CIOs discuss legacy issues - don't write off the mainframe just yet!
Computing gathered a group of UK-based IT leaders together to discuss their legacy concerns, including security, skills and cost issues
A group of IT leaders which Computing recently gathered together to discuss legacy issues covered topics including security, skills and cost concerns, but argued that mainframe technology is here to stay for certain use cases.
The roundtable was held under Chatham House rules, so most names and organisations have been withheld.
One CIO in the engineering sector explained that his organisation has grown by acquisition, resulting in multiple overlapping systems.
"We came together from lots of acquisitions and nobody's bothered to tidy things up. We had 16 data centres with thousands of servers spinning away because someone said at some point I need this service, and nobody switched it off.
"When we took a closer look we were able to from 44 racks down to three in one data centre. There's lots of cleaning up that companies can do by going back over your inventory to see what you're using."
He added that the idea of keeping only newer kit running is largely impossible in most modern organisations.
"Every company I've ever worked in has said they want everything to be four to five-years old maximum. It's a fallacy. If you're asked to cut your budget by five per cent every year you're going to sweat your assets. Then you get hacked because you weren't patched, or you didn't have the rights to upgrade your systems.
"Security is a big thing for our company, we can't afford to be compromised as we'd never win any more work. So we say we need to replace kit from a cyber standpoint."
Another CIO in the financial sector said that his organisation has been using a mainframe system for 40-years.
"We're on 40-year-old mainframe, it's reliable and does the job. We've been talking about migrating off it for the last 15 years. The biggest risks are around people, because recruiting mainframe skills is a more difficult now.
"We have 14 graduates in the programme now and in a few months they'll most likely decide to move to a Java role in the bank rather than stay with the mainframe. No one coming into the market now is developing on COBOL."
He added that the organisation has had to make changes to keep up with regulations.
"We've had to do lots of changes to keep up with regulations. We've tried to migrate using tools to port from mainframe code to Java. But you end up with Java code which looks like COBOL, so your Java programmes can't understand the code and your mainframe programmers can't change it."
Colin Fernandes, senior director, global market development at Sumo Logic explained that discovery is a key step in the migration process.
"We spend lots of time doing real-time machine data discovery. If you don't have a good discovery, you don't know what you have, so you can't migrate. You need that truth today."
A CIO in the charity sector said that her organisation was hit by an audit after taking out cyber insurance.
"We're very focused on cost as we're aware we're spending members' money when we make investments in IT, so we sweat our assets. Also there are carbon savings in having laptops that last five years rather than three, so it's also about sustainability.
"With cyber, suddenly everyone started working at home during Covid, and God knows where they were storing their data. We were concerned that lots of people were working in a hybrid fashion, and do they know how to use the tools in the right way?
"We had an audit done after getting our cyber insurance, and that always focusses the mind. Some things came up as part of that, like ensuring updates are applied every 14 days rather than 30 as it was previously. That's made us unpopular with users as the most common helpdesk ticket is: ‘Why is my laptop always asking me to update?'
"We also realised we needed to have 24x7 SIEM / SOC offering. We have a digital team of 120 people, but in terms of people responsible for applications day-to-day it's only 13 people. And as we don't pay the salaries you need for cyber jobs we can't maintain those skills in-house, so we're outsourcing our SIEM and SOC."
A CIO at a government body argued that mainframe systems aren't necessarily legacy.
"Not all mainframes are legacy. Take the IBM Z-series for example. It's a perfectly credible platform, it's a mainframe and they're still selling lots of them, and it's a perfectly valid form of compute for some use cases. What you can't expect is someone to write natively in that and produce a website at the other end of it, that's not what it's for."
"Native, parallelisable, those principles are still being played out in the micro-services world," said Fernandes. "Everything you learnt before and are still using is being transported into the ‘as code' world. Legacy is okay, but it needs to be broken up as a concept. You need to look after how you evolve teams to take on new things. Give them the services that will make them more efficient. Give people the right tools to feel better."
Colin Fallwell, field CTO at Sumo Logic agreed. "Where are we trying to go? There's this convergence of DevOps and security into the earliest lifecycles to being declared as code, where you have telemetry, data observability, operational performance as well as security.
"I see observability becoming more holistic. It's really becoming DevSecOps. We're seeing this unification of data around open source capability and tooling, opting into vendors. You're declaring state as a function of code.
The organisations doing this are becoming elite performers, being able to rapidly introduce change, iterate and improve. That's a challenge with legacy, there's this mistaken belief that all you do is take legacy stuff and move it into the cloud but it'snot the case.
"You're also taking legacy architecture that isn't declared if it's not described with metadata, or has never been written in that world. There's a move towards world doing things with cloud native architecture, where you start to declare everything and the audit trail is more clear.
"The mainframe isn't legacy, it has many years ahead with lots of organisations continuing to invest in the technology."