Jun 18 2024
Software

Can Application Modernization Keep Higher Ed Cyberattackers at Bay?

Outdated, unpatched legacy applications are vulnerabilities cyberattackers are eager to exploit. Here’s how to slow them down.
Tom Jordan
by

Tom Jordan is a solutions architect at the University of Wisconsin–Madison.

In 2014, a vulnerability was discovered in a critical security library used by a massive number of systems worldwide. The Heartbleed Bug exploited a lack of bounds checking in the Transport Layer Security heartbeat protocol, and when an exploit was published in April 2014, millions of systems were immediately vulnerable.

Ten years later, more than 34,000 systems in the United States alone remain vulnerable. After what is regarded by many as the most widely reported vulnerability in the history of the internet, one might ask, “Why are there still vulnerable hosts 10 years later?” The question gives a glimpse into the challenges that organizations face in modernizing their application portfolios.

Click the banner below to learn what modernizing legacy apps can do for your university.

x-appmodernization-animated-2024-clickhere-desktop2 x-appmodernization-animated-2024-clickhere-mobile2

 

Higher Education’s Challenges Modernizing Legacy Applications

Maintaining a modern and contemporary application portfolio is critical for other reasons. Technological advancements that lead to improvements in cost and efficiency are rarely back-ported to previous software versions; likewise with advances in digital accessibility and user-focused design. Achieving gains offered by modernization requires that organizations take a systemic approach.

This can be an especially thorny problem in higher education, where application ownership is often distributed across campus. The complexity of the application portfolio for a typical institution is staggering. In addition to core applications for students, HR, and teaching and learning, campuses often support systems related to power plant management, police operations, housing, event management, patient records and others. The list goes on.

Research universities often have an additional challenge with highly specialized systems and instruments that support research. Custom-built hardware and software needed for these programs may not have a clear upgrade path or support structure. Likewise, embedded systems and internet-connected devices may not always be easy to upgrade when vulnerable software versions are discovered.

But application modernization is not just about risk avoidance. A strategic look at your application portfolio can identify functional duplication or overlap, where campus groups might use (and pay for) different applications to perform the same or very similar business functions. Additionally, groups that have independently chosen and licensed a common tool might benefit from a shared licensing approach and campus support for their user community.

App Mod TOC

Related Content:

Explore how a Strategic Application Modernization Assessment can help your university.

Learn how modernizing legacy applications can make your campus more efficient.

Find out how universities can better protect data with application modernization.

Discover what software asset management solutions can do for higher education.

 

5 Strategies for Higher Ed Application Modernization

Gartner describes five main strategies that institutions can use to modernize legacy applications:

  1. Rehosting. Sometimes called “lift and shift,” rehosting a legacy application usually means redeploying the application to new infrastructure without substantially changing the application. While this may sound attractive, it is often the worst approach when shifting legacy applications to cloud infrastructure as it tends to maximize costs and negate some key benefits of cloud infrastructure.
  2. Replatforming. Migrating an application to a new runtime platform usually involves changing out key libraries and infrastructure components without disturbing the application’s functionality. This can help to mitigate vulnerabilities but is often a missed opportunity to address technical debt.
  3. Rearchitecting. Restructuring the application might mean reimplementing certain parts of it, but without substantial change to functionality. Rearchitecting is a very common approach to moving legacy applications to the cloud in a way that truly leverages cloud strengths.
  4. Rebuilding. Rebuilding or rewriting an application is often an opportunity to address gaps or shifts in business requirements. Functional aspects that no longer fit the business can be examined and improved without the expense of a wholesale replacement.
  5. Replacing. Replacing a legacy application with a newly developed or commercially required application is another of the more common approaches to modernization. It can also be tremendously challenging to ensure business needs are fully captured and addressed.

WATCH: Utah State University integrates ServiceNow to create campus efficiencies.

However you choose to approach application modernization, it’s critical to do it in a systematic and structured way. Enterprise architecture tools such as Sparx Enterprise Architect or The Essential Project’s EA tool can maintain structured information about applications and perform analysis on the app portfolio. This gives visibility into systems that need remediation and helps institutions prioritize and plan for obsolescence.

It’s also critical to find the right partners to support your modernization efforts. The cloud can look attractive as a means to reduce capital expense and gain flexibility, but a lift-and-shift approach to the cloud is almost never the right choice. Finding a partner that can help assess the pathways available for a given legacy application will pay dividends in both the migration itself and in the quality of the future-state environment.

Eduard Figueres/Getty Images

More On

Related Articles

Close

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.

Click to See the Report