What is the difference between legacy application support and modernisation?

Support means maintaining the existing system: fixing bugs, applying security patches, and keeping the application running without changing its architecture. Modernisation means replacing or substantially rearchitecting it to address underlying technical debt. Support is lower cost in the short term; modernisation is lower cost over a five-to-ten year horizon.

How do I know when a legacy application is too costly to support?

The clearest signal is when the annual support cost, including developer time, infrastructure, and incident response, exceeds 25-30% of the estimated modernisation cost per year. Other signals include more than three critical security vulnerabilities in the past 12 months, inability to hire developers with the required skills, and recurring compliance failures.

Can I modernise a legacy application incrementally rather than rebuilding it all at once?

Yes, and this is usually the better approach. The strangler fig pattern lets you wrap the legacy system with new services that gradually replace its functionality. Incremental modernisation spreads cost, reduces risk, and allows the business to keep operating during the transition. A full rebuild carries significant risk of cost overrun and scope creep.

What does legacy application support in the UK typically cost?

Costs vary widely by technology stack, complexity, and support tier. A typical mid-size enterprise application on a legacy stack might cost between £80,000 and £300,000 per year in support, including developer time, infrastructure, and third-party licences. Modernisation projects for the same application commonly range from £200,000 to £1.5 million, depending on scope.

What is technical debt and how does it affect the support vs modernisation decision?

Technical debt is the accumulated cost of shortcuts, outdated dependencies, and architectural decisions that made sense at the time but now slow development. High technical debt increases the cost of every change and every bug fix. When the interest on technical debt, the extra time each task takes, exceeds the cost of paying it down through modernisation, the decision calculus shifts.

Should I modernise or just rehost my legacy application to the cloud?

Rehosting (lift and shift) is the fastest and lowest-risk migration path, but it preserves the underlying technical debt. It can make sense as a first step to get off ageing on-premise infrastructure, but it rarely reduces long-term support costs significantly. Modernisation, which changes the architecture rather than just the hosting, delivers the cost and capability improvements that justify the investment.

Legacy Support vs Modernisation

Neither “support everything” nor “rebuild everything” is the right default. The decision depends on business criticality, technical debt level, security exposure, and the cost trajectory of each path. This guide gives you a structured framework for making the call, including a scoring matrix and cost comparison approach you can apply to your own portfolio.

Most enterprise software estates contain at least one application that everyone knows needs attention but nobody can agree on what to do about it. The system works, just about. It is expensive to change. The original developers have left. And the conversation about what to do loops back to the same stalemate every quarter.

The support vs modernisation question is not a technical one. It is a business decision that needs a framework. This guide gives you one.

We have applied versions of this framework across our legacy application modernisation work with clients in education, government, and enterprise services. The inputs vary; the structure stays the same.

What are the signs your legacy application needs attention?

An application can need attention without needing replacement. The first step is distinguishing between the two types of signal.

Signals that point toward continued support

The application is stable, low-change, and serves a clearly bounded function.
The technology stack, while dated, is still maintainable and has developer availability.
Security patches from the vendor are still being issued.
The cost of change is high because of complexity, not because of fundamental architectural problems.

Signals that point toward modernisation

Performance and scalability limits: The application cannot handle current load, and infrastructure upgrades have stopped improving the situation. This typically indicates architectural constraints that support cannot fix.

Security debt: Unpatched vulnerabilities are accumulating faster than they can be addressed. Alternatively, the application relies on a technology that has reached end of life and no longer receives security updates (older versions of .NET Framework, Java 8 and earlier on certain stacks, or end-of-life operating systems, for example).

Talent availability: The skills required to maintain the system are increasingly scarce. COBOL, classic ASP, and early versions of ColdFusion are all examples where the developer market has contracted significantly. When the team supporting the system retires or leaves, replacement becomes very difficult.

Compliance failure: The application cannot meet current regulatory requirements (GDPR, Cyber Essentials Plus, ISO 27001, accessibility regulations) without architectural changes that amount to a rebuild.

Integration impossibility: Modern systems, APIs, and data platforms cannot integrate with the legacy application without complex translation layers that create fragility and ongoing maintenance cost.

When does ongoing support make sense?

