Tackling the legacy application challenge

00:00

good afternoon everyone and welcome to

00:01

our webinar

00:02

my name is phil oldfield i'm a client

00:04

services consultant at macro4 hi good

00:07

afternoon i'm sam dicks i'm also client

00:09

service consultant here at macro4

00:11

a couple of housekeeping points for you

00:14

down the bottom of the screen there's a

00:15

q a section so if you do want to put

00:17

some questions into us please use that

00:19

and just so you know we are recording

00:20

the session

00:22

yeah that's right um this is the first

00:24

of three webinars uh that we have for

00:26

you

00:27

all around the challenges of managing

00:29

data in your legacy applications

00:32

so the following two webinars uh the

00:35

first of those is around compliance and

00:37

business risk and the final webinar of

00:39

the series is uh increasing business

00:42

efficiency and that includes saving time

00:44

and money so look out for those two

00:47

but today's webinar uh this one you've

00:48

signed up for today uh is all around

00:51

data security

00:52

uh and that's the steps ostensibly the

00:54

issues associated with having data and

00:57

information stored in your legacy

00:59

applications

01:01

i've got a few key issues for you some

01:03

of which you may know already

01:04

but

01:05

the first of those being that older

01:07

legacy applications the security of

01:09

these applications or indeed lack of

01:13

can be a risk to your business

01:15

these legacy applications they may not

01:17

be compliant with regulations such as

01:20

the gdpr

01:21

and that in itself provides or causes

01:24

that security and that business risk

01:27

that i mentioned just before

01:30

the legacy applications as well may be

01:32

incompatible with modern uh security

01:35

mechanisms and i'm talking about things

01:36

like mfa or multi-factor authentication

01:40

there

01:41

and also

01:42

finally

01:43

patches uh to fix security

01:45

vulnerabilities these may not be

01:47

available for for your older legacy

01:50

applications or indeed if they are

01:52

available then um they may be rolled out

01:55

um sort of slower because they're seen

01:57

as a sort of a lower priority

02:00

so in summary then uh there's lots of

02:03

reasons why you should look to uh to get

02:05

rid of those legacy applications

02:08

but you need to also

02:10

remember to maintain that business

02:12

continuity uh by providing access to the

02:15

data that underpins those applications

02:18

and that's really where macro four come

02:20

in

02:21

absolutely thanks phil so today um we're

02:24

going to be talking about how to

02:25

identify those applications that are

02:27

putting you at security risk those

02:29

legacy applications

02:30

uh the importance of data security

02:32

because data security is separate from

02:34

application security itself

02:36

i'll be talking about a finance user

02:38

case with one of my customers that i've

02:39

been dealing with for quite a while that

02:41

we did a successful legacy application

02:43

decommissioning

02:45

process with

02:46

and then we'll be providing some tips

02:48

around tackling the decommissioning

02:49

challenge itself

02:52

that's right um so we're going to kick

02:54

off today with a quote from somebody you

02:56

may have heard of called kevin mitnick

02:59

now kevin is a self-styled and

03:01

self-titled world's most famous hacker

03:03

he's written several books on the

03:05

subject but now uh happy to say he's a

03:07

computer security consultant

03:10

anyway kevin says companies spend

03:12

millions of dollars on firewalls

03:14

encryption and secure access devices and

03:17

it's money wasted none of these measures

03:20

address the weakest link in the security

03:22

chain

03:23

and we're saying that that weakest link

03:25

could be your legacy applications yeah

03:27

absolutely phil

03:29

and when we think about the items you've

03:31

got to consider around that application

03:34

security there's many items and you may

03:36

be talking about some of these for

03:38

example

03:39

can your legacy applications enforce the

03:42

data retention policies that are

03:43

required for regulation compliance think

03:45

about gdpr yes it's three years ago i

03:48

think it was three years ago which i

03:49

don't know where that time has gone

03:52

but but

03:53

those legacy applications you've got the

03:54

security in them and the audit

03:56

capabilities

