Hub - Security

By Ian Bernhardt - 24th September 2021

The Risks Legacy Systems Pose to Your Organisation

Nothing lasts forever, and that includes hardware and software. Eventually, everything needs to be replaced and with rapid changes to businesses these systems may need to be upgraded or patched more often than you expect.

It’s easy to think that because something has been running reliably for so many years there is no need or urgency to upgrading or replacing on a regular basis. However, this not only impacts system performance and reliability but also security, compliance, integration, and support costs. What may seem like a cost saving in the short term, could develop into something more expensive than you budgeted for.

So how do you stay proactive and up to date when it comes to legacy systems? We think you should consider the following:

  • Security

There is a need for up-to-date security due to the constant threat of phishing and malware that we see increasingly in the legal sector. We are seeing, on a regular basis, news that yet another organisation that’s supposed to be protecting client data has been hacked or are the victim of a ransomware attack.

Security standards evolve at a very rapid rate, and these do need updating or patching almost daily.  There are numerous applications and security standards that are now suddenly obsolete and replaced with a newer version because it simply wasn’t secure enough.

If you’re running any legacy application or services, they may not be capable of running or utilising these new standards. This can cause issues with various communications systems that may struggle communicating with more modern systems because they lack support or capabilities for the modern standards.

On a more basic level, legacy operating systems such as Microsoft Windows 7 or 2008 may no longer be receiving basic security updates to fix long standing security flaws even with extended support. All these things combined can result in a significant risk to your organisation and the security of the data you hold.

  • Evolving Threats

The threat landscape is continually changing, not only with targeted attacks against legacy or unsupported applications, but against the language, encryption, security, and capabilities of these systems. What seemed secure years ago may be worryingly insecure today. Time and technology advances have given attackers better cloud computing power and knowledge on the weaknesses of older systems, and they are exploiting this on a regular basis.

  • Reliability

It’s not uncommon to hear organisations argue that a legacy system or application that is critical to their business function, has been running reliably for years and doesn’t need to be updated or replaced.

This mindset is dangerous as the ever-evolving security risk and forced software updates can result in users being locked out of a business-critical system. For instance, a web application could use an older version of SSL to make encrypted connections and as browsers evolve, they stop support for these out of date or risky standards, and you will be unable to connect to important services.

A desktop application that has successfully run across numerous versions of Microsoft Windows for years might suddenly receive an update that breaks the legacy software, and this can be very costly and time consuming to fix and, in some cases, it is not possible to roll back these changes.

In the case of most IT systems, it’s generally recommended to budget for replacement systems and hardware every three-to-five years as a best practice. This must be done for a variety of reasons, but mainly for overall stability and reliability of your systems. Yet we still see client servers and other hardware that have been running well beyond their reliable and recommended lifespan and increasing the risk of data loss or breach.

While most hardware systems have some redundancy built in power, cooling or storage, it’s often overlooked that most of these components were manufactured and put into service at the same time. So, while one immediate failure might not bring down your entire network or systems, it should be seen as a warning that potentially those other components could suffer the same fate very soon.

  • Integration

Businesses often want to take advantage of new technology but fail to understand how those new applications and systems can integrate with existing systems and services. You may have just purchased a new system to help streamline business operations, only to learn that your legacy email system, legacy financial database system or custom application simply isn’t supported due to its legacy status. This can be a very costly oversight that can lead to delayed deployment, cancelled implementations or costly, unplanned upgrades.

Lastly, you could run into issues when you upgrade an application without noticing that it requires a newer version of Windows Server or Microsoft SQL, and this could result in significant unplanned costs or downtime.

  • Support

Support for legacy systems can often become a costly and resource-hungry problem, whether it’s having support for an application being dropped completely or the difficulties and costs associated with finding someone to support your legacy system.  These issues can be felt across your whole business.

Software suppliers can stop support for a particular version of a product, and this can affect other systems on which your application depends to run a part of its functionality.

Often, organisations rely on using a heavily customised application built on a legacy technology or systems and it can be difficult and costly to find someone who could support them in the event of a system failure

  • Compliance

Compliance is another area that people forget about, but it’s something which everyone should become more familiar with. So, what do your legacy systems have to do with compliance? By not upgrading systems or applications, you could be setting your business up for hefty fines in the event of a data breach caused by something that could have been easily avoided.


What we’ve listed above are just some examples of the dangers and risks of depending on legacy systems. If you need support in identifying legacy systems and potential risk to your organisation, get in touch with us today.

The latest from CTS