Tackling the legacy application challenge
Summary
TLDRThis webinar, hosted by Macro4, addresses the challenges of managing data security in legacy applications. It highlights the risks of non-compliance with regulations like GDPR, the incompatibility with modern security mechanisms, and the lack of security patches. The discussion includes strategies for identifying at-risk applications, the importance of data security, and a case study on successfully decommissioning a legacy application in the financial sector. The session also explores the role of Columbus, Macro4's solution for secure data management and migration, emphasizing the benefits of consolidating data into a single, secure repository.
Takeaways
- đ Data Security is Crucial: Legacy applications may pose a security risk to businesses due to outdated security measures that could be non-compliant with regulations like GDPR.
- đ Webinar Series: This is the first of three webinars focusing on managing data in legacy applications, covering compliance, business risk, and increasing business efficiency.
- đ« Incompatibility with Modern Security: Legacy applications might be incompatible with modern security mechanisms such as multi-factor authentication (MFA).
- đĄïž Patching Vulnerabilities: Older applications may lack available patches to fix security vulnerabilities or have slower rollouts due to lower priority.
- đ Importance of Data Security: Data security is distinct from application security and involves ensuring the protection of sensitive personal identifiable information (PII).
- đŠ Case Study Insight: A successful legacy application decommissioning process in the financial sector highlighted the benefits of moving to a more secure system like Columbus.
- đ Identify Risky Applications: The first step in managing legacy applications is identifying those that do not meet current security requirements.
- đïž Decommissioning Strategy: Consider whether data should be migrated, deleted, or archived when planning to decommission legacy applications.
- đ Link with Existing Security: Columbus can integrate with existing security infrastructures like Active Directory to maintain consistent access controls.
- đ Cloud Migration Considerations: Moving legacy applications to the cloud does not inherently resolve security issues; instead, use secure solutions like Columbus for cloud migration.
- đ Long-Term Data Repository: Columbus offers a safe, long-term repository for data with ongoing development support and the ability to meet regulatory compliance.
Q & A
What is the main focus of the webinar series presented by Macro4?
-The webinar series focuses on the challenges of managing data in legacy applications, covering topics such as data security, compliance and business risk, and increasing business efficiency through decommissioning legacy applications.
Why can older legacy applications pose a risk to a business?
-Older legacy applications can pose a risk due to potential lack of security, non-compliance with regulations like GDPR, incompatibility with modern security mechanisms such as multi-factor authentication, and slow or unavailable patches for security vulnerabilities.
What is the importance of data security in the context of legacy applications?
-Data security is crucial because it protects sensitive personal identifiable information (PII) and business-critical data from unauthorized access and breaches, ensuring compliance with regulations and minimizing business risk.
How does the lack of multi-factor authentication (MFA) in legacy applications impact security?
-The absence of MFA in legacy applications can make them more vulnerable to unauthorized access, as it lacks an additional layer of security that verifies the user's identity through multiple means.
What is the role of Macro4 in helping organizations manage legacy application data?
-Macro4 assists organizations by providing a secure repository for legacy application data, helping to identify and decommission legacy applications that pose security risks, and ensuring that data remains accessible and compliant with regulations.
Can you provide an example of a successful legacy application decommissioning process?
-The case study of a large UK banking organization that acquired a competitor and had duplicate systems is an example. Macro4 helped them migrate the previous year's financials into their financial package and decommission the old system, providing enhanced security controls and data management.
What are some of the key questions an organization should ask when assessing the security of their legacy applications?
-Key questions include whether the data is secure in existing applications, the ability to enforce security policies, providing secure access to data in unsupported legacy applications, and the capability to control access levels to sensitive data.
How can an organization make a business case for moving data from legacy applications to a secure solution?
-A business case can be made by identifying the risks associated with legacy applications, demonstrating the benefits of improved data security and compliance, and showing the potential for cost savings and increased efficiency.