03:57

was probably designed and set up many

03:59

years before gdpr as well as other

04:01

compliance so can it meet those those

04:03

compliant areas

04:05

in addition can you

04:07

ensure you know who has accessed the

04:09

application you know have you got full

04:11

auditing about who is looking at what

04:13

who's performing what functions within

04:14

the application which is uh could be an

04:17

issue for you

04:18

and then further is the old security

04:21

good enough bit of a teaser here no it

04:23

probably won't be you know can it link

04:25

into things like active directory for

04:27

example

04:28

um can you have granular security i

04:31

doubt it

04:33

further um cloud migration we speak with

04:35

customers all the time and you see this

04:37

sort of um these topics within the um

04:40

the periodicals um cloud migrations

04:44

moving data center

04:45

into the cloud or moving applications

04:47

into the cloud

04:49

at the end of the day if you just move

04:50

an application the security security

04:53

issue that is contained within the code

04:55

all you're doing is moving that to the

04:57

cloud the security issue still exists so

04:59

cloud migration won't necessarily fix

05:02

those older security issues

05:04

and then lastly if you are on premise

05:07

what about physical security if somebody

05:09

actually got access to your server room

05:11

pulled the disk out of a server

05:13

is your data that you're storing

05:15

encrypted at rest

05:16

probably not that sort of technology

05:18

wasn't in use those number of years ago

05:20

when these legs applications were around

05:22

so some things to think about

05:25

absolutely thanks sam

05:26

uh in terms of managing your

05:28

data security then

05:30

excuse me

05:31

uh when looking for sort of more robust

05:33

solutions for managing uh legacy

05:36

application data

05:37

it's important that they provide that

05:39

granular security and and level of

05:41

access controls because that provides

05:44

the high level of

05:46

high level of protection for that data

05:48

which could also be uh business

05:50

information and is usually critical

05:51

anyway

05:52

in terms of data privacy features then

05:54

this is these are the sort of things

05:56

that you need to be looking at because

05:58

these help to limit the exposure to

06:00

sensitive personal identifiable

06:02

information or pii which is easier to

06:04

say yeah that's something under gdpr

06:06

it's not just the organization but it's

06:08

individuals that can get in in trouble

06:10

with the um the commission's office yeah

06:12

if that sort of personal sense of

06:14

information gets out absolutely

06:16

uh and i guess to summarize then so

06:18

without the functionality that we've

06:20

just been talking about there the

06:21

security of the data and the systems

06:23

themselves is compromised

06:27

so thinking about your it landscape then

06:29

in terms of the data security there's a

06:31

number of questions that you need to be

06:33

asking yourself about your legacy estate

06:36

uh first of those being is your data

06:38

secure in your existing applications

06:40

because as we know an aging system uh it

06:43

puts the data at risk of security

06:45

threats um that there are obviously a

06:47

number of those that that exist

06:50

um

06:51

are you struggling to enforce security

06:53

policies around that data

06:56

can you provide secure access to your

06:58

data uh in your unsupported legacy

07:01

application possibly not

07:04

and do you want to move

07:06

the data from those multiple uh

07:09

applications to a single secure place

07:11

and decom and therefore be able to

07:13

decommission that old application i

07:15

think that's where we're all trying to

07:16

get to there and that that again is

07:18

macro four's kind of recommendation

07:21

uh can you control access levels to that

07:24

data we've talked about sensitive data

07:26

is that sensitive data being managed

07:28

appropriately

07:30

and if the answer is is no to any of the

07:32

the questions we we just mentioned there

07:35

that leaves those applications uh

07:37

although the applications that we're

07:39

dealing with leave your organization at

07:41

risk and

07:42

potentially you can fall foul of um

07:45

regulations such as uh the gdpr

07:49

absolutely

07:51

so thanks phil there's information

07:52

around a security which is subtly

07:54

different from some of the security

07:56

