Secure Legacy Apps? Not Such a Remote Possibility

By Michael Oldham

While digital transformation garners all the headlines, modernizing IT systems for the world of today’s hybrid enterprise is not for the faint of heart. According to global research from Advanced, nearly three-quarters of organizations that started a legacy system modernization project failed to complete it.

That leaves many – especially in large organizations – stuck trying to provide secure access to decades-old monolithic applications that weren’t originally designed with today’s threat landscape in mind.

Total Access Control (TAC) reinvigorates the drive to digital transformation. TAC’s Zero Trust solution offers the most comprehensive secure access to local and cloud resources – including those mission-critical legacy applications – for enterprise organizations today.

A Legacy of Security Snags

In the federal government, legacy systems may “operate with known security vulnerabilities that are either technically difficult or prohibitively expensive to address,” a 2018 White House report stated, “and thus may hinder agencies’ ability to comply with critical cybersecurity statutory and policy requirements.”

But it’s not just a government problem: 54% of CIOs spend half their time “keeping the lights on” and even more say they dedicate 40% to 60% of their time to managing legacy technology, according to a survey by Logicalis.

These legacy applications, which often operate in silos, were created with now obsolete technologies. That makes them extremely challenging to update, patch, and manage in a timely fashion in order to meet the secure access needs of end users across today’s hybrid enterprise. Add it all up, and it’s no wonder that 40% of global organizations report their digital transformation initiatives are hindered by unreliable legacy technologies, according to Veeam® Software.

Let’s look at some of the most common security issues presented by legacy technologies, and how Total Access Control resolves those issues:

Minimize Modifications

One of the toughest security challenges is having to modify legacy applications to meet new security requirements, whether they are mandated by the organization or by government regulations. With TAC, you may not need to modify applications to meet security requirements. All the security concerns are addressed through the TAC gateway, independently of the legacy application. The app continues doing its thing, without having to be manipulated in any way.

To do this, the TAC gateway leverages security policies that will provide users access only when they meet those requirements – whether internal or statutory. For example, it is easy to add multifactor authentication to even legacy applications without the need to modify the application itself. Users will only get the proper level of access given the context of their connection request – their device, location, device security status, GeoIP address, and more. And you don’t have to make any modifications to the legacy application itself – improving security and saving time and money, and in the end making the lives of end users and admins alike much easier.

For instance, an organization may require that all access be done via corporate managed devices from a trusted network and must have multi-factor authentication and brute force protection. Often legacy apps would not be aware of how to accomplish this natively, since they were not designed with either of those requirements in mind. In fact, many legacy applications were designed to run off the network with users sitting inside their offices – not working from home, an airport terminal or a coffee shop somewhere. There could be little in the way of authentication for these older applications, even to the point of not requiring a username or password.

Modern web applications, on the other hand, are designed to easily integrate security features such as multi-factor authentication and brute force protection. But when it’s an old system that was programmed by people who have long retired, it would be a very heavy (and costly) lift to modify the application to incorporate these modern security features.

Going Mobile

When a lot of these legacy applications were created, the office still reigned supreme. The idea of gaining remote access to your applications was just that – remote. That began to change in the new millennium.

According to FlexJobs, from 2005 to 2019 the population of non-self-employed people who could work from home (WFH) increased by 159%, although the vast majority still only occasionally worked remotely. The Covid-19 pandemic provided an accelerant to this trend, and quickly shifted the emphasis from working occasionally from home to working remotely every day.

That shift isn’t going to go away when the lockdowns end. Fast Company reports that a Gallup poll found half of Americans working remotely during the lockdown want to continue doing so after business restrictions let up. Meanwhile, Gartner predicts that 48% of employees will work remotely after the pandemic, compared to 30% who worked remotely pre-pandemic.

That’s a problem if your applications were designed for the old castle-and-moat security world of the 20th Century. A Gartner poll found that 91% of HR leaders who attended their recent remote work webinar implemented WFH arrangements during the pandemic. Their biggest challenge? Lack of technology infrastructure and lack of comfort with the new ways of working outside the office.

TAC helps alleviate both concerns. Whereas before the only option may have been a VPN tunnel or RDP, TAC makes the end users’ lives easier by providing much more secure remote access to legacy apps as well as more modern applications, all with single sign-on (SSO) though the TAC portal. The different layers of security that need to happen all occur behind the scenes, transparent to the user. And TAC accomplishes that security at a much lower cost.

Audit Everything

Not only is it difficult for enterprise organizations to migrate away from monstrous legacy applications, but they still can’t tell who is getting access to those applications and when. That presents a problem when IT auditors want to know who actually uses these legacy applications. TAC centralizes all audit and reporting of end user access – for both local and cloud, SaaS and legacy apps – all in one place. This may be the first time this kind of report can be provided for an organization.

At the end of your (now probably remote) workday, this is the beauty of TAC. It modernizes the security, authentication, mobility and reporting for all your legacy applications, as well your more modern local and cloud resources– all without having to rip and replace your existing infrastructure.

Michael Oldham