In computer software and general IT circles, you will sometimes hear the phrase legacy thrown around. And you may hear some conflicting information about what legacy means. So let’s talk about what legacy means and software, and computers in general.
Varying definitions of legacy in software and IT
Sometimes legacy means unsupported. Sometimes legacy refers to end of life or unsupported software. This is technology that is crucial to some business purpose, but it’s manufacturer discontinued support or went out of business.
There is a perception of this happening more frequently than it actually does happen. There is a perception that IBM is out of business, even though they are very much alive. IBM is almost its own category of legacy that we will revisit in a moment.
The extreme example that I like to cite, and I’ve been using for years, is a very old PC running some variant of MS-DOS and custom software written in dBase, a classic software product published by a company named Ashton Tate and, later, Borland International in the 1980s and early 1990s. It was pretty easy to develop sophisticated custom software using dBase. An organization where I served as treasurer in the late 1990s used such an application for accounting purposes, so I used one of these very heavily.
This example is probably more theoretical than practical today, because any custom application written in dBase should also be easy enough to reverse engineer and reimplement using a newer technology.
Microsoft legacy technologies
Microsoft is another surprising source of legacy software. Or maybe it’s not so surprising, depending how familiar you are with Microsoft’s product line over the years. Fox Pro was a direct competitor to dBase, and as dBase floundered after Borland purchased Ashton Tate, Fox Pro was a logical backup plan. But eventually, Microsoft discontinued Fox Pro in favor of Access.
And then Microsoft Access became its own special case. The caveat frequently was that the new version of Access wasn’t necessarily fully backward compatible with the old one. If people in your IT department express hesitation about immediately deploying the new version of Microsoft Office, or even upgrading Microsoft Office long after the fact, this checkered history probably has something to do with it.
Microsoft Visual Basic is another example. There are so many Microsoft examples that it proves nobody is automatically a safe choice, no matter how big they are.
Legacy software that is still very much alive
Sometimes products get lumped into legacy even when they are still very much alive. They may be niche and no longer mainstream, but not dead. Lotus Notes is a great example. But the perception that the future belongs to some other technology can get these technologies lumped into the legacy category.
IBM and Unisys mainframes very much belong in this category. These technologies are still alive, but rumors of their impending demise date back to the early 1990s. If you have aspirations of becoming a CTO or CIO someday, developing a plan for migrating off these technologies will be very helpful to you. Just keep in mind that many before you have tried and failed.
There are other technologies that fall into this same general category. Minicomputers are a good example of that. IBM AS/400 and anything running DEC VMS are examples of this. Arguably IBM OS/2 also falls into this category. OS/2 survived longer in corporate environments than many people give it credit for. While it is fairly rare for bank ATMs to still run OS/2, there is the occasional OS/2 machine still hanging on in obscurity, dutifully handling some weird task nothing else was able to do easily.
Yes, legacy even happens in x86
For that matter, sometimes there is some odd device running Windows NT4, Windows 2000, Windows 95 or 98, with some piece of software that’s not compatible with any newer version. So that whole device sits there, and there’s not much you can do with it besides call it legacy. The logical migration paths of minicomputers and mainframes are now legacy themselves, and often had a shorter lifespan than the stuff they displaced.
What legacy means in security or compliance
There is a running joke among security and compliance professionals that legacy basically means anything IT doesn’t want to deal with. As a security professional myself, I have a hard time disagreeing with that. We say in jest that if something is legacy, it can’t be hacked. So we just saw problems by declaring something legacy when we don’t know what to do with it.
Figuring out what to do to minimize the risk from such things is part of our job.
And I’m of two minds on this issue. Legacy is absolutely a loophole that can be misused and abused. And the definition certainly is unclear.
But language evolves over time. If it didn’t, we wouldn’t be able to communicate. If Shakespeare is hard to read and relate to, it’s partly because the language and culture have evolved since his day. And if we’re being honest, sometimes writings a century old can be difficult to process, because the language has evolved.
I guess you can say that being rigid and inflexible over the use of words like legacy is a good way to become legacy yourself.