What is the significance of integrating a SAML capable ID management solution with Columbus for enhanced security?
-Integrating a SAML capable ID management solution with Columbus allows for the implementation of multi-factor authentication, combining the security strengths of both systems to provide a more robust defense against unauthorized access.
Can access to different applications within Columbus be restricted based on user roles or groups?
-Yes, Columbus can link with existing Active Directory groups, allowing for role-based access control to different applications within the system, mirroring the access controls of the legacy applications being decommissioned.
What are the benefits of moving legacy applications into Columbus and then to the cloud?
-Moving legacy applications into Columbus and then to the cloud centralizes data management, enhances security through modern security practices, reduces reliance on scarce IT skills for maintenance, and helps in retiring applications while reducing business risk.
Outlines
đ Introduction to Legacy Application Security Webinar
The webinar, hosted by Phil Oldfield and Sam Dicks from Macro4, opens with an introduction and housekeeping notes, including the use of the Q&A section and the recording of the session. The speakers outline a series of three webinars focusing on managing data in legacy applications, with the current session dedicated to data security challenges. Key issues discussed include the risks older applications pose due to potential non-compliance with regulations like GDPR, incompatibility with modern security mechanisms such as multi-factor authentication (MFA), and the slow rollout of security patches. The session aims to identify security-risk applications, emphasize the importance of data security, present a financial user case, and provide tips on decommissioning legacy applications.
đš Addressing Legacy Application Security and Data Privacy Concerns
This paragraph delves into the importance of managing data security in legacy applications, highlighting the need for granular security and access controls to protect business-critical information. The discussion includes the necessity of data privacy features to limit exposure to sensitive personal identifiable information (PII) under GDPR. The speakers stress the importance of evaluating the security of existing applications, the ability to enforce security policies, and the challenges of providing secure access to data. They propose consolidating data from multiple applications into a single secure repository to streamline access and decommission old applications, thereby reducing business and security risks.
đ Case Study: Decommissioning Legacy Applications in the Financial Sector
The speakers present a case study of a large UK banking organization that used Columbus, a Macro4 solution, to decommission a legacy application following an acquisition. The organization aimed to migrate financial data and decommission the old system due to its lack of security controls and inability to manage sensitive data effectively. Columbus provided the necessary security controls, data redaction based on role-based access, and lifecycle management, integrating with the organization's existing security infrastructure. This successful project led to cost savings and improved data security, prompting the organization to consider decommissioning other legacy applications.
đ Strategies for Tackling Legacy Application Challenges
The paragraph outlines strategies for addressing the challenges of legacy applications, starting with identifying static data applications that are prime for decommissioning. It suggests considering data needs, whether to migrate, delete, or archive data, and how it will be accessed and used in the future. The business case for moving data to a secure repository is emphasized, with the goal of achieving granular access levels and regulatory compliance. Macro4's role in helping customers with their legacy application challenges is highlighted, including its experience, technology, and ongoing development roadmap, which provides a long-term data repository solution that can be integrated with cloud migration strategies.
â Q&A Session: Decommissioning and Security in the Cloud
The final paragraph covers the Q&A session where participants inquire about decommissioning in the cloud and the integration of multi-factor authentication (MFA) with Columbus. The speakers clarify that moving legacy applications to the cloud does not eliminate inherent security risks but emphasizes that Columbus can provide the necessary data and application security for cloud environments. They also explain how Columbus can integrate with SAML-capable ID management solutions to implement MFA, enhancing overall security. Additionally, they address the ability to restrict access to different applications within Columbus by leveraging existing Active Directory groups, ensuring a seamless transition of access controls.
Mindmap
Keywords
đĄWebinar
đĄLegacy Applications
đĄData Security
đĄCompliance
đĄMulti-factor Authentication (MFA)
đĄDecommissioning
đĄBusiness Continuity
đĄColumbus
đĄRegulatory Compliance
đĄData Retention Policies
đĄCloud Migration
Highlights
Introduction to the webinar on managing data in legacy applications, focusing on data security.
