There are many reasons why the legacy SAP system exists, whether it is down to a lack of resources and time required to decommission, the organization’s business teams arguing that they still need to have access to the data, or sometimes the legacy system exists simply because it was forgotten about. Does it matter? After all, some may argue that the only cost associated with keeping an SAP legacy system is the cost of the virtual machine environment (VME) on which the system is residing – and these costs aren’t that high, right? Wrong. Let’s take a look at some of the factors to be considered when it comes to maintaining an SAP legacy system.
1. The environment of the SAP legacy system
Firstly, the environment where the SAP legacy system resides still costs money – whether it resides in a VME, a cloud environment, or in an on-premises system. The data storage costs have steadily come down over the years to a level where it is a fraction to what it was a decade ago. So, it may not appear to be much, but it is still money that could be spent on other required infrastructure.
Secondly, the cost of the operating system (OS) license, along with the database (DB) and SAP licenses, will need to be maintained for the SAP legacy system along with their associated support costs. This can be quite a substantial amount and should not be overlooked. Even if the legacy system is not used, you still have to ensure that the SAP legacy system is maintained and supported. This will also place greater pressure on the technical team to ensure proper maintenance of the SAP legacy system.
Thirdly, as with all systems – current or legacy – security is a must. SAP releases updates for its systems on a regular basis and that includes security vulnerability patches. These SAP updates must be applied regularly (at least every month), with critical updates having to be implemented as quickly as possible. This is even more crucial if the legacy system is connected to the existing SAP landscape as it can provide a vulnerability weakness in the whole landscape. SAP updates will require regular technical resources from the organization to ensure that relevant SAP updates are analyzed and implemented in a timely manner for the correct SAP patch level.
In case you were wondering if this is a little over the top, consider this fact. The cost of a data breach can easily exceed a six or seven figure sum and you only need to look at the media to see what sort of negative publicity and attention this can bring to your organization. Things can also get more painful if national data regulators get involved, so it would really be a fallacy to be lax in this area.
Fourthly, there is also the matter of upgrade releases to the operating system and database for the SAP legacy system – these should also be carefully considered. Many organizations perform upgrades to the operating system and database at the same time as it will minimize system downtime. For many organizations, this requires at least a week to perform the task for each legacy system and will involve a substantial amount of technical resources and cost to perform.
5. Data regulations
Fifth, depending on the use and age of the data that are held in the SAP legacy system, you may need to consider the implications of the General Data Protection Regulation (GDPR) on any personal data stored. If personal data relating to EU individuals are held in the system, then there needs to be a clear and justifiable reason for the data to continue to be held in the SAP legacy system. If there is no clear justifiable reason, then the organization runs the risk of non-compliance with GDPR regulations. This includes, amongst other reasons, if the personal data are of an age that the business cannot justify keeping on the system. If personal data do exist on the SAP legacy system, they should be redacted as soon as possible so as to remove any personal data references to an individual. A project to redact personal data from an SAP system whilst maintaining the commercial data can be quite complicated and costly to execute and may be difficult to implement for many organizations.
As with any current production or non-production systems, even if there is a business justification to keep the personal data on the SAP legacy system, the business has to implement protocols and procedures in readiness for any personal requests to report on what data is held against them in the SAP legacy system. This personal request may lead to a person exercising their right to be forgotten, which could create an extra administration burden to the business as they apply protocols for the redaction.
As the SAP legacy system ages and technology marches forwards, it will become more difficult to justify the cost and maintenance of a legacy system. This can be because of more up-to-date SAP technology, more robust operating system development, newer and more efficient database technologies, or a combination of all three. Also in time, suppliers for these technologies will cease the maintenance and support, making the legacy system difficult to maintain.
Upgrading the legacy system will involve purchasing licenses to the newer version of SAP and the relevant operating systems and databases, which will increase the cost of operation and ownership of the SAP legacy system as well as the cost of implementing the upgrade. On top of that, the system may require replacing with newer or more powerful hardware to run these new environments. To continue with the SAP legacy system as is, without maintenance and support, will mean that the SAP legacy system could become a vulnerability and risk to the organization.
Once you consider all the factors involved in maintaining an SAP legacy system, you have to ask yourself whether these costs are worth incurring to maintain and operate an SAP legacy system. After all, maintenance and support of a legacy system is as much about risk management as it is providing IT services. And are the risks really worth it?