Brownfield software development guide

Brownfield refers to physical land requiring clean-up, upgrades, or development before leveraging the property for new purposes. Brownfield software development describes maintaining, upgrading, migrating, interacting with, or leveraging data from legacy applications.

Most of the world’s developers work on and within brownfield applications and environments. While greenfield software development gets the industry buzz, it’s the brownfield technologies with mass adoption and most usage that run companies.

Challenges in brownfield software development

Brownfield software development is not easy. The developers must keep brownfield applications up-to-date, transform critical legacy business logic to modern technologies, and architect interoperability between brownfield and greenfield applications and environments. Some key challenges with brownfield software to note are:

Not having a thorough understanding of the legacy applications and their dependencies with other legacy platforms
Staffing technical expertise to continue the development and maintenance of legacy applications
Developing a strategic modernization roadmap and rapidly executing it while reducing technical risks and business disruptions
Determining which parts of legacy applications are business-critical and must be preserved, maintained, migrated, replaced, or retired
Managing upgrades, migrations, integrations, and modernization of legacy applications in a consistent, uniform, and repeatable manner while continuing active maintenance (no halts in development).

The inability to adequately address these issues and challenges will have a costly impact on the current and future business.

Adopt continuous modernization to help solve brownfield application development challenges

Instead of the obsolete top-down / waterfall approaches in greenfield applications, development teams have adapted leading DevOps principles such as continuous integration (CI), continuous testing, continuous monitoring, continuous security, and continuous delivery (CD) to take a more agile and iterative approach. Incorporating the continuous modernization (CM) principle to brownfield applications should be a natural extension of DevOps to enhance and fully complete the cycle of software development, maintenance, and evolution.

The principle of continuous modernization is to avoid the need for large, time-consuming, costly, and risky undertaking of major modernization initiatives in the brownfield software space. Executing a continuous modernization strategy requires different processes and automation tools to manage software migrations, modernizations, and upgrades while coexisting with ongoing greenfield and brownfield development projects.

One such tool is MLP, a SaaS platform that brings a uniform upgrade process, a collaborative work environment, and transparent and traceable workflows to continuous modernization. It snaps into your existing CI/CD environments and procedures to give you the ability to apply new software updates systematically and incrementally to your in-house applications, APIs, or any other software components.

Benefits of continuous modernization for brownfield software

Leveraging automated modernization workflow management tools and platforms like MLP for brownfield software upgrades, maintenance, integrations, and modernizations will benefit the business in many ways. Some of the benefits offered by continuous modernization for brownfield applications are outlined below:

Accelerate adoption of native, cloud-first, and mobile application architecture
Fast-track digital transformation projects to accelerate delivery of business value
Reduce security risks associated with legacy applications
Keep currency with a rapidly changing technology landscape
Improve performance of brownfield applications
Continuously eliminate creeping technical debt
Prevent massive modernization initiatives in the future

In short, continuous modernization makes it easier to support brownfield application development by providing a systematic, uniform, and accelerated approach to executing modernization roadmaps without disrupting the day-to-day business operations.

Learn more about continuous modernization.

IT modernization insights for government CIOs

A few of our team members attended the Beyond the Beltway 2022 – Virtual Event hosted by the Center for Digital Government. It was an incredible opportunity to hear directly from state and local government CIOs and CSOs. They discussed the initiatives they are working on, the tech trends important to their region, and the best ways the private sector can be a true partner in finding solutions to their problems.

One thing was certainly evident, government CIOs and CSOs have their work cut out for them. They have to balance federal directives with constituent service expectations within the constraints and protocols of the local governing body. The featured speakers from government organizations across the country were generous with their insights, and the sessions were expertly moderated by the staff at the Center for Digital Government. Here are a few things we learned about technology modernization at the state and local levels of government.

1. Strategic plans inform technology modernization considerations

Although the featured CIOs spoke to the specific needs of their region, they all stressed that their strategic plan, which is available to the public, guides all modernization considerations. Their projects reflect these overarching government directives heard throughout the event:

Keep our systems secure (cybersecurity)
Protect the privacy of our people (PII data)
Meet constituent expectations (digital engagement)
Support remote and hybrid workforces (secure cloud-based systems)
Prove compliance (tracking and reporting)

Any modernization project will advance progress towards the strategic plans and support the overarching directives.

2. CIOs use existing technologies, processes, people, and relationships wherever possible

The featured CIOs spoke passionately about being good stewards of taxpayer dollars. They always first evaluate and leverage existing systems and expertise wherever possible. Then, they review internal processes and skills and engage with partners they know and trust.