issues that an application may have

07:58

and hopefully that's helpful

08:00

so i'd like to now talk about a case

08:02

study with one of our

08:04

customers in the financial world very

08:06

large organization in the uk

08:09

banking industry

08:11

been a long-term user of columbus and

08:13

we've been helping them maximize the

08:15

potential of their investment within

08:16

columbus itself using it in different

08:18

areas

08:19

and this particular organization

08:21

went through an acquisition of one of

08:23

their competitors and left for them with

08:25

duplicate systems they had a

08:27

strategic system already that the our

08:29

customer had and then the the acquired

08:32

company also had a similar financial

08:34

system

08:35

and it was that that we were

08:37

concentrating on and the the company

08:39

were talking about moving all of the

08:41

data and that was quite a large data

08:42

migration project and what we said to

08:44

them was well look it's easier to move

08:46

just the previous year's financials into

08:48

your financial package and then we can

08:50

decommission and they looked at that

08:52

said okay talk to us more we went

08:54

through the process with them

08:56

um

08:57

and

08:58

you know

08:58

eventually we got to a decommissioning

09:00

project

09:01

and columbus was able to with the data

09:03

in columbus it was able to provide the

09:06

security controls rather if i put my

09:08

teeth in the security controls that the

09:10

old acquired app couldn't provide

09:13

because it was that much older

09:15

uh in addition

09:16

we were able to provide management of

09:18

sensitive data and phil's mentioned with

09:20

gdpr around personal sensitive

09:21

information so columbus was able to

09:23

provide redaction of of personal

09:25

sensitive data on a role-based access uh

09:28

information life cycle management

09:30

and then tying in with the the

09:33

organization's existing security

09:35

controls so the groups that already

09:36

existed were able to map into those and

09:38

give access to this staff that were

09:40

already there within the different

09:42

departments and as i mentioned the

09:44

redaction was able to tie into that so

09:46

different people had access to different

09:48

unredacted data

09:50

and all in all it was a great success

09:51

for this organization they're able to

09:53

save money on the date of migration

09:55

they were able to provide security

09:57

controls around the data that they they

09:59

kept outside of the core application and

10:01

all in all it led them to be able to

10:03

look at legs application decommissioning

10:05

for their own internal applications

10:08

absolutely excuse me yeah thanks sam

10:11

it's always good to get a real world

10:12

example especially with the legacy

10:14

application decommissioning projects

10:17

okay so moving on we've talked someone

10:19

i've talked a little bit about uh some

10:20

of the challenges associated with

10:22

managing legacy applications but but how

10:25

do you tackle those challenges

10:27

well first off you want to identify

10:30

applications that uh have um

10:33

underpinning them static data and that's

10:35

non-live data because those are the the

10:38

prime candidates for decommissioning

10:41

so some of these may be duplicate

10:43

applications and that is multiple

10:46

instances of the same application that

10:48

exist within the business some of those

10:50

can be uh overlapping applications and

10:52

that is uh that they provide the same

10:55

business function um but they are you

10:57

know different applications like we were

10:59

just talking about really absolutely uh

11:02

and that in itself could lead to certain

11:04

inefficiencies within the the it

11:06

business

11:07

and then finally you have any

11:09

non-essential applications and this is

11:11

where you're probably looking at keeping

11:13

the data but you don't necessarily need

11:15

the application itself

11:17

okay and once you've done that then so

11:19

consider the data and this is the data

11:21

that underpins those applications if you

11:23

remember so does that data

11:26

you know does it need to be migrated

11:28

could uh that data just be deleted you

11:30

know is it needed any longer um and also

11:33

um you know if it is needed then then

11:36

does it need to be archived

11:39

that data uh how is it currently uh

11:42

accessed by the business uh and indeed

11:44

other applications within the business

