Legacy applications can hamper security during IT modernization

As organizations embrace IT modernization, one of the biggest challenges to maintaining security is the vulnerability of legacy applications. Properly integrating, migrating, and modernizing applications can prevent exploitation.

While most traditional IT environments adopt a perimeter-based approach to security, modern hybrid and cloud environments have multiple layers of security, with a container approach that prevents a single point of failure allowing access to the entire system. Legacy applications that have been developed and deployed for a perimeter security model must be reconfigured and integrated into the modern layout to provide adequate protection.

In a study by the Ponemon Institute, which surveyed 605 U.S.-based IT and IT security practitioners involved in their organization's application security activities, 63 percent of respondents said attacks at the application layer are harder to detect than at the network layer. Sixty-seven percent of respondents say these attacks are more difficult to contain.

Being able to access and utilize older applications will streamline modernization, but without security measures, the new system is made vulnerable by the varying security measures of old systems. Standardizing security measures and eliminating weak spots in defenses can strengthen an organization's overall security, and simultaneously provide a streamlined experience for users who will access needed information via modern authentication.

According to Deloitte, multi-factor authentications must be integrated with legacy applications to provide acceptable layers of security. Legacy mainframes and applications that have been successfully modernized can provide enhanced security during a shift to a hybridized or cloud-based environment.

The popularity of IoT devices also contributes to security challenges and risk. According to Kapersky, smart devices now number over 6 billion, and hacked IoT devices can be utilized to bring down entire servers. CSO Online reported that Ken Spinner, VP of field engineering at Varonis, said.

"Manufacturers will start to address these security faults or risk losing to the companies that bake-in security from the start. GDPR may save the day in the long run, forcing businesses to reconsider personal data collection via IoT, but we won't see this effect until at least 2019."

Implementation teams must emphasize security-aware application development practices, and modernization of legacy applications that require migration. Overall, these strategies will drive the successful advance of IT modernization and create accessible, evolving platforms that are able to seamlessly provide access to previous data and familiar interfaces without compromising security.

Security issues affect more than just daily operations. The organization's ability to effectively meet compliance demands is also dependent on their ability to secure legacy applications. According to IBM, a risk-based approach to managing application security makes it easier to focus resources on activities that will improve compliance, and also to demonstrate progress to compliance officers and auditors.

Security issues affect more than just daily operations.

However, in a survey conducted by SANS on security threats, 42 percent of respondents indicated they saw a need to invest in better operational security, but only 18 percent put their investments in this area. Securing legacy applications is vital according to CGI, and a key step is to inventory the databases and files, identify particularly sensitive data items, and document whether each item has a high, moderate or low need for the three components of security.

This evaluation of existing systems can help to determine what level of pre-implementation IT modernization is required to secure and support aging applications and infrastructure, and bring security levels into sync during integration. IT leaders can utilize information gathered during analysis to consider how and when to make specific changes to elements of the IT architecture.

This process can include front-end applications, middleware technologies, or back-end servers, but things may not be as complex as anticipated. In many cases, only a few critical systems will require a full redesign, and the effective implementation of legacy application modernization on the front end can provide adequate security to lessen the need for significant back-end system redevelopment.

As a first step, the IT team should take inventory of existing applications and other technologies and identify those that can be improved, consolidated with other applications or other technologies, or decommissioned. Migrating can then be achieved with minimal disruption or requirements for lengthy retraining.

The Inventu Corporation offers a variety of solutions to streamline and speed the IT modernization process. Our innovative Flynet Viewer eases the integration and migration of legacy applications, and our services page provides additional options for those seeking to increase security without sacrificing ease of access.