If a technology modernization initiative is needed, government CIOs reach out to each other looking for similar, successful projects. They want the highest probability of success with the least risk possible – and don’t want to re-invent the wheel.

3. Funding for technology modernization is only part of the solution

Yes, having money allocated for technology modernization is great. But the CIOs stressed that the funding is only a piece of the overall initiative. The more significant challenges lie in the execution of getting the project completed.

Government CIOs are looking for holistic proposals beyond the specific technology solution. The proposals must also include:

External experts assigned to the project
Internal IT resources required to support the project
Best practice frameworks and guides
Relevant case studies
Knowledge transfer plans
Long-term support considerations (maintenance fees, upgrades, training, etc.)

Comprehensive plans help give the CIOs confidence that the modernization project is successful and sustainable.

One final point stressed by several of the speakers – it’s challenging to retain internal IT talent within the government. It’s a very competitive job landscape, with many choosing employment in the private sector. Therefore, CIOs tend to give favor to external suppliers who will help upskill and reskill government employees to support the modern technology and processes

4. Technology suppliers need to do their homework

The public availability of contact information for government IT staff makes reaching out to the CIOs incredibly easy. While our speakers welcome the outreach, they are often disappointed that technology suppliers haven’t researched what matters for that specific CIO office. The cold outreaches are broad, generalized, and focused on selling to the CIO.

Government CIOs want the outreach, but they want to understand the pitched technology fits within the context of their strategic plan and the ecosystem of providers they already use. This information is publicly available, so they want suppliers to do their homework and frame the solution in the following ways:

Plan – what specific initiatives or directives does the technology modernization support?
People – who are the people involved, and how will others and the community benefit?
Process – what process improvements does the technology modernization support?
Technology – what are examples of it working for similar organizations solving like challenges?
Policy Implications – what are the policies considerations surrounding the technology?
Performance – how do we measure and share positive outcomes resulting from technology modernization?

The final thought one CIO offered to technology vendors was, “bring me leading edge, not bleeding edge, tech.” The agreement was while cutting-edge technology may be interesting, it doesn’t have a place in government until sufficiently proven.

5. Public CIOs want true partnerships with private sector technology providers

State and Local CIOs are operating to plans that extend years into the future. They also are tying every technology investment to the needs of their community, such as democratizing broadband access and keeping their citizens safe from cybercriminals. These challenges can’t be solved with a single technology or even within a single administration. And the balancing forces within the government mean technology modernization progress is slow compared to the private sector.

Therefore, government CIOs want partners with them for the long haul. They want partners committed to being a part of the solution beyond the technology they may provide. Partners who can bring ideas, best practices, and other partners and who take the time to build a personal and trusted relationship give the most value. Those are the partners who work on the government project.

Synchrony Systems’ work in state and local government

We have been fortunate to serve several state and local government organizations such as Bay Area Rapid Transportation (BART), City of Atlanta Fire Department, Oregon State Judicial Department, and New York City Police Department. Through our trusted partnerships, we helped migrate and modernize their legacy applications to modern, cloud-based, and mobile-friendly applications and user interfaces.

Our automated migration and modernization technology allows our partners like IBM, Astadia, and TSRI to leverage our platform and expertise on government modernization initiatives efficiently and effectively.

ModOps: DevOps for legacy modernization

DevOps has revolutionized software engineering methodology by unifying development and operations to accelerate software delivery. The older-style waterfall approaches to greenfield application development are being put aside as DevOps principles of agility, iteration, continuous delivery, and automation take center stage.

Modernization must deal with the challenge of transforming millions of lines of existing legacy code, built over decades by dozens, if not hundreds, of engineers, most of whom have moved on or retired altogether. Yet outdated approaches such as “rip and replace” are still the default modernization methodology, employing manual rewrites and disjointed automation tools. This approach is costly, takes an enormous amount of time and resources, and introduces significant risk to the business.

At Synchrony Systems, we believe it’s time to apply the DevOps principles, adopted for greenfield development, to software modernization—or ModOps—to keep pace with the rapid digital transformation.

Accelerating modernization delivery

Modernization focuses on transforming existing legacy systems and applications to the latest platforms and architectures. Unlike greenfield development, where very frequent and incremental changes are made to small bodies of code, modernization requires making wholesale transformations of the entire body of code at once and en masse. Therefore, the traditional manual approaches to modernizations can no longer be justified in today’s rapidly moving digital economy.