11:47

and also how is it going to be used

11:49

going forwards

11:50

by the business

11:52

so once you've done that make the

11:54

business case to move that data to a

11:56

secure repository

11:58

and that will hopefully well your secure

12:00

repository your new target repository

12:02

will be able to impose that sort of

12:05

granular level access levels to the data

12:09

but also and this is an important one

12:11

business users uh can access that data

12:13

but in a format that makes sense to them

12:15

i think

12:16

you know there's no good giving some end

12:17

users um sql queries to run if they

12:20

don't understand

12:21

you know how to do that absolutely you

12:23

know it's got to be appropriate to the

12:24

business user themself

12:26

um make sure that uh you'll be able to

12:28

make sure that data conforms to those um

12:32

regulations those regulatory compliance

12:35

including as we keep mentioning the gdpr

12:38

but also then uh

12:40

this will allow you not to be reliant on

12:43

those scarce i.t skills to support and

12:46

maintain those legacy applications and

12:48

that's always um

12:49

gives it departments a certain headache

12:51

but all of that all in all should allow

12:54

you to understand the costs associated

12:56

with them with your it landscape a lot

12:59

better yeah

13:00

okay absolutely

13:02

so how can we help then we've talked

13:04

about

13:05

our use case that's fair enough with one

13:06

of the customers we've given you some

13:08

guidance around data security

13:10

application security building a business

13:12

case well how can we at macro 4 help

13:14

especially if you're an existing

13:16

customer with columbus well first of all

13:18

we have a great deal of experience

13:20

plus our columns technology means we can

13:22

help

13:24

the columbus solution design

13:26

in addition to tackling the challenges

13:28

you've got

13:29

plus our ongoing development roadmap

13:32

means you've got a safe long-term

13:33

repository for your data

13:36

and our solution includes processes that

13:38

we've developed over many years with

13:39

different platforms that we're

13:40

decommissioning from different

13:42

applications you name it we can pretty

13:44

much

13:45

do that for you know we can help you

13:46

decommission

13:48

plus uh phil mentioned this a few

13:50

moments ago getting those multiple

13:52

applications into one secure place it's

13:55

very important and we'll be talking more

13:57

about that in the last webinar about

13:59

efficiencies for business processes of

14:01

being able to access data in one place

14:03

this is more than one reason for that

14:06

and then a key point really you've got

14:09

to make sure that that data is

14:11

accessible to support the business

14:12

process there's no point as phil says

14:14

running an sql query when you're going

14:17

the user is going to come the customer's

14:18

going to come in it's mr smith here can

14:20

i have um access to my document well

14:23

you know why am i running an sql query

14:25

for that if it's indeed if the data's

14:27

indexed against the business use it

14:30

helps

14:32

in addition we can ensure your security

14:34

levels are met we can meet the data

14:36

compliance and as well as

14:38

doing that reducing business risk it's

14:41

all about business risk

14:43

cloud migration

14:45

you can take multiple applications put

14:47

them into columbus move columbus into

14:49

the cloud you're reducing the amount of

14:52

risk that you're taking forward for each

14:53

one of those applications into the cloud

14:55

and all in all we can help you retire

14:57

those applications or indeed just an

14:59

application

15:00

reducing your risk and saving you money

15:03

absolutely

15:05

right we've got to the stage now where

15:06

we're going to dive into some of the

15:08

questions it's the q a

15:10

section um so

15:12

let's just have a look if you just mind

15:14

me for a minute i'm just having a look

15:16

uh here it does look like we've had a

15:18

couple of questions come in so i'm going

15:20

to dive straight in so first question

15:22

here is from shan he says you mentioned

15:26

about decommissioning in the cloud could

15:28

you expand further on that well sam

15:30

you've just been talking about that

15:31

literally just now so i'm going to throw

15:33

that over the fence to you okay yes shan

15:35

so thanks for your question um

15:37

hopefully

15:38

