It’s time to tackle your legacy apps

Darren Beale

Darren Beale, the founder of Siftware shares with you why it is time to address your organisational legacy and how to start.

You have a legacy web application—and it scares the living daylights out of you. The original developer left years ago without providing any documentation. You have a team of developers, but nobody dares to touch the project. Everyone is just crossing fingers that there’s no security breach or performance meltdown around the corner.

You keep hearing about security breaches impacting other companies in the news. More than half (52 percent) of British businesses fell victim to cybercrime in 2016, costing them nearly £30 million in damages, according to Beaming. If the application did go down, you’re not quite sure how you’d get it back up and running.

Does this scenario sound familiar?

You can’t ignore the problem forever, but you’re not sure where to start. Part of you wants to start over with a brand new solution, but there has already been a lot of money invested in the existing application, and it would take a lot more time and money than you have right now.

A better approach is to take the time to understand the existing application and focus on modernising it.

Start with an Audit

Start by breaking down each component of the application, such as the network configuration, storage configuration, deployment settings, and server(s). By modeling the interactions between these components, you can deconstruct the monolith into its building blocks and see how the parts work together.

It’s equally important to understand the tools needed to manage the application. These might include infrastructure-specific tools, such as VMware, or application-specific tools, such as SAP. Each of these tools may have their own vendor contracts, release schedules, and other factors to consider.

Audits are also a great opportunity to start documentation for projects that lack it. That way, new developers can be quickly brought up-to-speed without having to research the entire technology stack on their own. There’s also a lower risk of them missing any critical component that could cause an issue.

Decouple from Infrastructure

Many legacy applications were designed as monoliths, where the application code is tightly coupled with the underlying infrastructure. Of course, this makes it difficult to upgrade any single component because it requires extensive regression testing to ensure nothing else breaks.

Larger legacy applications may also exist in silos. For example, the same company may have different infrastructure in place for the same legacy applications across departments. There may also be supplier lock-in issues to consider, which can be a critical consideration when you’re looking to refactor an application.

Modernising these legacy applications means decoupling the application from any dependency on underlying infrastructure. By abstracting these configurations, the application components become a lot more flexible and you have a lot more control over everything from application hosting to storage costs.

Modularise & Refactor the Code

The next step after decoupling from infrastructure is modularising the code to make it even more portable and maintainable. For example, you might encapsulate related data and functions and make microservices that are available via an API. These microservices are much easier to understand since implementation specifics are hidden behind the interface.

Even if the application remains a monolith, you can refactor the code base to make it more readable and extensible. Refactoring may not change the external behavior, but it removes technical debt and makes the application easier to maintain. More concise and modular code also reduces the surface area for bugs or vulnerabilities to creep in over time.

Test coverage is another essential feature of modern applications. If your legacy app doesn’t have any in place, trivial changes to the code base could become breaking changes that are difficult to track down. Strong test coverage eliminates the fear of making changes and increases confidence in the security and performance of the entire application.

Create a DevOps Workflow

Legacy applications are challenging because there’s so much uncertainty when it comes to pushing changes. After decoupling the application from the infrastructure, you can begin creating DevOps workflows that turn complex regression testing into a point-and-click process using a modern user interface.

Modern DevOps processes also improve scalability. If more computational power is required, you can quickly spawn new instances on cloud environments to maintain top performance. If more storage is needed, adjustments can be made on-the-go to avoid overpaying for infrastructure.

Finally, DevOps processes help draw in developers to the project. The code is a lot more understandable and there’s much less risk of deploying breaking changes. It’s also easier to onboard new developers and outsource development work to external teams since the system is easier to understand.

Make Security a Centerpiece

Legacy applications are often insecure due to vulnerabilities in outdated dependencies or the original code base. For example, your application may be running on an outdated version of Java or PHP that’s no longer maintained, or there may be segments of code that are prone to SQL injection.

Many cyber criminals use tools that are specifically designed to screen for these kinds of vulnerabilities. It’s low-hanging fruit for them to go in and steal data, relay spam, or take other actions that can devastate your business. That’s why it’s critical to make security the center of your application.

There should be processes in place to ensure that all of the application’s components are kept up-to-date. In addition, automated testing and tooling should be used to identify vulnerabilities in the code base. And finally, infrastructure-level security should also be in place to help prevent attacks.

Don’t Forget the Maintenance

The changes we’ve outlined above will make ongoing maintenance much easier, but someone still must be responsible for ensuring that everything is kept up-to-date. If you fall behind on maintenance, you could experience the same problems that you had before modernising the application!

You may have an existing IT department capable of handling maintenance, but they may be slow to respond or reluctant to take on yet another project. Web teams may be equally reluctant to take on these tasks, since it’s much more exciting to develop new features or work on new projects.

If you’re not getting these tasks done internally, it may be time to secure the budget to outsource. It can be difficult to get senior management to budget for maintenance, but explaining the potential cost savings of modernisation and the potential costs and other risks of security breaches can be convincing.

The Bottom Line

Legacy applications can be uncomfortable to think about and keep you up at night. If you’re struggling with these issues, there are simple steps that you can take to start modernising the application and reducing security risks. Start with an audit and see where it takes you. Outsourcing these projects is also a great option if no internal resources are available.

About the Author

This article was written by Darren Beale, the founder of Siftware, a web development company that specialises in the support and maintenance of legacy PHP systems. To find out how Siftware can help you manage your risk, reduce your worry and ensure that your application keeps running, visit or call UK 0845 680 9676.