Support is the right choice when the application is stable and bounded. Specifically, consider keeping the application in support if:

The system supports a process that is unlikely to change significantly in the next five years.
The annual support cost is a small fraction of the business value it delivers.
A modernisation project would disrupt operations during a period when the business cannot absorb that risk.
The replacement technology landscape is immature or unclear, making it rational to wait.

The managed support model works well for applications in this category. Rather than tying up internal developers in maintenance work, managed application support hands off the day-to-day to a specialist team, freeing internal capacity for higher-value work while keeping the system stable.

When should you modernise or rebuild?

Modernisation is justified when the cost of staying still exceeds the cost of change, or when the application is blocking business growth.

The specific triggers are:

Security vulnerabilities that cannot be patched without architectural change.
A vendor end-of-life deadline that makes the current stack unsupportable.
A scaling requirement the current architecture cannot meet.
A strategic initiative (new product, new market, acquisition integration) that the legacy system cannot support.
The total annual cost of support consistently exceeds 25-30% of the estimated modernisation project cost.

When you reach this point, a full rebuild is rarely the only option. The strangler fig pattern, where new services are built alongside the legacy system and gradually take over its responsibilities, reduces risk substantially compared to a big-bang replacement. The legacy system keeps running until each module has been replaced and validated.

For more on migration paths, our post on legacy to cloud migration covers the most common approaches and when each applies.

How to compare costs: support vs modernisation

Total cost of ownership comparisons between support and modernisation are often skewed because support costs are hidden in overheads while modernisation costs are visible as a capital project. To make a fair comparison, include:

Support cost components (annual)

Developer time: hours per month spent on bug fixes, patches, and incidents, multiplied by blended rate.
Infrastructure: server licences, database licences, hosting, and monitoring.
Third-party dependencies: vendor support contracts, end-of-life licence extensions.
Incident cost: downtime frequency multiplied by cost per hour of disruption.
Opportunity cost: development capacity consumed by maintenance that cannot work on new features.

Modernisation cost components (one-time and ongoing)

Build cost: design, development, testing, and migration.
Data migration: the data migration workstream is frequently underestimated; plan for it explicitly.
Parallel running: the period when both systems operate simultaneously adds cost.
Training and change management.
Post-launch support: the first 12 months after a major launch typically have elevated incident rates.

The break-even analysis is straightforward: divide the total modernisation cost by the annual saving from lower support costs. If the payback period is less than three to four years, modernisation is almost always the better decision.

A risk assessment framework for legacy decisions

Use this scoring matrix to create a structured basis for the conversation. Score each dimension from 1 (low) to 5 (high) for your application.

Dimension	What to assess	Scoring guide
Business criticality	How severely would the business be affected by a 48-hour outage?	1 = minimal impact, 5 = existential threat
Technical debt	How much does the codebase slow down every change?	1 = fast and clean, 5 = every change breaks something
Security exposure	How serious are current unpatched vulnerabilities?	1 = no known issues, 5 = active exploitation risk
Talent risk	How hard would it be to replace the current support team?	1 = common skills, 5 = skills are rare or unavailable
Compliance gap	How far is the application from meeting current requirements?	1 = fully compliant, 5 = material compliance failures
Growth alignment	How well does the application support the next three years of business plans?	1 = blocking growth, 5 = fully aligned

Interpreting the scores:

Security exposure or compliance gap at 4 or 5: modernisation is likely unavoidable in the near term regardless of other scores.
Talent risk at 4 or 5 combined with technical debt at 4 or 5: support-only strategy carries significant continuity risk.
Business criticality at 5 with technical debt at 4 or 5: the combination justifies urgent action; the question is sequencing.
Low scores across all dimensions: support is appropriate and modernisation is premature.

Making the decision stick

The scoring matrix creates a shared basis for the conversation, but decisions in this area often stall because modernisation costs are concrete and immediate while support costs accumulate invisibly. To move forward:

Present the TCO comparison over a five-year horizon, not just the upfront modernisation cost.
Quantify the opportunity cost: how many developer-days per year are consumed by maintenance that could be new feature work?
Propose an incremental path rather than a big-bang project. A phased approach reduces the perceived risk and makes the investment easier to approve in stages.

If you have reached a decision point and want an independent view on the right path for a specific application, our maintainability review provides a structured technical assessment with a clear recommendation and cost model.

Legacy Application Support vs Modernisation: When to Maintain and When to Rebuild