by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : April 2015
While plenty of public-sector IT sys- tems are moving to the cloud, legacy systems are still the workhorses of many agency IT operations. But great- er computing demand from transpar- ency and mobile or big data programs coupled with frequent technology advances can quickly turn a legacy system into a liability. A recent report from Washington state calls for creating an enterprise- level modernization roadmap to systematically tackle the problem of updating legacy IT systems. The report by the Office of the Chief Information Officer (OCIO) examined 45 executive branch agencies. Of the 1,983 IT systems in use, 31 percent were legacy systems, with 55 percent of the legacy systems identified as mission critical. Most of the legacy systems (84 percent) were developed and hosted in-house. Almost half of the legacy systems fell into one of three business areas: financial man- agement, agency specific and licens- ing/permitting. The roadmap would be used by the state to mitigate current risks from legacy systems. In order to accom- plish that, the state advises that agen- cies stay current on software versions and be able to identify, categorize and analyze their application portfolio as well as determine when to modernize or replace systems. Determining what was a legacy system went beyond age and pro- gramming language. “Categorizing a system as ‘legacy’ was not sim- ply a matter of age or programming language, but rather a combination of views into whether that system could be easily updated, resourced/ staffed, posed security risk or other agency-specific determinations such as whether it aligned to a desired enterprise technical architecture or introduced unnecessary complexity to overall business processes,” said the report. Legacy systems pose a Catch-22 for agencies. They remain in use, the report said, because of the costs as- sociated with migrating the systems to a modern platform. But these systems are also expensive to run, they burden the state’s IT infrastructure, and they carry increased risks for data breach- es, theft or service disruption. This is especially true for citizen- facing systems, the report noted, because many of those applications were designed for use only in a secure internal network and not over the Internet. And while back-office systems, such as core financials, are critically important to the state’s day-to-day operations, their visibility is much lower, making upgrades a “hard sell,” the report said. As a result, replace- ment or upgrade of legacy IT systems often comes only when enhancements are made for new business capabili- ties or when IT staff has time to make improvements. The OCIO also asked agencies what criteria they used to fund moderniza- tion projects, resulting in a consolidat- ed list of criteria used by participating agencies. The data included mission alignment, public visibility, risk, align- ment to enterprise architecture (such as reducing number of platforms or improving data integration), improving efficiencies and cost savings. Further, the report noted that mod- ernizing or replacing IT systems is “a moving target. A system that may not be considered legacy this year might become legacy next year due to the pace of technological change, shift- ing skill set availability and cost, and changing business needs.” The challenge of maintaining legacy systems is being felt across the public sector. Last year the Texas Depart- ment of Information Resources issued its own report and assessment of its legacy systems. The authors made six recommenda- tions on how to tackle the problem: identify and prioritize security risks; develop a legacy modernization road- map; establish statewide standards for application development; use com- mercial off-the-shelf solutions, particu- larly cloud-based services; consolidate reporting and analytics into consoli- dated business intelligence services; and implement application portfolio management practices. • How to keep legacy systems from becoming liabilities Until agencies can phase out their legacy systems, the report recommended steps IT manag- ers can take to reduce risk: • Improve documentation, capture system information and rewrite system code when possible. • Provide code developers with training to identify high-risk systems and revise or develop new, secure code. • Stay up-to-date on software versions. • Use pace-layering to identify different systems and modern- ization strategies. • Consider migrating to software-as-a -service or commercial off-the-shelf deploy- ment models. • Migrate from legacy systems to shared or enterprise services. • Increase standardization. How to reduce risk of maintaining legacy systems [BrieFing] BY KATHLEEN HICKEY OSTERHOUTGROUP.COM 8 GCN APRIL 2015 • GCN.COM 0415gcn_006-013.indd 8 3/30/15 3:10 PM