The importance of addressing legacy application security due to potential non-compliance with regulations like GDPR.
Challenges of legacy applications including incompatibility with modern security mechanisms such as multi-factor authentication.
The risk of slower security patch deployment for legacy applications due to lower priority.
The necessity of maintaining business continuity while addressing legacy application security.
Differentiating between data security and application security in the context of legacy systems.
A real-world case study of a financial organization in the UK that successfully decommissioned a legacy application.
How Columbus, a software solution, provided enhanced security controls and data management post-decommissioning.
The role of granular security and access controls in protecting sensitive data.
The impact of data privacy features on limiting exposure to personal identifiable information (PII) under GDPR.
Questions to ask when evaluating the security of legacy applications within an IT landscape.
The process of identifying static data in legacy applications as candidates for decommissioning.
Making a business case for moving data to a secure repository while considering future data usage.
Macro 4's role in helping customers with legacy application decommissioning and data security.
The integration of Columbus with SAML capable ID management solutions for multi-factor authentication.
How to restrict access to applications within Columbus using existing Active Directory groups.
Final takeaways emphasizing the identification of legacy applications and the move to secure solutions.
Upcoming webinar on tackling data challenges of legacy applications, focusing on compliance and business risk.
Closing remarks and thanks for participation in the webinar.
Transcripts
good afternoon everyone and welcome to
our webinar
my name is phil oldfield i'm a client
services consultant at macro4 hi good
afternoon i'm sam dicks i'm also client
service consultant here at macro4
a couple of housekeeping points for you
down the bottom of the screen there's a
q a section so if you do want to put
some questions into us please use that
and just so you know we are recording
the session
yeah that's right um this is the first
of three webinars uh that we have for
you
all around the challenges of managing
data in your legacy applications
so the following two webinars uh the
first of those is around compliance and
business risk and the final webinar of
the series is uh increasing business
efficiency and that includes saving time
and money so look out for those two
but today's webinar uh this one you've
signed up for today uh is all around
data security
uh and that's the steps ostensibly the
issues associated with having data and
information stored in your legacy
applications
i've got a few key issues for you some
of which you may know already
but
the first of those being that older
legacy applications the security of
these applications or indeed lack of
can be a risk to your business
these legacy applications they may not
be compliant with regulations such as
the gdpr
and that in itself provides or causes
that security and that business risk
that i mentioned just before
the legacy applications as well may be
incompatible with modern uh security
mechanisms and i'm talking about things
like mfa or multi-factor authentication
there
and also
finally
patches uh to fix security
vulnerabilities these may not be
available for for your older legacy
applications or indeed if they are
available then um they may be rolled out
um sort of slower because they're seen
as a sort of a lower priority
so in summary then uh there's lots of
reasons why you should look to uh to get
rid of those legacy applications
but you need to also
remember to maintain that business
continuity uh by providing access to the
data that underpins those applications
and that's really where macro four come
in
absolutely thanks phil so today um we're
going to be talking about how to
identify those applications that are
putting you at security risk those
legacy applications
uh the importance of data security
because data security is separate from
application security itself
i'll be talking about a finance user
case with one of my customers that i've
been dealing with for quite a while that
we did a successful legacy application
decommissioning
process with
and then we'll be providing some tips
around tackling the decommissioning
challenge itself
that's right um so we're going to kick
off today with a quote from somebody you
may have heard of called kevin mitnick
now kevin is a self-styled and
self-titled world's most famous hacker
he's written several books on the
subject but now uh happy to say he's a
computer security consultant
anyway kevin says companies spend
millions of dollars on firewalls
encryption and secure access devices and
it's money wasted none of these measures
address the weakest link in the security
chain
and we're saying that that weakest link
could be your legacy applications yeah
absolutely phil
and when we think about the items you've
got to consider around that application
security there's many items and you may
be talking about some of these for
example
can your legacy applications enforce the
