AI Opportunity Street – Everyone is talking about the efficiencies and benefits of AI, but if you have lots of old systems, where do you start? Train your team, set up test environments where you can build capability. Starting with public models and progressing to private systems and agentic AI. The UK currently has very limited regulation on AI, with responsibility devolved to existing regulators, rather than taking the centralised approach of the AI Act. Understand your industry requirements, and consider whether you need to meet the “higher bar” of EU AI Act / GDPR compliance. Armed with the knowledge of what you can do, talk to your non IT staff, assess business process with fresh eyes and work out what will deliver a difference. Look to reshape business process, not just automate what is already there. Identify opportunities that will deliver a transformational difference. Prioritise them by impact and by the data, access and organisational change required to make them a reality Data is the fuel of AI systems. You cannot progress further on this journey if your data is silo’ed in underperforming, isolated systems, with duplication of data, unknown provenance and other issues. This is where the benefits of innovation clash with the status quo of continued reliance on outdated technology. Creating an effective business case and ceasing unnecessary spend on Legacy technology will provide the budget for innovation. You need a clear strategy and business case to move away from your legacy technology. Added to the initial risk and cost of Legacy Systems alone, you need a business case that considers the impact on innovation and savings. Ensuring you meet budget targets and remain competitive. You need to quantify the risk simply, prioritise change based upon business need and show the opportunity cost of not innovating and losing competitive advantage or the opportunity to use modern technology to achieve spending targets. If you don’t already have it, build a system inventory, listing systems, their purpose, interfaces and technology stack. This forms the basis of your risk assessment, enabling you to assess security, supportability, dependency and availability risk and create a Unified Legacy Risk Score (ULRS) to communicate to your business. "If it ain't broke, don't fix it" is a common strategy for legacy technology. Your business customers will care less about technology being old, but they care about the impact of failure to their business processes and the financial, reputational and operational impact. Rank your systems by business crticality Build an inventory of your business data across your systems. Single purpose legacy applications will result in duplication of data. So, you need to identify the data type, item/record count, size and its provenance. Did it come from your organisation, did it come from a different system, was it AI generated, was their input validation? This is where you will start to see ways in which the single use data across multiple systems can be brought together to provide intelligence or optimise business activities, for example, creating a single Citizen record. Armed with this inventory and business criticality information, Through Technology branch onto a risk assessment and business case line. Considering the changing risks over time, the impact to your business and the opportunity cost of not enabling change. We present this as a single risk score that is used to plan and prioritise your legacy technology strategy. Legacy Technology has always been a “if it ain’t broke, don’t fix it” problem. Clearly quantifying risk for stakeholders, optimising and minimising spend on maintaining legacy systems and surfacing the opportunity cost of not making data available for AI driven innovation are key to building the business case for Legacy Technology Replacement and data driven innovation…. Hand in hand. With a quantified risk assessment, you can optimise your spend on legacy technology, prioritising the projects that will have the most impact on innovation and risk reduction, while ceasing projects that don’t deliver true business value. Each Legacy System will follow one of the "5 Rs of Legacy Technology". As they will need to be Retired, Retained, Rehosted, Replatformed or Replaced. If you have decided which of the 5 R's each system will follow, then prioritised the next steps based upon business criticality and a unified legacy risk score, then you have a clearly defined programme of innovation and risk reduction. You can also demonstrate to your business leadership how each project reduces risk and enables innovation over time, tracking progress against the risk scores and clearly showing your beneficial impact. As technology ages it becomes harder to transition away from. Also the risk profile changes as old systems tend to run reliably while they can be supported, they cease to be “targeted technology” from a cyber perspective, and users are familiar with their operation. These factors lead to stagnation in your business processes and increasing costs that do not result in any efficiency or performance improvements for your business Your suppliers are likely to be very aware of the technology risks, such as availability of spares and specific legacy technology knowledge. While the business will be opposed to any relaxation of Service Levels to account for this. This results in suppliers pricing in their risk of continually supporting the old system, making them