Craft a risk management plan for application modernization

Common application modernization risks

The risks associated with application modernization come in many forms, and in fact, the inability to predict exactly what might go wrong is part of what makes modernization projects so risky. It's kind of like disaster recovery planning: If you knew ahead of time exactly which type of disaster you might face, planning for it would be a lot simpler. But you can't, which is why you need to plan for a wide array of unpredictable risks.

In the context of application modernization planning, many risks tend to fall into four main categories: financial, operational, staffing, and security and compliance. Build in resilience against most types of risks that could send a project sideways by factoring each of these categories into modernization plans.

Financial risks. Financial risks result from the chance that the budget for a modernization project doesn't align with reality. For example, if it ends up taking twice as long as anticipated to overhaul an application's codebase, you'll have a much higher cost associated with developer effort. Or migrating data for a modernized application from on premises to the cloud could cost more than you had predicted.

Operational risks. Operational risks emerge from trouble predicting the operational requirements of modernization. For example, a project requires the involvement of more engineers than expected. This affects other business initiatives because fewer engineers are available to support them.

Staffing risks. It is possible that the current staff isn't able to support a modernization initiative fully because they lack the necessary skills with the technologies you are using. This can happen due to inaccurate assessment of your staff's current abilities, as well as inaccurate predictions of which technologies the project will require.

Security and compliance risks. Because modernization efforts transform applications, the project can create new security and compliance challenges. For instance, you might need to migrate sensitive data from a legacy app to the cloud. This requires you to configure a new type of access control system, like your cloud provider's identity and access management service, to protect the data. Additionally, the increase in architectural complexity that often results from overhauling legacy applications creates new security challenges.

How to manage application modernization risk

The key to managing and mitigating the risks of application modernization is having a plan that enables you to anticipate the financial, operational, staffing, and security and compliance requirements of your project accurately. Allocate the necessary resources ahead of time to avoid surprises. Best practices for formulating such a plan include the following:

• Set specific goals. Avoid targeting generic goals for app modernization, such as to take advantage of the cloud. Instead, set goals that are as specific as possible, such as using a multi-cloud architecture to reduce hosting costs for X, Y and Z apps. The more specific the goal, the lower the risk that you overlook or fail to anticipate important requirements.
• Align technologies with goals. Establish specific modernization goals to help you choose the right technologies to support those goals. There are many ways to modernize an app, but if you lack clear guidance about which specific technologies to choose, you run a higher risk of ending up with a project that goes sideways.
• Involve all stakeholders. Application modernization planning should involve nontechnical stakeholders, as well as IT staff. Nontechnical users often understand how applications will be used better than engineers. Incorporating their perspective helps avoid blind spots during planning.
• Factor in a margin of error. Some amount of divergence between what you expect to happen and what happens during modernization is inevitable. To avoid surprises, factor a margin of error into plans, and allocate resources for supporting it. While the size of the margin depends on how complex the project is and how much risk you can handle, 10% is a healthy baseline. For example, if you estimate that a project will take 10 months or cost $100,000 to complete, budget 11 months and $110,000 to give your teams a buffer.