As the chart illustrates, ModOps accelerates modernization delivery and does so at a fraction of the cost and with faster time-to-value. It balances the overall speed, cost, quality, and risk while creating a unified experience that addresses a complex modernization process in a predictable way.

Continuous modernization

Continuous Development (CD), along with Continuous Integration (CI), have become the cornerstones of DevOps— the way applications are being developed and released into production. By replacing CD with Continuous Modernization (CM), ModOps will achieve the same—the way existing applications are to be modernized. Continuous Modernization will bring a high degree of automation and a systematic approach to managing the entire modernization lifecycle.

The three main pillars of ModOps are:

automation-driven modernization and transformation of legacy applications to modern programming languages and platforms;
coexistence of modernization activities with ongoing development activities, without any code freezes; and
functional and UX equivalency with no hidden costs or operational disruptions to the business.

ModOps is the answer for any company whose objective is to preserve its IP and its original investment in mission-critical legacy applications by adapting to and effectively competing in a rapidly moving digital economy.

As in DevOps, ModOps promotes agility, collaboration, and complete transparency. Project managers, migration engineers, testers, and other business stakeholders have full visibility into the overall status and progress of an ongoing modernization at every stage. With built-in planning, tracking, monitoring and dashboards, extensible workflows, automated testing and real-time feedback, a modernization is guaranteed to run smoothly and to be completed on time and on budget.

Tools for ModOps

The evolution of DevOps has spurred the development of tools to help teams more easily apply DevOps principles to the application development process. Modernization Lifecycle Platform (MLP) is doing the same for the application modernization process. It is a DevOps-driven, integrated, Modernization-as-a-Service platform that creates a unified approach to modernizing legacy applications. Whether it’s a modernization of COBOL to Java, PowerBuilder to C# or Smalltalk to Java, the underlying process, methodology, and user experience are uniform, no matter the chosen source and target platform combination. As a result, organizations are just months—not years—away from having their legacy applications transformed to the digital economy of web, mobile, and cloud.

No more legacy applications

We see a future where the application software is never “left behind” or lost to obsolescence. The major business challenges created by legacy applications—growing technical debt and shrinking technical talent—would themselves become obsolete.

Adding Continuous Modernization (CM) alongside CI/CD would give developers the ability to systematically and incrementally apply new software updates, adapt new APIs, or any other software components to in-house applications, thus doing away with any future wholesale modernization initiatives. By embracing ModOps and adopting a platform like MLP, businesses will become more agile, competitive, efficient, and responsive in addressing the demands of today’s digital economy.

Synchrony Systems launches new capabilities to support EGL migrations

Organizations can upgrade to the latest version of EGL technologies or move to alternative platforms with MLP

Greenwich, CT (September 7, 2021) – Synchrony Systems, Inc., a leader in legacy application modernizations, announced today the release of a 4GL EGL migration solution as part of its Modernization Lifecycle Platform (MLP) offering.

“News such as no longer supporting JSF and Jasper reports and IBM moving EGL to HCL puts a question mark in the platform’s future,” said Oleg Arsky, chief product officer at Synchrony Systems. “Pair that with the desire to move applications to Web SPA with Angular/React/Vue, it made sense for us to invest in building a complete EGL migration solution to help our customers approach EGL modernizations in the best way suited for their future-state and business needs.”

Using Synchrony’s automation technology within MLP, applications built in the legacy 4GL EGL platform can be migrated wholesale or incrementally to the target architecture, programming language, and platform of the organization’s choice. This includes upgrading to the latest version of EGL technologies or moving to alternative platforms. The new capabilities for Synchrony’s EGL Modernization solution include:

Report Framework Upgrade — Jasper Reports to BIRT Reports
Web Upgrade — EGL/JSF to EGL/RUI
Web Facelift — EGL/TUI to EGL/RUI
Platform Transformation — EGL to Java/C# on the backend and JavaScript on the frontend

“Companies who work with Synchrony get more than best-of-breed migration tools,” Slavik Zorin, CEO of Synchrony Systems. “Our strength and focus are on migrating large and often complex bodies of legacy code that run critical aspects of the business to modern technology platforms and release them into production without any operational disruptions or development freezes.”

“The real value for organizations is integrating our EGL migration tools inside the entire modernization lifecycle to achieve the kind of an assembly line that is needed to make a complex EGL modernization manageable in terms of process and predictable in terms of time and cost,” added Arsky. “That why we are excited to offer a complete EGL migration solution integrated with MLP.”