i've just answered that but i'll go back

15:40

to my point um

15:42

i made earlier in the presentation which

15:44

is

15:45

just think about the security issues

15:47

that exist within those those static

15:49

application or applications

15:51

those issues those those business and

15:53

security risks are going to move forward

15:55

into the cloud themselves you know it's

15:56

not gonna

15:59

you're not removing that security risk

16:02

by putting that data into columbus

16:04

then columbus provides you with the data

16:06

security and application security you

16:08

need and that's taken forward into the

16:11

cloud so hopefully that's answered your

16:12

question

16:14

um

16:15

whilst i've got the microphone so to

16:16

speak uh alan thanks for your question

16:18

alan thanks for joining us um

16:21

we're looking at mfa solutions so phil

16:23

you mentioned mfa earlier i'm glad we

16:24

said that earlier so multi-factor

16:25

authentication solutions

16:27

um how could we use this with columbus

16:29

well phil you mentioned it can you

16:31

answer that yes sure thanks sam uh yeah

16:34

so uh basically columbus can be

16:36

integrated with a saml capable id

16:38

management solution

16:40

and what that does is that combines the

16:43

security strengths of of the columbus

16:45

software of columbus

16:47

with

16:48

the id management solution itself and

16:50

it's the id management solution that

16:52

provides the multi-factor authentication

16:55

and then obviously as just mentioned you

16:57

combine that with the security elements

16:59

of the columbus our columbus technology

17:02

uh and i hope that sort of answers that

17:04

part of the question for you

17:06

okay um there is another one more

17:09

thankfully he's just been typing now we

17:10

can see that coming off whilst we're

17:12

talking thank you yeah so luis says uh

17:14

if we have multiple applications in

17:16

columbus can we restrict access to who

17:19

has access to each application i think i

17:22

know the answer to that one sam but i'm

17:23

going to and this one to you

17:25

question hot potato isn't it um

17:28

so luis again great question thank you

17:30

we mentioned active directory earlier or

17:32

linking in with with organizations

17:34

existing security in this case in our

17:36

experience in the uk active directory is

17:38

the prime one um if you've got active

17:41

directory group set up for the existing

17:42

application that you want to

17:44

decommission well columbus can link into

17:46

those existing active direct groups and

17:48

give you the same access within the or

17:50

within the data that you had before so

17:53

yeah it's pretty much mirrored mirrored

17:55

there so yeah hopefully that answers

17:56

your question i'm just checking there's

17:58

no more questions that we've seen

18:00

coming in so

18:01

let's carry on phil

18:03

okay so yeah we are kind of getting to

18:05

the the

18:06

latter stages of the uh the webinar for

18:08

you but i have got a number of takeaways

18:10

that i'd like you to well take away with

18:12

you i suppose

18:13

so the first of those being that

18:16

what you want to be doing if you're

18:17

looking at decommissioning applications

18:18

is identify those

18:21

legacy applications that don't meet your

18:24

current security requirements

18:26

that's the all-important one

18:28

and then consider how the business is

18:30

using that data but also importantly how

18:33

they want to use that data going forward

18:35

in the future

18:37

and once you've done that make the

18:39

business case to move that data to a

18:42

secure solution where you can benefit

18:43

from all the technologies that we've

18:45

we've covered here

18:47

and if you're migrating to the cloud

18:50

don't move all of those static legacy

18:52

applications migrate them into columbus

18:55

and run columbus within your cloud

18:58

instead

18:59

absolutely

19:00

well thanks phil for wrapping that up

19:01

for us um watch out for information on

19:04

our second um webinar in the series of

19:07

three

19:08

where we're looking at tackling the data

19:10

challenges of legacy applications and

19:12

that's going to be around compliance and

19:13

business risk and that's going to be in

19:14

february

19:15

uh it leaves me to say thank you very

19:17

much for your attendance and your

19:18

questions your participation

19:20

have a good rest of the day and

19:23

it's goodbye from me

19:24

and it's goodbye from him thank you