more profitable and creating a financial incentive to not innovate and change.. Support costs will increase, but to reflect risk rather than the actual support burden of old technology, which – whilst it remains operational – tends to decrease. A lot of legacy technology spend is “Technology Led”, replacing devices and upgrading operating systems driven by their age and vendor support, rather than by your strategy and business need. By following the green line and planning change based upon risk assessment, business criticality and opportunity cost, you can optimise and minimise the spend you have to make on Legacy Technology Understanding of the legacy technology support and operation sits with your supplier, while the complexity of replacing the legacy system increases as technology becomes more outdated. This results in extended contracts and recontracts to the same supplier and a lack of innovation in IT support of your core business. An increasing amount of IT spend becomes focused on maintaining the status quo, rather than delivering innovation. Business users tend to like old systems. They are well known and understood and the focus of the user’s working day. While they also fear change and the potential impact of business process optimisation. So you won’t see too many complaints about a poor user experience. While to the IT professional, the user experience appears outdated and inefficient. It is common for us to uncover “pointless upgrade” projects. For example, where a customer is replacing 100’s of hardware devices in a datacentre they wish to decommission, “because they are out of support”, when the switches have no security vulnerabilities or performance issues, sit behind security boundaries and spare parts are readily available. Aged technology doesn't always create significant security or supportability risk, the key is to quantify it and take a reasoned approach to optimising spend For the systems you choose to retain, or which must continue in operation awaiting a lengthy replacement project, you can institute targeted “essential maintenance” projects which pragmatically mitigate real risks and business impacts, enabling you to continue their use at lower cost and risk. You can finally plan your exit from the Legacy technology and the contracts it is embedded within Once it is decided that an application is no longer used, the remaining question is what to do with the data within it. Can it be securely deleted when the system is decommissioned, or must it legally be retained and then disposed of following legal requirements or organisational policy? Change here for the Data Governance line! Through Technology manage Application Retirement right through to the final hardware decommissioning and secure, certified asset disposal from your legacy data centre. A key reason for retention of Legacy Technology is to retain access to the data locked within, particularly where it is needed for compliance/analysis but it doesn't make sense to migrate it into a replacement system. However, moving data to Archive360’s central archiving and data governance platform enables the security, access and retention management (compliance) of this data to continue. While removing the burden of Legacy Technology and avoiding the cost of transferring aged data to a new cloud subscription priced solution. Breaking down the walls between your legacy data as you move it to a data governance platform enables new use cases. As data from multiple sources can be easily accessed (with the right security) to utilise the power of AI and Analytics. The work undertaken on your strategy will highlight these new opportunities to save money and innovate. Preserving data security is vital. As you move data to an archive you need to maintain the security permissions protecting that data and reflecting your data privacy notices and purpose for processing personal data. You must also consider the future innovation use cases, such as carrying out searches and analytics across a broader combined dataset. We export the data from the source system…. Including both structured (database) and unstructured (file) data in any format or scale. Unstructured file data is retained in its native format, while structured data is converted to a longlasting, nonproprietary, appropriate format. As well as being a data challenge, this process must also consider the infrastructure connectivity, security and performance required for bulk data transfer along with the engagement needed with your suppliers to open up new secure connectivity into a legacy system. Finally, a chain of custody must be maintained to provide an audit trail that evidences that data remains unchanged Data is then migrated to the Data Governance Platform, using connectors to undertaken the Extract / Transform / Load, or for bespoke or rare systems we offer a more tailored service. We understand and manage the security and infrastructure changes required and ensure an evidential chain of custody. As you combine data sets, you should introduce additional standard metadata across your organisation to aid in compliance and data reuse. Including data for the source system, data of ingest and data provenance. Through Technology use a Data Confidence Value Scoring (DCVS) process, to enable you to deduplicate data across systems, assess data provenance and set thresholds for data quality for future AI/Analytical processes. Not all data is created equal, and you need a simple mechanism