data retention policies that are
required for regulation compliance think
about gdpr yes it's three years ago i
think it was three years ago which i
don't know where that time has gone
but but
those legacy applications you've got the
security in them and the audit
capabilities
was probably designed and set up many
years before gdpr as well as other
compliance so can it meet those those
compliant areas
in addition can you
ensure you know who has accessed the
application you know have you got full
auditing about who is looking at what
who's performing what functions within
the application which is uh could be an
issue for you
and then further is the old security
good enough bit of a teaser here no it
probably won't be you know can it link
into things like active directory for
example
um can you have granular security i
doubt it
further um cloud migration we speak with
customers all the time and you see this
sort of um these topics within the um
the periodicals um cloud migrations
moving data center
into the cloud or moving applications
into the cloud
at the end of the day if you just move
an application the security security
issue that is contained within the code
all you're doing is moving that to the
cloud the security issue still exists so
cloud migration won't necessarily fix
those older security issues
and then lastly if you are on premise
what about physical security if somebody
actually got access to your server room
pulled the disk out of a server
is your data that you're storing
encrypted at rest
probably not that sort of technology
wasn't in use those number of years ago
when these legs applications were around
so some things to think about
absolutely thanks sam
uh in terms of managing your
data security then
excuse me
uh when looking for sort of more robust
solutions for managing uh legacy
application data
it's important that they provide that
granular security and and level of
access controls because that provides
the high level of
high level of protection for that data
which could also be uh business
information and is usually critical
anyway
in terms of data privacy features then
this is these are the sort of things
that you need to be looking at because
these help to limit the exposure to
sensitive personal identifiable
information or pii which is easier to
say yeah that's something under gdpr
it's not just the organization but it's
individuals that can get in in trouble
with the um the commission's office yeah
if that sort of personal sense of
information gets out absolutely
uh and i guess to summarize then so
without the functionality that we've
just been talking about there the
security of the data and the systems
themselves is compromised
so thinking about your it landscape then
in terms of the data security there's a
number of questions that you need to be
asking yourself about your legacy estate
uh first of those being is your data
secure in your existing applications
because as we know an aging system uh it
puts the data at risk of security
threats um that there are obviously a
number of those that that exist
um
are you struggling to enforce security
policies around that data
can you provide secure access to your
data uh in your unsupported legacy
application possibly not
and do you want to move
the data from those multiple uh
applications to a single secure place
and decom and therefore be able to
decommission that old application i
think that's where we're all trying to
get to there and that that again is
macro four's kind of recommendation
uh can you control access levels to that
data we've talked about sensitive data
is that sensitive data being managed
appropriately
and if the answer is is no to any of the
the questions we we just mentioned there
that leaves those applications uh
although the applications that we're
dealing with leave your organization at
risk and
potentially you can fall foul of um
regulations such as uh the gdpr
absolutely
so thanks phil there's information
around a security which is subtly
different from some of the security
issues that an application may have
and hopefully that's helpful
so i'd like to now talk about a case
study with one of our
customers in the financial world very
large organization in the uk
banking industry
been a long-term user of columbus and
we've been helping them maximize the
potential of their investment within
columbus itself using it in different
areas
and this particular organization
went through an acquisition of one of
their competitors and left for them with
duplicate systems they had a
strategic system already that the our
customer had and then the the acquired
company also had a similar financial
system
and it was that that we were
concentrating on and the the company
were talking about moving all of the
data and that was quite a large data
migration project and what we said to
them was well look it's easier to move
just the previous year's financials into
your financial package and then we can
decommission and they looked at that
said okay talk to us more we went
through the process with them
um
and
you know
eventually we got to a decommissioning
project
and columbus was able to with the data
in columbus it was able to provide the
security controls rather if i put my