For more information, visit the EGL modernization solution page, MLP page, or contact us.

About Synchrony Systems, Inc.

We help enterprises transform legacy in-house applications to modern technologies while preserving business-critical functionality. Synchrony’s Modernization Lifecycle Platform (MLP) is a scalable, cloud-based platform for managing and executing end-to-end migrations and modernizations of legacy IT applications to modern software architectures and platforms. It enables automated code conversion, transformation, remediation, and upgrades of millions of lines of code in minutes, ensuring consistent, reliable, and repeatable results. MLP was named a 2021 Digital Innovator from Intellyx, 2019 SIIA CODiE Award Finalist for Best Emerging Technology, and 2018 SIIA CODiE Awards finalist for Best DevOps Tool.

How to pay off your technical debt (whitepaper)

Modernize your legacy code for a cloud-native world

Many organizations have already moved to the cloud. Yet the tech debt remains. Applications that were once considered “legacy” now run in modern infrastructure, but they’re still monolithic, tightly coupled, and difficult to change. Cloud hosting alone doesn’t make software cloud-native.

The business logic still matters. These systems still run underwriting, billing, claims, supply chains, and core operations. They cannot simply be replaced. But they can’t stay frozen either.

So what actually reduces tech debt? In this white paper, Jason Bloomberg, President of Intellyx, takes a practical look at legacy modernization — what works, what doesn’t, and where many organizations miscalculate.

Inside the paper:

Why lift and shift often fails to reduce tech debt
The architectural challenges behind monolith-to-cloud transitions
The limits of line-by-line code translation
Balancing automation with human engineering expertise
Why iterative approaches reduce modernization risk
The importance of scoping and lifecycle management in architecture transformation

If your cloud strategy hasn’t delivered the flexibility you expected, this paper offers a more grounded way to think about modernization.

Download your free copy of the tech debt white paper today.

Synchrony Systems wins 2021 Digital Innovator Award from Intellyx

Greenwich, CT (June 16, 2021) – Synchrony Systems, Inc., a leader in legacy application modernizations, today announced the selection to the inaugural class of the 2021 Digital Innovator Award from Intellyx, the first and only analyst firm dedicated to digital transformation.

“At Intellyx, we get dozens of PR pitches each day from a wide range of vendors,” said Jason Bloomberg, President of Intellyx. “We will only set up briefings with the most disruptive and innovative firms in their space. That’s why it made sense for us to call out the companies that made the cut.”

“It’s an honor to be recognized by Intellyx for our innovation in the IT modernization space,” said Slavik Zorin, CEO of Synchrony Systems. “We’ve spent 25+ years modernizing legacy applications, building and using our proprietary migration tools. When we integrated the source code migration tools into an entire modernization process, our clients saw considerable gains in code quality, efficiency, and affordability.”

Synchrony’s Modernization Lifecycle Platform (MLP) supports the entire modernization lifecycle: from analysis and planning to transformation and remediation, from build and deployment to testing and production release. It applies the same systematic, iterative, and automation-driven modernization processes to produce production-ready, modernized applications.

It is compatible with any translation libraries or rule-sets, no matter the source or target programming language, platform, or framework. By automating the complete modernization process migration tools can be integrated into as part of an entire modernization assembly line.

To see the full list of winners, visit the Intellyx announcement.

About Synchrony Systems, Inc.

We help enterprises transform legacy in-house applications to modern technologies while preserving business-critical functionality. Synchrony’s Modernization Lifecycle Platform (MLP) is a scalable, cloud-based platform for managing and executing end-to-end migrations and modernizations of legacy IT applications to modern software architectures and platforms. It enables automated code conversion, transformation, remediation, and upgrades of millions of lines of code in minutes, ensuring consistent, reliable, and repeatable results. MLP was named a 2019 SIIA CODiE Award Finalist for Best Emerging Technology and 2018 SIIA CODiE Awards finalist for Best DevOps Tool.

Facebook TransCoder: a migration panacea or a mirage?

Last year Facebook announced TransCoder, a tool that converts code from one programming language to another. Like many companies, Facebook also has legacy code that runs critical features and functionality of their platform. They also have billions of active users. It’s no wonder they chose the automation approach for migrating their legacy code to more modern technologies. With this approach, Facebook can preserve its original investment and reduce the risk of significant business disruptions that the proverbial, brute-force rewrite would otherwise bring.

Facebook TransCoder Flow Image — Source: Facebook AI Blog

TransCoder can help modernize legacy systems; however, the devil is always in the details when trying to bring the migrated code to production quality, release the migrated legacy application into production, and retire it.