to indicate whether data is from an authoritative primary source, AI generated, subject to input validation etc.. An archiving and data governance platform is a resource. Data that will only be used in bulk for analysis may lend itself to formats such as Parquet. The key is to consider both reuse and retention/preservation. Records subject to individual data access requests might be rendered per record to PDF, creating a dissemination record for future public access. A central data governance platform must be able to support multiple retention policies for different data sets. In the public sector, these may be complex and event driven (for example, based upon a sentencing data) and may change throughout a record's retention period (e.g. subject to appeal court decisions). Retention policies must be configured with a clear knowledge of the data, reflecting each record class within the system and aligned to legislation and organisational policy. Official data may have retention periods measures in decades or lifetimes. Files are typically archived in their native format, but you must monitor for format obsolescence over time, to ensure that the data remains accessible and readable for its lifetime within your systems. Separating the current high value data from aged data in a legacy system allows you to simplify your transition and reduce the costs for ongoing data storage. Move current data to a replacement application (or new host or platform), while aged data is archived to a platform that manages its long term retention/preservation, reuse and disposition.. Modern strategic systems can be configured for continuous archiving to your data governance platform, enabling data to automatically move to cheaper tiers of storage and a single central governance solution as its value to the immediate business process ends. Your data governance platform should offer connectors to popular technologies and also a simple API for data ingest and access, enabling automated archiving from any legacy or strategic application, file store or communication platform. Implementing replacement systems isn't something we detail here, however, taking a central data governance platform approach simplifies development, removing the need to duplicate data governance management functions across every business application and reducing the volumes of data that must be migrated to, and retained within, modern cloud systems with consumption based licensing. Legacy Technology Security Risk changes over time. When a system first exits vendor support it might still be in wide industry use and unpatched, making it a clear target for bad actors. By the time it is severely outdated, it is less of a target, and you may well have surrounded it with additional security controls to mitigate risk. Security risk therefore needs a real and pragmatic assessment. Availability Risk is the greatest concern for critical legacy systems. Will aging hardware and software work after version upgrades? are replacement components available in your organisation or on the market? what is the business impact of downtime? Supportability Risk refers to whether a solution can still be supported, are the necessary skills still available? are their single points of failure within your support organisation who hold vital knowledge? Will technology vendors still offer 3rd/4th line support, or even still share information? Dependency Risk assesses the other systems your legacy system relies upon or interfaces to. Will they still support the interface your legacy technology requires? are they subject to obsolescence issues themselves. Opportunity Cost links your risk and business case to your plans for innovation. What is the risk of "do nothing" and retaining the legacy technology. What innovation opportunities are prevented by siloed, ungoverned data on legacy systems and what cost savings, efficiencies or competitive advantage is being missed? This can be quantified to contribute to your business case for change, and feed into your unified legacy risk score. Legacy Technology is frequently a barrier to compliance. How many of your older systems provide the mechanisms to identify data which falls outside of your data retention policy and run a workflow for its disposition... or do you just keep everything and run the risk of GDPR/DPA2018 compliance for holding personally identifiable information beyond the term of its legitimate use? With clear understanding of business criticality and risk, you can estimate and prioritise the work required to mitigate risks and feed that into your business case. It is important to revisit your end users and understand how their use of legacy technology has evolved. Frequently, users will find a path to achieve new outcomes, building additional processes outside of the original business application or taking data from the application and using it elsewhere. These additional uses must be considered as part of any decision to retire or replace a system. You must also consider any additional data generated around the core system and ensure this is captured in your data governance approach. The end of the line is to have significantly reduced the legacy technology risk across your business, introduced a strategic approach to data governance and created a strategic cost effective platform for your data, from which it can still be accessed for its lifetime and leveraged to exploit the new opportunities available from AI and Analytics.