Made Tech Blog

The pitfalls of neglecting legacy application transformation

Legacy technology is a huge threat to the public sector. While this won’t be the first time you’ve read this, it remains relevant because not enough action is being taken to prevent disaster.

In July 2019, the House of Commons Select Committee for Science and Technology stated that “legacy systems are a significant barrier to effective Government transformation and digitisation”. It went on to say that the Government Digital Service (GDS) should conduct an audit of all legacy systems across government and that this should be completed no later than December 2020.

This urgency should be welcomed. Legacy issues need to be identified as soon as possible, and public sector leaders across digital and technology must take responsibility for highlighting the specific risks that exist in their organisations. Then they need to develop appropriate strategies for transforming their legacy applications, which are funded properly and can be executed successfully.

If they do not, recent examples from the private sector show us that the effects can be widespread and, in the worst cases, tragic.

Reputational damage at British Airways

The airline has been hit by a string of IT issues in recent years, including a major data breach in 2017. However, it was the glitch in its check-in and departure systems that exposed the company’s flawed legacy technology strategy. 

In August 2019, more than 100 flights were cancelled and 200 delayed, affecting tens of thousands of customers. While the company has been reticent about explaining why the issue occurred, some have speculated that it came down to building new service capabilities while ignoring core legacy systems. 

As layers and layers of new technology are built up, it becomes harder and harder to check transaction chains across these layers and to foresee how changes in one might affect the operation of another.

Life savings lost at TSB

In April 2018, customers of TSB experienced the first few days of what would become several weeks of significant disruptions to their banking experience. Many were unable to access their accounts. Some could see other customers’ accounts or were presented with large negative balances when they tried to view their own. 

In June 2018, the bank admitted that 1,300 customers had been hit by fraud, with some having their life savings stolen. These issues all came about because of the poorly executed migration of account data from legacy systems at the bank’s previous owner, Lloyds, to the systems of its new owner, Sabadell. 

TSB had taken the correct first step by identifying the bank’s change of ownership as a key driver of legacy transformation. However, in aiming for a big bang transformation rather than ongoing incremental change, it clearly failed to execute in a way that derisked the impact for its customers.

Personal tragedy at Boeing

Between October 2018 and March 2019, the US aerospace giant experienced two disastrous plane crashes, which had their roots in a policy of choosing financial restraint over legacy transformation.

Investigations into both crashes have shown that the company’s decision to choose a software workaround, rather than make expensive changes to its legacy design, was at the heart of the problem. Boeing had decided to fit a bigger, more efficient engine which affected the angle of ascent during takeoff. Rather than fix how the new engine affected the plane by redesigning the build of the aeroplane though, it implemented a software workaround as a cheaper, quicker alternative.  

While it must be noted that a lack of training and communication about how the new software worked also played its part in the crashes, there’s no doubt that choosing to avoid large legacy transformation costs played a significant role too. 

Public sector beware

The key lessons that public sector leaders should take from these private sector examples is that failing to address, finance and implement a legacy transformation programme is very risky. Furthermore, they should be fully aware of how failing to deal with legacy technology in highly-sensitive areas of the public sector could blow up into headline-grabbing events that rival the Boeing tragedies. 

But Digital and Technology leaders don’t need to be shocked into action. Simply paying attention to the issues that their users experience every day should make them realise that action is required. For example, it is already clear that issues caused by legacy technology are wasting vast amounts of time for people working in some of the most important areas of the public sector. 

Legacy issues abound

At the end of 2019, it was revealed that doctors in a Midlands GPs surgery take 17 minutes to log in to their computer systems in the morning. Why? Because they are forced to use legacy technology in the shape of Windows 7, for which Microsoft no longer provides technical support. Ongoing login issues are just the tip of the iceberg when it comes to the problems of legacy software though. 

Looking back to May 2017, the NHS was one of many organisations across the world hit by the WannaCry ransomware attack. As a result, 34 trusts were infected and locked out of devices. Almost 600 GP practices were infected and NHS England estimated that as many as 19,000 appointments would have been cancelled as a result of the attack. 

All of the NHS organisations infected by WannaCry shared the same vulnerability. Like the slow login issue for the Midlands GP surgery, it relates to a reliance on legacy technology. However, in the case of WannaCry, the issue related to the use of unpatched or unsupported Windows operating systems. 

In other areas of the public sector, where modernisation has been attempted, poor execution has led to relatively new digital services quickly becoming legacy ones. In the case of the Legal Aid Agency, its Client and Cost Management System was rolled out for all civil legal aid work in April 2016 but was then described by the Legal Aid Practitioners Group as having problems ‘at every level’ less than a year later.

To avoid new services becoming legacy services almost overnight, organisations should be aiming to build universally accessible and interoperable web applications in an incremental and derisked manner.

Legacy AI?

When you consider critical healthcare, nuclear energy or air traffic control systems, it doesn’t take a huge leap of the imagination to see how legacy issues in these areas could have tragic consequences.

One less obvious but not less significant topic to consider though is how the increasing interest in Artificial Intelligence (AI) and Machine Learning (ML) for automating decisions might be affected by legacy technology. After all, just imagine the potentially disastrous effects in 20 years’ time if an AI algorithm is making benefits decisions or determining who should enter the country, based on a crumbling legacy technology and data infrastructure. 

We have already seen the biggest technology company in the world launch a new financial product to much fanfare only to find its AI algorithm is discriminating against women. This should serve as a stark reminder to all public sector organisations that they must invest in fixing the fundamentals before they are tempted to develop a headline-grabbing AI algorithm that is built on shaky foundations.

Taking action in your organisation

The time when legacy application transformation in the public sector could be kicked down the road has passed. GDS, NHSX and the Science and Technology Select Committee have all made it clear that this major risk needs to be addressed urgently.

The responsibility for acting falls on Digital and Technology leaders but no one should expect a quick fix. Legacy transformation takes time and requires a series of significant steps to be taken, which all require support from board level.

The most pragmatic first step is to look at the drivers of legacy transformation for your organisation. This will not only help your colleagues to understand the urgency of this work but also to start you on the path to developing a strategy that meets your specific needs.

This blog post has been co-authored by our CEO Rory MacDonald and Content Consultant Joe Carstairs.

If you are interested in learning more about this topic, our team has released our ‘Modernising Legacy Applications In The Public Sector’ e-book which will empower you to define and implement the right approach to make legacy applications a thing of the past. Download a free copy here.

About the Author

Luke Morton

Chief Technology Officer at Made Tech