the list of new regulatory and legal frameworks for storage, backup and distribution is growing faster than ever. For example, there is the new EU General Data Protection Regulation (GDPR), which greatly impacts compliance techniques involving data storage, and the HIPAA in the US indicates very strong requirements regarding data storage and backup methods.

The Solution: Replacement Software

Without a doubt, as we have seen in the example of Microsoft patch KB31700455 and its impact, not only on the Adobe Central document software, but possibly on quite a few others, the solution that addresses all disincentives of legacy software consists of migrating to a replacement software.

While no product can be guaranteed free of security risks, new applications are always built with the knowledge of past vulnerabilities in mind, and as new applications are implemented with their corresponding support services, upgrades and fixes are provided in the case of any unforeseen issue.

Moreover, new software generally comes with new features, enhanced GUI and improved performance creating additional business benefits. If the replacement software is adequately analyzed before implementation, then it will also be a solution which offers options that effectively support current and future capability needs, allowing the involved business processed to grow and evolve.

Sources:

Microsoft Patch KB3170455

Adobe Central (Accelio Central / JetForm Central) sunse

http://www.computerworld.com/article/2474158/application-security/4-risks-from-legacy-
applications.htm

http://www.esecurityplanet.com/patches/the-hidden-security-risks-of-legacy-software.htm

http://www.encyclopedia.com/social-sciences-and-law/economics-business-and-labor /businesses- and- occupations /scalability

André Klein
Freelance Consultant for DocPath