IT Compliance Strategies For Mainframe Applications

Organizations face a host of challenges when updating their core mainframe applications for compliance. Here are some ways to reduce IT compliance costs.

Andrew Wickett

November 11, 2014

5 Min Read
Network Computing logo

The mainframe remains fully entrenched in today’s core business operations. In a 2014 Vanson Bourne survey of global 590 CIOs and IT directors, respondents expect their organizations to continue relying on mainframe applications for another 10 years. However the majority (81%) of CIOs find it difficult justifying the expense of maintaining core mainframe applications, and 51% admit that, as a result, their businesses are exposed to compliance and risk issues.

Modernizing core mainframe applications to ensure compliance introduces a number of challenges to the enterprise, many of them involving the daily tug-of-war for the CIO seeking to maintain non-disruptive operations, while also focusing on innovative ways to modernize IT.

According to research firm Gartner, 70% of an organization’s IT spend is typically directed to "keeping the lights on," which does not move the business forward yet ends up consuming the overriding majority of the IT budget.

Compliance requirements are vast and vary based on an organization’s business and industry, but as a whole, governance, risk, and compliance (GRC) projects add non-negotiable, fixed deadlines to existing IT workload. Whether it's compliance with data privacy regulations, new SEC rules, mobile payment protections, or changes due to FOREX and LIBOR rigging scandals, there are several key challenges that organizations face in reducing their IT compliance spending.

Lack of visibility: Missing code documentation, concerns over internal resourcing, and data privacy risks all pose challenges when updating core applications for compliance. A lack of visibility into the applications, testing, and coding can add to the complexity of updating applications, as it becomes difficult to understand where to make changes when up-to-date application documentation is missing. All of this affects how quickly developers are able to identify specific areas of code impacted by the compliance change.

Discontinued products: It's not unusual for software and hardware vendors to consolidate product offerings and "sunset" a particular product or product line. IT teams must initiate major projects related to the sunset with minimal benefit to the business or customers. Not only do compliance risks go up for running unsupported technology, but it also places a significant burden on IT development teams.

Security requirements: Data breaches have become a daily reality for most businesses, and as a result, IT teams are under constant pressure to stem the tide of IT spend required to ensure regulatory reporting and compliance for data breaches, while also strategically prioritizing projects driven by business, customer, and competitive variables. Many companies have scheduled compliance/regulatory updates to apply to their systems on a monthly, quarterly, or semi-annual basis.      

Cloud and mobile: According to the 2014 Vanson Bourne survey, around one-third of mainframe applications are accessible on mobile devices and/or via the cloud, but respondents indicate that this percentage will increase in two years’ time. As companies extend their systems into the cloud and provide more mobile access, they need to ensure cloud and online environments are as secure as their current systems to maintain proper compliance.

Shrinking IT application teams: It wasn’t long ago when almost all mainframe IT application teams had 10 to more than 50 team members. Today, team size skews to the lower end of this range -- if not lower -- as many application teams dedicated to older systems have shifted to maintenance mode. As a result, there are fewer available skilled resources to handle new IT compliance needs.

How to minimize IT compliance costs: To address the challenges around rising IT compliance costs, there is a handful of strategies that IT decision makers can consider:

Resist rip-and-replace
It's tempting to assume that updating existing systems can be a costly endeavor. In reality, it is statistically more costly and prohibitively risky to rip out these systems and replace them with something else. The rip-and-replace approach often results in project failures or projects that are delivered late and over budget.

In order to best support compliance requirements, organizations should consider a modernization strategy that helps to gradually change and update their core business applications using smarter analysis, development, and testing technology. These core systems are not fundamentally broken -- they just need to be modernized, and so do the teams supporting them and the tools they use.

Automate to reduce IT backlog
Using automation technology can create repeatable, effective steps for updating software in order to meet IT compliance requirements quickly and cost-effectively.  

For years, application-understanding technology has formed the backbone of many organizations’ maintenance activities, including handling the change requests emerging from mandatory regulation.

This technology provides developers with a to-do list, focusing them on impacted areas and dramatically reducing the learning curve associated with unfamiliar code so that organizations can keep up with changing compliance requirements by quickly finding the right code, fixing it, and testing it.

Conduct careful testing
The process of testing applications must also be carefully handled to avoid introducing new IT failures and breaching existing regulations. Testing can risk divulging personal employee information. Moreover, regulatory controls may even restrict where data is stored. Technology that enables a more flexible approach to both comprehensive testing and flexible deployment of core systems, in accordance with a range of data regulations, would be a critical advantage in delivering compliance efficiently.

Compliance is “lights-on” labor, forcing CIOs to maintain business as usual in the face of overdue maintenance tasks and costs. Of course, organizations must invest in innovation to achieve or maintain a competitive advantage, but compliance is obligatory, so something must give in order to prevent compliance-induced stasis from feeding the organization’s IT debt.

For that reason, remaining proactive in addressing IT compliance spend requirements will ensure a focus remains on innovative “light bulb” ideas, rather than simply keeping the lights on.

About the Author(s)

Andrew Wickett

Director of Professional Services & Architecture, North America for Micro Focus

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like

More Insights