Rocket Software Expert on Modernizing and Securing COBOL Systems

COBOL (Common Business Oriented Language) systems have been around since 1959 as a programming language that is still critical for many legacy systems, including finance, government, and insurance.

While this system may seem dated because of how long it has been around, it’s actually a system that fails very infrequently. In reality, the common challenge around COBOL is often a lack of skills required for it.

Channel Insider was able to have a conversation with Scot Nielsen, Vice President of Product Management at Rocket Software — a leader in enterprise modernization — on COBOL and how COBOL applications remain vital.

The enduring relevance of COBOL

COBOL still powers about 70 percent of the world’s transaction processing, from banking and insurance to government and retail, according to Rocket. This makes COBOL highly indispensable, but also highly vulnerable if not modernized properly.

“It’s not only COBOL that’s been around for a long time, so too have the applications that were built in it,” said Nielsen. “What you tend to find is that these applications that we’re talking about, running banks and other financial institutions, have been evolving those applications over decades, and they are enormous. You are not going to find bigger applications anywhere else in the IT state.”

According to Nielsen, the first thing organizations must keep in mind is the scale of the applications, as most COBOL applications run to millions of lines of code. Organizations have been extending them over the course of several decades and reflect many of the business processes that they have.

With that, the applications become highly interconnected with many other systems within the organization.

“I was speaking to a company that uses COBOL for its dealer management systems. It’s in the automotive industry, and it’s helping manage the dealers that are coming in asking for spare parts and various things like that, but it’s also then connected into the marketing system so that the customers are reminded that they need to bring their car into the garage and get a service or something like that,” said Nielsen. “So that’s very common. These systems are very interconnected elsewhere — that in itself kind of gives them some longevity. It’s very hard to remove them.”

Cyber risks and recommendations for legacy COBOL systems

The first risk for COBOL systems or applications is that some of these applications are running on aging infrastructure and out-of-date operating systems.

These may not be receiving new patches and updates that vendors are providing, so identifying what infrastructure COBOL systems run on is key to addressing the potential risk.

“The focus is perhaps on the systems of engagement — the user interface — and the focus is there because COBOL is just a reliable workhorse doing what it’s always done,” said Nielsen. “There’s certainly a need to look at the infrastructure.”

Among the key messages for organizations when it comes to securing legacy systems is that they’re not going to rewrite themselves out of any problems, as they are likely to have COBOL applications in place for quite some time.

“They need to really carefully examine the needs of the application and not assume they’re going to have this problem in the next two years because we keep hearing that narrative that it will be replaced and the business is still very much dependent on it,” Nielsen explained.

Further, the challenge around skills with COBOL is another factor that organizations face, as the problem is exacerbated when referring to security and the scale of the application.

Nielsen recommends that organizations have static code analysis tool sets in place to help developers understand what they’re dealing with due to the scale. Additionally, there should be continuous integration, unit testing, and modern development tools that make it easier for developers to maintain COBOL applications and ensure security needs are also taken care of.

“I would also look at what sits around the COBOL application,” said Nielsen. “The COBOL application can have vulnerabilities, and the developer can perhaps introduce code that is susceptible to exploitation. There are tools that can scan for COBOL, but actually the COBOL application sits on top of another application layer, and that is a very privileged application layer, having access to everything on the system. It’s important that whoever’s coded that layer is doing the right thing.”

Rocket Software’s modernization strategy

Rocket Software’s company mantra is to modernize without disruption and maintain that edict from multiple angles.

Organizations have invested for many decades in COBOL applications, and users of those applications have a choice to either modernize by throwing it all away and starting again — rewriting the application in Java, perhaps — and that’s what some organizations would advocate, Nielsen explains.

Rocket’s perspective is that there’s a lot of value in those applications, but they want to enable enterprises to take advantage of that value in different ways moving forward. Rocket believes that’s the fastest and least disruptive approach for organizations to pursue.

“There are many different ways that we can assist with that, but it could be, for example, Rocket has a long heritage on the IBM Z platform, and there are many different ways that we enable organizations to modernize the applications on Z itself,” said Nielsen. “If an organization wants to actually leverage commodity platforms and the cloud, then Rocket is quite unique in that regard, enabling organizations to leverage those applications and re-platform them to distributed platforms without having to rewrite and start again.”

Rocket’s focus is on business applications, as that’s what keeps the lights on and is what businesses have been investing in for decades.

“We want to find ways to always help the organization leverage those rather than having to do something more profoundly risky like a rewrite,” said Nielsen. “From a high-level perspective, it’s about leveraging what works — what you know works as an organization — rather than ripping it out and starting again.”

Rocket provides COBOL products that are modernization solutions for COBOL applications. Developers can utilize these solutions to update, extend, and evolve complex codebases. It empowers engineers to work efficiently with COBOL using industry-standard tools and generative AI, enabling them to navigate and update complex, large-scale COBOL applications quickly.

Modernization helps reduce vulnerabilities while preserving mission-critical business operations; however, understanding the path to achieving this is vital to maintaining business continuity.

Many enterprises are facing gaps in their IT modernization return on investment, according to IDC and Rocket Software. Learn more in a recent report that reveals he barriers slowing progress.