Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
Legacy apps to cloud: A risk-based approach
Cyber Security: A Peer-Reviewed Journal,
7
(1),
16-23
(2023)
Abstract
Legacy systems or applications constitute a certain portion of IT systems running in an organisation. The percentage of these legacy systems varies depending on the IT maturity, IT vision, roadmap, business needs and compliance or legal requirements faced by organisations. In some cases, the organisations run key operations on legacy systems because of the nature of their business or the upstream/downstream requirements of that application. Managing legacy applications puts a heavy burden on IT budgets and with organisations moving the applications on cloud, legacy applications will need to be considered to meet these long-term goals. Legacy systems come with their own challenges and moving them on cloud does alleviate some of them, but it needs thorough planning along with comprehensive risk management. This paper provides insights on challenges coming from legacy systems, planning their migration to supported systems on-premise or embarking to cloud journey, and how to run an effective risk management programme that will facilitate enterprises to take risk-based decisions.
Keywords: legacy systems; risk management; EOL/EOS; migration; application rationalisation; migration patterns; culture; regulatory/compliance
The full article is available to subscribers to the journal.
Author's Biography
Naresh Sharma has over 20 years’ experience in strategic programmes to transform corporate IT and elevate cyber security maturity of enterprises. His notable work includes data centres and cloud transformations, migration of legacy apps, service transitions, IT automation, IT risk management and leading cyber security verticals such as operations and controls, governance, compliance and programme teams to improve security and risks posture. Naresh has set up SOC/MSSP teams, led task forces to facilitate enterprises to comply and certify with PCIDSS and adherence to ISO27k1, NIST and ISO27k5 frameworks. He works extensively with data privacy officers, IT auditors, risk compliance teams and represents his company at various technology and cyber events, risk forums and committees. As a change catalyst, Naresh is a strong promoter of ‘shift left culture’ and advocates right balance between IT and cyber security controls as these are key business enablers for success of an organisation and have a competitive edge over their industry peers. Naresh holds a Master’s degree in management (finance and marketing) and has earned professional and technical certifications including CNE, CLP, PMP, Project Leadership and Risk Management, ITIL, CIPP/E, CRISC, CISM and CISA and has been part of corporate leadership trainings. Naresh takes an active role in promoting cyber awareness in the IT ecosystem.