teeth in the security controls that the
old acquired app couldn't provide
because it was that much older
uh in addition
we were able to provide management of
sensitive data and phil's mentioned with
gdpr around personal sensitive
information so columbus was able to
provide redaction of of personal
sensitive data on a role-based access uh
information life cycle management
and then tying in with the the
organization's existing security
controls so the groups that already
existed were able to map into those and
give access to this staff that were
already there within the different
departments and as i mentioned the
redaction was able to tie into that so
different people had access to different
unredacted data
and all in all it was a great success
for this organization they're able to
save money on the date of migration
they were able to provide security
controls around the data that they they
kept outside of the core application and
all in all it led them to be able to
look at legs application decommissioning
for their own internal applications
absolutely excuse me yeah thanks sam
it's always good to get a real world
example especially with the legacy
application decommissioning projects
okay so moving on we've talked someone
i've talked a little bit about uh some
of the challenges associated with
managing legacy applications but but how
do you tackle those challenges
well first off you want to identify
applications that uh have um
underpinning them static data and that's
non-live data because those are the the
prime candidates for decommissioning
so some of these may be duplicate
applications and that is multiple
instances of the same application that
exist within the business some of those
can be uh overlapping applications and
that is uh that they provide the same
business function um but they are you
know different applications like we were
just talking about really absolutely uh
and that in itself could lead to certain
inefficiencies within the the it
business
and then finally you have any
non-essential applications and this is
where you're probably looking at keeping
the data but you don't necessarily need
the application itself
okay and once you've done that then so
consider the data and this is the data
that underpins those applications if you
remember so does that data
you know does it need to be migrated
could uh that data just be deleted you
know is it needed any longer um and also
um you know if it is needed then then
does it need to be archived
that data uh how is it currently uh
accessed by the business uh and indeed
other applications within the business
and also how is it going to be used
going forwards
by the business
so once you've done that make the
business case to move that data to a
secure repository
and that will hopefully well your secure
repository your new target repository
will be able to impose that sort of
granular level access levels to the data
but also and this is an important one
business users uh can access that data
but in a format that makes sense to them
i think
you know there's no good giving some end
users um sql queries to run if they
don't understand
you know how to do that absolutely you
know it's got to be appropriate to the
business user themself
um make sure that uh you'll be able to
make sure that data conforms to those um
regulations those regulatory compliance
including as we keep mentioning the gdpr
but also then uh
this will allow you not to be reliant on
those scarce i.t skills to support and
maintain those legacy applications and
that's always um
gives it departments a certain headache
but all of that all in all should allow
you to understand the costs associated
with them with your it landscape a lot
better yeah
okay absolutely
so how can we help then we've talked
about
our use case that's fair enough with one
of the customers we've given you some
guidance around data security
application security building a business
case well how can we at macro 4 help
especially if you're an existing
customer with columbus well first of all
we have a great deal of experience
plus our columns technology means we can
help
the columbus solution design
in addition to tackling the challenges
you've got
plus our ongoing development roadmap
means you've got a safe long-term
repository for your data
and our solution includes processes that
we've developed over many years with
different platforms that we're
decommissioning from different
applications you name it we can pretty
much
do that for you know we can help you
decommission
plus uh phil mentioned this a few
moments ago getting those multiple
applications into one secure place it's
very important and we'll be talking more
about that in the last webinar about
efficiencies for business processes of
being able to access data in one place
this is more than one reason for that
and then a key point really you've got
to make sure that that data is
accessible to support the business
process there's no point as phil says
running an sql query when you're going
the user is going to come the customer's
going to come in it's mr smith here can
i have um access to my document well
you know why am i running an sql query
for that if it's indeed if the data's
indexed against the business use it
helps
in addition we can ensure your security
