The government has to spend a lot of its money on legacy IT – but don’t take my word for it. Speaking in July, Chief Secretary to the Treasury Steve Barclay admitted that “currently around half of central government IT spend is on servicing legacy IT,” before taking aim at the countless repercussions – cyber-security risk and it’s obstruction of agile ways of working, to name but two.
He was quite right to raise this issue but, of course, the government is far from alone. Plenty of private sector organisations are hobbled by similar challenges. But whether you want big or small, devolved or centralised government, we should all want effective government – especially at a time of pandemic and a fast-approaching EU-exit.
Unfortunately, legacy IT continues to loom large over Whitehall and beyond. You might be battling it right now if you’re using an older version of Windows. Or maybe the issue is something bigger – you don’t know exactly what data your organisation owns as it’s held in siloed or proprietary data stores that don’t talk to one another.
The prevalence of legacy IT within government is partly rooted in the long-term evolution of public services and the historical focus on technology rather than the end-user. Throw in the sheer pace of technological advances rendering previous systems obsolete, and the result is today’s patchwork of government departments, all operating complex IT estates often underpinned by hundreds of systems and multiple suppliers.
So that’s where we are, but what can be done about it? The good news is that legacy does not necessarily lead to liability.
Without exception, the organisations that have created and clearly communicated an IT strategy and a digital transformation roadmap have progressed far more successfully with their legacy IT programmes than those that have not.
Legacy IT transformations take considerable time to complete – often more than five years. This means that clear direction set through a strategy and roadmap sponsored from the most senior levels is a key starting point. If clearly communicated throughout the organisation and reinforced with the right governance processes, it will provide a vital framework for planning and decision making.
Most legacy IT estates are so old that many of their complexities remain undocumented and are not well understood. This leads to the complexity and timelines often being underestimated, and the majority of transformation programmes tend to be late and over budget.
For example, one of our clients has been replacing its legacy IT systems for five years but is still only 30 per cent through this journey. This experience, however, is far from unique. Breaking the problem down and outlining interim states is essential for large programmes, as is investing in the right skills and experience, from new graduates up to board-level appointees, to drive the transformation forward.
We also know from experience that government IT budgets rarely allocate funds to deal with inadequate data. This means that building a detailed picture of the data that sits across a legacy estate and understanding how it should be managed and migrated is key to making better informed decisions not only about legacy IT, but also future technology.
It takes a significant amount of effort to pull up every carpet and consolidate knowledge. However, this is an absolutely crucial step as it will enable evidence-backed decisions to be made based upon how the data is going to be used. Building a plan of work to address the data must be managed in parallel with embedding supporting processes within digital, data and technology teams.
A key challenge with legacy IT lies with those services that cannot be easily transitioned to modern technology. This causes the need to maintain out-of-date platforms that cannot benefit from any of the increased agility offered by modern technology platforms and cloud environments. And for legacy IT that cannot be transitioned, retro-fitting cyber-security defences may not be an option.
By taking a threat-based approach, however, the protective monitoring of any legacy environment, combined with up-to-date knowledge of the threat actors and threat vectors, enables swift action to be taken. For example, legacy IT systems may have multiple vulnerabilities, but understanding which are currently being exploited allows an organisation to take mitigating actions to avoid this happening within their own IT estate.
Addressing legacy IT whether through replacement or evolution can only be achieved with an underpinning strategy. Such an approach can be used to help identify where the IT estate can be rationalised, duplicate services removed, or existing capabilities enhanced to deliver an improved user-experience and reduce the overall cost base.
All this isn’t easy. Navigating legacy IT is complex, time-consuming and often costly. But the powerful allure of upgraded systems fit for the myriad challenges and opportunities of 21st century government can surely fuel the journey ahead.
Stay up to date by exploring our perspectives into the latest trends, topics and technologies affecting governments worldwide: subscribe here.
by Dr Nefyn Jones, Director, Central Government, BAE Systems Applied Intelligence – firstname.lastname@example.org