Any machine learning translation tool can only get the complete migration of an application so far. If Facebook’s TransCoder can translate 90% of the application code, one line out of every ten still needs a software developer’s attention.

For an application with ten million lines of code, one million lines of code would need to be hand-written with production quality.

A manual rewrite of 10% of a large application may take years. In fact, the translated code may never see a production environment. Even with Facebook’s size, virtually unlimited resources, and access to the world’s best talent, the company will still need to manage the entire software migration lifecycle and all of the pieces that it takes to bring the new code into production.

Modernization is more than just code translation

Machine-driven migration tools from source to target programming languages play a crucial role in achieving successful modernization projects. These tools are akin to best-of-breed compilers and their role in greenfield application development. Yes, we need a good compiler, but without the well-established best practices of DevOps, no compiler by itself can ensure the successful completion of a software development project.

What will it take to migrate a large and often complex body of legacy code that runs a critical aspect of the business to a modern technology platform and release it into production without any operational disruptions or development freezes?

This particular challenge has been the Achilles’ heel of every modernization project. No migration tools, including the TransCoder, make any attempt to even mention it or, let alone address it.

Tools like TransCoder are often positioned as “auto-magic.” Buy a piece of AI software, and *poof* all of the migration work is done in a few keystrokes. But a programmer cannot take a COBOL program, wave an AI wand over it, and turn it into microservices or properly architected modern-day application. Right now, AI tools are decades away from being able to transform legacy applications in this manner.

Migration tools inside a modernization process

Migration tools such as TransCoder are just pieces of the chain of moving parts needed to run a well-oiled machine of an otherwise complex modernization process. Therefore, the real value is in integrating such tools inside the entire modernization lifecycle to achieve the kind of an assembly line that is needed to make a complex modernization manageable in terms of process and predictable in terms of time and cost.

No single automation tool is a silver bullet for a modernization project, and we should know. We’ve spent 25+ years modernizing legacy applications, building and using our proprietary migration tools. When we finally managed to integrate the source code migration tools into an entire modernization process, our clients saw considerable gains in code quality, efficiency, and affordability.

Our Modernization Lifecycle Platform (MLP) supports the entire modernization lifecycle: from analysis and planning to transformation and remediation; from build and deployment to testing and production release. It applies the same systematic, iterative, and automation-driven modernization processes to produce production-ready, modernized applications. It is compatible with any translation libraries or rule-sets, no matter the source or target programming language, platform, or framework. By automating the complete modernization process where a tool like TransCoder can be integrated into as part of an entire assembly line, the MLP platform:

Saves thousands of hours of manual effort
Reduces the time and cost of a modernization by 90% compared to traditional approaches
Is 100% automation driven yielding predictable outcomes
Ensures 100% functional equivalence
Eliminates the risk of introducing unexpected regressions or random defects
Provides complete transparency and interoperability for all stakeholders

Like Facebook’s TransCoder, new tools are emerging to take on challenges evident in legacy application modernizations, but they are limited in and of themselves.

An integrated platform that facilitates an automated, reliable, and transparent modernization while ensuring 100% functional equivalence with no operational interruptions is needed to take the migrated application into production.

MLP delivers what TransCoder only promises.

How to prepare for legacy application modernization

In-house applications, once associated with good fortune, have now become an albatross. These systems may still run business-critical processes or orchestrate data between commercial systems, but their underlying, aging technology has become a real liability. You know it’s only a matter of time before something fails, and it won’t be pretty.

You may be hearing a lot of bluster about the best way to go about modernizing legacy applications. “Refactor,” “re-platform,” “encapsulate and expose for microservices,” “lift and shift,” and “low-code rebuilds” are just a few of the buzz-phrases floating out there. At Synchrony systems, we also have our own view of how best to modernize. But the how is not always as straightforward as some try to make it seem. How to modernize depends on many factors that span well beyond source code or target technology.

So where do you begin? The following steps should not only help you prepare for legacy application modernization; they also should help you clarify the right modernization methodology to pursue.

Know what you have: document your current state

While this may sound like a no-brainer, you’d be surprised at how many companies don’t have a complete, up-to-date overview of their technology stack. Perhaps that’s because they’re busy putting out daily fires or launching new initiatives. Or maybe staff turnover put the critical, technical documentation on the back burner. Regardless of the reason(s), before starting any potential modernization initiatives, you must possess a full technical understanding of your IT portfolio and which parts of it are mission-critical to your business operations.