levels are met we can meet the data
compliance and as well as
doing that reducing business risk it's
all about business risk
cloud migration
you can take multiple applications put
them into columbus move columbus into
the cloud you're reducing the amount of
risk that you're taking forward for each
one of those applications into the cloud
and all in all we can help you retire
those applications or indeed just an
application
reducing your risk and saving you money
absolutely
right we've got to the stage now where
we're going to dive into some of the
questions it's the q a
section um so
let's just have a look if you just mind
me for a minute i'm just having a look
uh here it does look like we've had a
couple of questions come in so i'm going
to dive straight in so first question
here is from shan he says you mentioned
about decommissioning in the cloud could
you expand further on that well sam
you've just been talking about that
literally just now so i'm going to throw
that over the fence to you okay yes shan
so thanks for your question um
hopefully
i've just answered that but i'll go back
to my point um
i made earlier in the presentation which
is
just think about the security issues
that exist within those those static
application or applications
those issues those those business and
security risks are going to move forward
into the cloud themselves you know it's
not gonna
you're not removing that security risk
by putting that data into columbus
then columbus provides you with the data
security and application security you
need and that's taken forward into the
cloud so hopefully that's answered your
question
um
whilst i've got the microphone so to
speak uh alan thanks for your question
alan thanks for joining us um
we're looking at mfa solutions so phil
you mentioned mfa earlier i'm glad we
said that earlier so multi-factor
authentication solutions
um how could we use this with columbus
well phil you mentioned it can you
answer that yes sure thanks sam uh yeah
so uh basically columbus can be
integrated with a saml capable id
management solution
and what that does is that combines the
security strengths of of the columbus
software of columbus
with
the id management solution itself and
it's the id management solution that
provides the multi-factor authentication
and then obviously as just mentioned you
combine that with the security elements
of the columbus our columbus technology
uh and i hope that sort of answers that
part of the question for you
okay um there is another one more
thankfully he's just been typing now we
can see that coming off whilst we're
talking thank you yeah so luis says uh
if we have multiple applications in
columbus can we restrict access to who
has access to each application i think i
know the answer to that one sam but i'm
going to and this one to you
question hot potato isn't it um
so luis again great question thank you
we mentioned active directory earlier or
linking in with with organizations
existing security in this case in our
experience in the uk active directory is
the prime one um if you've got active
directory group set up for the existing
application that you want to
decommission well columbus can link into
those existing active direct groups and
give you the same access within the or
within the data that you had before so
yeah it's pretty much mirrored mirrored
there so yeah hopefully that answers
your question i'm just checking there's
no more questions that we've seen
coming in so
let's carry on phil
okay so yeah we are kind of getting to
the the
latter stages of the uh the webinar for
you but i have got a number of takeaways
that i'd like you to well take away with
you i suppose
so the first of those being that
what you want to be doing if you're
looking at decommissioning applications
is identify those
legacy applications that don't meet your
current security requirements
that's the all-important one
and then consider how the business is
using that data but also importantly how
they want to use that data going forward
in the future
and once you've done that make the
business case to move that data to a
secure solution where you can benefit
from all the technologies that we've
we've covered here
and if you're migrating to the cloud
don't move all of those static legacy
applications migrate them into columbus
and run columbus within your cloud
instead
absolutely
well thanks phil for wrapping that up
for us um watch out for information on
our second um webinar in the series of
three
where we're looking at tackling the data
challenges of legacy applications and
that's going to be around compliance and
business risk and that's going to be in
february
uh it leaves me to say thank you very
much for your attendance and your
questions your participation
have a good rest of the day and
it's goodbye from me
and it's goodbye from him thank you
Voir Plus de Vidéos Connexes
Data Inventories and Data Maps: The Cornerstone to GDPR Compliance
Copilot for Microsoft 365 â Game Changer or Risk Maker?
Encryption Technologies - CompTIA Security+ SY0-701 - 1.4
CompTIA Security+ SY0-701 Course - 4.2 Security Implications of Proper Data Asset Management.
How to Build a GDPR Implementation Plan
6 Steps to SaaS Security
5.0 / 5 (0 votes)