A legacy system refers to an old process, piece of technology, system, or application that has become outdated and yet remains in use. Examples include factory equipment that run on MS-DOS or office computers that still use Windows 2000 and servers that continue to run Windows 2003 Server.

In general, it is not advisable to use legacy systems as these are no longer supported by their respective vendors. As such, they no longer receive critical patches, especially for cybersecurity. In case they get attacked, retrieving data or even the mere act of rebooting them may be impossible.

Other interesting terms…

Read More about a “Legacy System”

What Is a Legacy System

First Use of “Legacy System”

The term “legacy” was first used for computers in the 1970s. In the 1980s, it distinguished between existing and newly released systems. Today, the term is mostly used for devices that vendors no longer support or provide patches for. That does not mean, though, that all organizations no longer use them.

Many organizations, especially in the government sector, still use legacy systems. Take a look at some figures for U.S. government agencies in the image below.

Source: https://www.datasciencecentral.com/profiles/blogs/the-true-value-of-legacy-systems-modernization-for-businesses

Reasons Why Organizations Still Use Legacy Systems

Organizations have varying reasons for continuing to use legacy systems such as:

  • The systems still work fine, so there is no reason to change them.
  • Redesign or replacement costs are too high.
  • Retraining staff to use new systems would cost too much in terms of time and money.
  • The systems need to stay up and running at all times so they cannot be taken out of service. And procuring a new version will break the bank.
  • No one in the organization knows exactly how the systems work, so replacing them may be too complicated.
  • Newer systems may have undesirable functions such as tracking and reporting user activity and automatically updating that could lead to security vulnerabilities. This problem worsens when the said functions cannot be disabled.

Problems That Legacy System Use Poses

Since legacy systems were probably not designed to keep pace with their more modern counterparts, they could pose challenges such as:

  • Lack of mobile capability: Most legacy software cannot be accessed from any device other than office computers. That means employees always need to be in the office to work, which could translate to lost productivity, especially when they are forced to stay home due to lockdowns like those enforced due to COVID-19.
  • Poor customer experience: Digital transformation is all about people. Businesses that want to stay on top should provide their customers with the best experience. Legacy systems make that incredibly difficult to do. They cannot be accessed via mobile phones, which makes it hard for users to engage with companies should they need to. That translates to poor customer service that could lead to customer loss.
  • Negative employee experience: Employee experience affects productivity. And the use of legacy systems directly affects employee performance. It slows down processes which in turn may affect the way employees view your company.
  • Adverse impact on brand image: Company losses also include reputational damage. So if a poorly secured legacy system is breached, its user could incur reputational damage that may take years to repair. As a result, customers may no longer trust your services and take their business elsewhere.
  • Lack of scalability: Systems should adapt to a business’s growth, something that is not possible with legacy systems. To remain competitive, a company needs to scale to keep up with employee and customer requirements automatically. Let’s face it, legacy systems are not as dynamic as new ones.
  • Lack of cybersecurity: As mentioned earlier, legacy systems no longer receive updates from vendors, making them more prone to attacks. And even if users want to build cybersecurity functionality into their systems, very few developers may know how. It does not help that some vulnerabilities in legacy systems are not always easy to fix.

Legacy System Modernization Methods

Legacy system owners may not know it, but their use has hidden costs. In 2019, in fact, the U.S. government spent 80% of its IT budget on operations and maintenance, specifically for legacy systems that posed efficiency, cybersecurity, and mission-critical risk issues. Only the remaining 20% was spent on development, modernization, and enhancement.

Before legacy system modernization can ensue, though, conducting a thorough assessment of an organization’s legacy framework is needed. Only after that can it choose from these modernization strategies:

  • Revolutionary method: Involves developing and carrying out replacement, which requires shutting down the old system and building a new one from scratch. Some consider this approach extreme, but sometimes it’s better to retire a system altogether to avoid severe damage, such as a security breach, data loss, or system downtime. This method is applicable when the original product can no longer solve existing business problems, so reengineering or porting to newer technologies makes no sense.
  • Evolutionary method: A systematic, step-by-step software modernization process that is usually less painful. It does not disrupt significant business processes and poses significantly fewer risks. It often becomes a band-aid method, as system administrators focus on solving specific problems instead of removing the factors that lead to them.

Companies considering legacy system modernization can choose from several techniques that include:

  • Encapsulation: Reusing legacy software components by leaving code in the current environment while connecting it to new presentation and access layers via an application programming interface (API).
  • Rehosting: Leaving an application unchanged even if it’s moved to other physical, virtual, or cloud infrastructure, making it the cheapest and most low-risk strategy. It is also faster than reengineering and keeps underlying business logic intact, which means no negative impact on the enterprise because the system operates the same way.
  • Re-platform migration: Forklifting an application to the cloud as is or without making any code changes. It doesn’t generally use cloud-native features as re-platforming and refactoring.

Other legacy system modernization tactics include code refactoring, rearchitecting, rebuilding or redesigning, and replacing.


As you’ve seen, legacy system use has its ups and downs. At the end of the day, the decision on whether to keep using or replace them depends on your available resources, critical business requirements, and current business goals.