Three dimensions of the current state must be well understood: architecture, timeline, and capital.

Architecture: While it’s ok to not have all the answers, accurately describing what you know—and highlighting what you don’t—is important.

Do you have access to the source code of your in-house applications?
Do you understand your applications’ source platform dependency?
Do you understand your applications’ component architecture?
Do you understand your applications’ runtime architecture?

Timeline: Many in-house applications are built using licensed, 3rd-party software. Understanding the timing of the maintenance and support contracts is an important input to the modernization effort.

Capital: Capital includes the dollars used to support the in-house applications, as well as the resources and time spent maintaining them. You also need to understand what other IT projects your company is currently funding, the budget for the modernization initiatives, and when those funds will be available.

With this information, you can start to map out the priorities for your modernization.

Know where you want to be: document the future state

Sometimes the future state has a strategic mandate from the top—become cloud-first or consolidate technologies onto a single platform. Other times, the future state evolves more organically. Regardless of the path, you need a documented roadmap of the new vision for IT. This plan is really a risk-mitigation strategy for your legacy applications. It’s only a matter of time before the old versions start to fail, their security gets breached, a 3rd-party vendor stops supporting the software, or some other business-impacting event occurs.

Like the current state, your future state plan has the same three dimensions: architecture, timeline, and capital.

Architecture: Future state technology architecture needs to be aligned with the business need, and not just be technology for technology’s sake. The tech vision must map to the business vision and support the business value of investing in modernization. Along with technology, the future state should include recommendations about the people and process changes required to operate in this new architecture.

Timeline: Modernizations can be lengthy projects with many concurrently moving parts. A strong roadmap includes critical dates such as contract renewals, end of support, and/or end of life. It includes budget cycles for funding, and it maps critical hires such as short-term contractors, modernization specialists, and/or full-time developers/IT professionals. The roadmap also should include important business dates like acquisitions, major product launches, peak selling seasons, etc. All these factors can help shape your modernization priorities and urgency.

Capital: In addition to the investment allocation for the initiative, you also need to understand the capital outlay needed for resources—internal and external—required for success.

Determine the path forward

Now you can perform a gap analysis of the current and future states. The timeline and available capital will be key factors—the “how”—that inform your approach to modernization.

Another factor to consider is the relative effort of modernization. For example, rewriting an application from scratch is not only time-intensive from a greenfield development standpoint, but the effort to make it operational would include retraining users, rewriting documentation, re-tooling support, etc. Many hidden costs of rip-and-replace strategies that may be overlooked during the initial scoping will later become quite burdensome.

For very small, in-house applications with minimal business impact, simple migration tools may be all you need for the modernization. For very large, in-house applications, the strategy may be more complex and consist of several approaches, including:

Rip and Replace: replace with an off-the-shelf alternative
Lift and Shift: re-platform or re-host the entire legacy workload onto a virtual cloud environment
Rewrite: retire and invest in ground-up greenfield development
Re-architect: attempt to improve in place the underlying legacy application architecture into a more modern, service-based, web architecture.
Migrate: using automation, migrate “as-is” to a new target platform, preserving functionality and user experience

At this stage, talking with companies that specialize in modernizations is a wise idea. With the groundwork you’ve done, modernization experts should be able to give you a proposal for moving forward, a timeline, and a cost estimate for the modernization.

Start now

As Benjamin Franklin once said, “By failing to prepare, you are preparing to fail.” It’s never too early to begin the work necessary for a clear strategy to move away from your legacy applications.

At Synchrony Systems, we have over two decades of experience helping companies modernize their legacy, mission-critical applications in the most cost-effective and transparent way possible. Whether you are just starting to think about modernization or have an urgent need, we are happy to talk with you about your specific situation.

Synchrony Systems announces microservices extraction capabilities for rapid migration of in-house legacy application functionality

Greenwich, CT (April 6, 2020) – Synchrony Systems, Inc., a leader in legacy application modernizations, today announced new microservices extraction capabilities of their Modernization Lifecycle Platform (MLP). The underlying source code migration and upgrade technology identifies and extracts full execution paths of critical business functions and automatically migrates them to the desired target platform as microservices suitable to be deployed to the cloud and to platforms such as Kubernetes.

The typical modernization process of monolithic in-house applications is to upgrade the entire application before the smallest bit of functionality can be run on the target platform. Traditionally, application modernizations have been an all-or-nothing proposition.

“Thanks to the ingenuity of our lab, we’ve added a powerful capability to our source code transformation engine that dramatically reduces the cost and time that it takes to produce a working system in order to deliver some of the application’s business-critical functionality,” said Slavik Zorin, CEO of Synchrony Systems. “No longer is it necessary to modernize the entire application. Instead, it is now possible to accurately extract narrow, vertical execution paths of critical business-functions and migrate them to a modern, cloud-ready, target platform. This gives businesses the ability to rapidly modernize only the code that matters and address urgent business needs today.”

Microservices extraction also has the ability to more accurately identify candidate “dead” code that can be removed altogether. This visibility helps IT and software engineering professionals reduce technical debt and total cost of ownership by deprecating functionality that no longer matters, and therefore, should not be modernized.

“CIOs who have managed migration projects know that short-term quick fixes create long-term technical debt,” stated Jason Bloomberg, president of Intellyx, an analyst and advisory firm helping business executives and IT leaders untangle the technologies and practices behind digital transformation. “The microservices extraction capabilities in Synchrony Systems’ Modernization Lifecycle Platform not only shortens the time to value, but they can actually decrease technical debt as well as the long-term total cost of ownership of modernized systems.”

“This is a game-changer for institutional companies like banking or insurance where in-house applications are preventing them from actualizing their digital transformation or engagement initiatives,” added Zorin. “Companies are now able to migrate key business functions to a target platform in only a few months, not years while preserving 100% functional equivalence and delivering in the process a modern target architecture.”

About Synchrony Systems, Inc.

We help enterprises transform legacy in-house applications to modern technologies while preserving business-critical functionality. Synchrony’s Modernization Lifecycle Platform (MLP) is a scalable, cloud-based platform for managing and executing end-to-end migrations and modernizations of legacy IT applications to modern software architectures and platforms. It enables automated code conversion, transformation, remediation, and upgrades of millions of lines of code in minutes, ensuring consistent, reliable, and repeatable results. MLP was named a 2019 SIIA CODiE Award Finalist for Best Emerging Technology and 2018 SIIA CODiE Awards finalist for Best DevOps Tool.

5 ways your legacy systems may add to cybersecurity risks

Not all technical debt is created equal. Many legacy business systems—whether architected in-house or purchased from software vendors—contain inherent security vulnerabilities that may be growing worse over time. In a recent Accenture study of government agencies, 85% of IT leaders believe not updating legacy technology will threaten their agency’s future. The Workplace Agility report from Capita and Citrix found more than half of CIOs surveyed think legacy applications are delaying digital transformation.

Here are five security vulnerabilities associated with legacy business systems:

1. Outdated security functionality doesn’t adapt to evolving threat landscape

Today’s hackers enjoy a target rich environment—in 2018, there were more than 15,000 known Common Vulnerabilities and Exposures (CVEs). When legacy systems were developed, these applications may have been on top of then-current cybersecurity practices. But with the passage of even a short time, the threat landscape evolves while many legacy systems get left behind.

Legacy systems may be incompatible with security features surrounding access, such as multi-factor authentication, single-sign on and role-based access, or lack sufficient audit trails or encryption methods. Whatever the reason, these systems are unable to accommodate today’s security best practices.

When security flaws are discovered in legacy software, they are widely published on security blogs and in industry journals. While it is important to update security professionals on vulnerabilities, hackers are also receiving a free education. In the case of legacy systems, cyber criminals have had years to perfect tools for exploiting well-known vulnerabilities.

2. Older hardware, software or databases create legacy dependencies

Sometimes it isn’t just that a legacy application lacks security features, but rather that the ability to continue using that legacy application is contingent upon a variety of legacy dependencies that introduce additional security vulnerabilities. These legacy dependencies can include hardware (such as old mainframe computers), database structures, operating systems, or other legacy software.

A classic example of legacy dependencies can be found within many enterprise ERP systems. Suppose you added a third-party reporting tool or created a customized barcode scanning application five years ago that integrated with an older version of your ERP. You should have upgraded your ERP system twice by now in order to benefit from security enhancements, but you have put it off because moving to the latest version of the environment would break the integrations between your custom apps or third-party solutions.

Over decades many organizations built a web of proprietary, interconnected, mission-critical business systems that still feed into legacy databases. A recent strategic technology plan for Grand Traverse County, Michigan gives an all too familiar description:

“The AS400 based applications that are running on the IBM Platform are in-house programmed over decades. This results in many application revisions by multiple programmers with little or no oversight into best practices for security and usability. This lack of oversight creates what is referred to as spaghetti code, or code that is difficult to untangle and secure.”

Grand Traverse County had built 57 custom applications on its outdated IBM mainframe environment, and the IT department requested over $6 million just to migrate to modern platforms and applications—about 1/10th of the county’s entire annual budget. Modernizing and securing spaghetti code can be complicated, causing many businesses to delay until after a security incident occurs.

Legacy dependencies can also create a drag on business that extends far beyond the IT department. Here are two ways they slow down or prevent the achievement of critical enterprise objectives:

In-house systems can hold back the development of a better customer experience. Are you unable to provide customers with self-service? Do you lack the ability to launch subscription products because a legacy billing system cannot provision and invoice for them correctly?
Legacy dependencies can stall a strategic move to the cloud and digital transformation. A recent survey conducted by market research firm Vanson Bourne found that 85% of enterprise digital transformation architects said legacy databases limit their ability to transform. During transformation projects, 60% of architects observed that managing legacy system involvement took too much of the IT team’s time.

3. Legacy systems lack full-stack security visibility

Legacy systems with spaghetti code also tend to leave discarded bits of code and tools hanging around—quite possibly in your production environment. Small apps may still be used by a few employees, but may not show up in IT inventories, even though they contain old open source code. Because these tools aren’t under active development anymore, there should be a plan to sunset them or modernize them, but if they slip off the IT radar, security lapses may ensue.

Java development magazine Jax cautions IT security professionals to

“Remember, any application – no matter how big, small, old, or new – is fair game for cybercriminals so businesses can shrink their threat surface by removing any potential footholds into their infrastructure. IT and security teams need to implement a plan and process for regularly reviewing their technology stack and sunsetting applications that no longer serve a business function.”

When business systems run on a modern platform, the IT department can utilize full-stack security solution suites to gain better visibility into enterprise-wide security.

4. Internal applications more likely to become externally exposed over time

Even businesses with good security procedures and the best of intentions about solving technical debt incur increased vulnerability over time with legacy systems. That’s because as years (or decades) pass, mergers, acquisitions and corporate restructuring may leave orphaned hardware and software that no one “owns” anymore. With nobody using these assets and no decommissioning plan in place for them, the legacy hardware or software bumbles along in the background, until one day an IT change inadvertently results in its exposure to the external world. An unguarded, unintended door open without anyone keeping an eye out for intrusions.

An example of this occurred when FedEx acquired a company called Bongo. Bongo’s legacy storage server went unnoticed as its IT assets were incorporated into FedEx’s environment. The result was an Amazon S3 server left unsecured online, sitting on FedEx’s network.

5. Legacy platforms lack the ability to implement additional layers of security quickly

Many security packages weren’t designed for legacy mainframe environments and operating systems. And the legacy applications themselves often lack the kind of real-time security monitoring needed to pin down and resolve security intrusions. Legacy systems might monitor performance, for example, but lack the details and contextual information that create the true visibility needed by security professionals. Audit trails and log functionality might be missing altogether or could be in a proprietary format that proves difficult to access and analyze.

The lack of adequate monitoring and logging can get enterprise businesses into trouble quickly if legacy applications are connected to both the internet and an internal corporate network. Once a legacy application has been exploited without triggering any alerts or logs, cybercriminals have free rein to run through the internal network cracking into other systems—potentially undetected—while the IT team lacks visibility into where the original intrusion occurred. By contrast, when you’re operating applications that are part of a modern cloud or hybrid tech stack, you can quickly and easily add plug-and-play security and network monitoring solutions that are interoperable with your platform.

Conclusion

The solution to legacy security vulnerabilities is tech stack modernization, followed by Continuous Modernization to keep future technical debt from accruing new security risks. Gain greater visibility into technical debt that might cause security concerns by creating an application catalog that notes legacy dependencies and assigns a measurement of risk. Then create a decommissioning plan to eliminate technical debt from the riskiest legacy systems first.

Synchrony’s Modernization Lifecycle Platform (MLP) brings an automated upgrade process, a collaborative work environment, and transparent and traceable perspectives to software upgrades. Continuous Modernization, or CM, is a complementary approach to the DevOps practices of Continuous Delivery (CD) and Continuous Integration (CI). CM gives enterprises the ability to systematically and incrementally apply new software updates to in-house applications, APIs, or any other software components, regardless of the underlying technology being upgraded.

Learn More

Yes, I’d like to learn more about Synchrony Systems Modernization and Continuous Modernization technology: