Transform aging software for the future
How to update legacy systems and integrate AI safely
Early in my career as a cyber security leader, the security operations center (SOC) alerted me of an incident involving a legacy application. Unfortunately, as is often the case with legacy applications, we lacked 100% observability, and an intruder had gained access to our system by exploiting a well-known vulnerability involving an outdated version of a web development platform.
As we began our all-hands response, a member of my team brought up a problem that I swore I would do everything in my power to prevent for the rest of my career: They told me there had been a bunch of incidents with the system in the last few years — and they had sent the dev team about 100 requests to update the software. But the dev team couldn’t complete the update because the person who wrote the app left the company five years ago.
It still makes me mad to think about it. Surprises in information security are rarely good, but this one was no surprise to my team. Although they knew we had a problem, prioritizing remediation had been nearly impossible given the constraints on the development team in charge of it.
We ended up running a five-day, all-hands-on-deck response to contain, eradicate, and remediate the vulnerability, which required upgrading the web platform to a newer version with fewer known vulnerabilities and making some web application firewall updates. All this work — including forensics and findings validation, communications, and notifications to regulatory entities — took approximately 10 days and more hours than I could count.
To make matters worse, the application’s annual revenue was only around $5 million — less than 1% of revenue for the entire business unit. The costs related to fixing the problem effectively wiped out the system’s earnings for the entire year.
That frustrating anecdote from my own career is just one example of why application modernization is so important. Modernization is crucial for securing apps from the latest threats. It can also help you speed development of new features, scale to support more users, integrate new technologies like AI, and deliver better experiences overall. But it’s not easy.
Facing key roadblocks in app modernization
As the 2026 Cloudflare App Innovation Report shows, many organizations encounter significant roadblocks as they modernize apps. For example, more than a third of organizations cited fractured decision-making as a hindrance to progress on complex modernization projects.
Many also admitted to challenges aligning teams on the same goals: Among organizations that are behind schedule in modernizing their software, 75% say their developers are preoccupied with building new systems rather than modernizing existing ones. This rings especially true in our current era, when AI has enabled hyper-speed innovation that has everyone fearful of falling behind.
Enterprise leaders understand that modernizing software is critical for leveraging AI and fueling their competitive advantage. Legacy infrastructure and applications bring yesterday’s limitations into every innovation effort, which slows progress and keeps teams shackled to old operating models. Eliminating obstacles to application modernization and focusing teams on bringing legacy applications into the modern era is the first step toward removing the friction that hinders growth.
Best practices for app modernization challenges
Application modernization is rarely a straightforward process. Teams often encounter an array of obstacles that can slow initiatives or cause them to fail altogether. Not all of these obstacles are technical: Beyond implementing new software architectures and integrating apps with other systems, you’ll need to make the business case for change and establish a detailed plan.
Here are four best practices for overcoming these key challenges:
1. Align key stakeholders
Before undertaking app modernization initiatives, you’ll need to align key stakeholders — including your peers in the C-suite and members of the board. Apart from needing their support to obtain budget approvals, you’ll have trouble maintaining momentum without their buy-in. These leaders may ask you to focus on other projects in the future, making it difficult or impossible to get across the finish line with your application modernization project without a shared understanding of goals and priorities.
You’ll need to clearly communicate anticipated business outcomes and ROI for your initiative. Whether accelerating time to market for new product features, reducing operational risks, improving customer experience, or realizing cost savings, focusing on these outcomes can help you make the case for the benefits of modernization.
Modernization succeeds when every stakeholder understands not only what is changing, but also why it’s changing. When company leaders are on board, department-level management, staff, and even third-party partners will find reason to accept change, further ensuring project success.
2. Build a modernization roadmap
It’s difficult to move forward when you don’t know where you’re headed. Without a clear roadmap, holding steady to long-term goals is difficult. New requirements and emerging technologies make the journey even more challenging.
A successful roadmap provides a blueprint for your organization’s overall technology evolution, ideally taking a view well into the future. When done right, it clearly outlines the technical work needed to support the organization’s strategic business goals, including the efforts needed to maintain secure, modern applications.
To ensure your app modernization initiatives stay top of mind, build a roadmap early. Define your priorities, then create a plan that balances speed, security, and business impact. As part of that roadmap, you’ll likely need to choose from one or more technical approaches, such as rehosting, replatforming, and refactoring. Each has its own pros, cons, and optimal use cases.
Highlighting potential challenges like competing priorities, budget constraints, and talent or training needs gives your peers and board a basis for understanding the path forward, and does so within the context of the business. Developing your roadmap within that of your broader strategy will enable you to take an incremental, phased approach that reduces disruption to the business and builds confidence in your organization’s agility.
3. Modernize integrations
When it’s time for your team to roll up their sleeves and get to work, they might encounter obstacles in the form of other legacy systems. While application programming interfaces (APIs) have been around for quite awhile, not every system has a modern API available. Additionally, there may be applications in your environment — core banking or insurance systems, bespoke internal applications, or niche SaaS applications — that do not have available APIs, whether by design or limitation.
While APIs typically provide the most direct, expedient approach to application integrations, they are not the only viable option to maintain connectivity with dependent systems. Custom scripts, batch processing, direct database connectivity, and message brokers all provide possible solutions to creating seamless, automated communications among systems. While not ideal, these have significant benefits over manual processing.
Transversely, look for opportunities to update your system integrations as part of your modernization project. If modernizing one application introduces an API that was previously unavailable, you have the option of updating all points of connectivity to your newly modernized application, potentially modernizing a whole fleet of independent applications. Talk about momentum!
The important thing is not just how integrations are done, but that needed system communications and data exchanges are secure, automated, auditable, and observable. Application modernization is most impactful when the resulting system can meet, or become, the new high-water mark for an organization’s modern applications.
4. Embrace AI — with a strategy
Technology and business leaders are eager for their organizations to capitalize on AI — and 93% of app modernization leaders believe that their modernization efforts will very positively impact AI use. AI is the newest, and possibly the biggest, disruptor in the world of application modernization.
In many cases, organizations are not only integrating AI into their products, but also using it to accelerate development. The rapid adoption of AI for code generation by developers — as well as the growing number of “citizen developers” leveraging vibe coding to build their own applications — means that security teams have more review work to do than ever.
Despite the enthusiasm for AI, it complicates modernization efforts by introducing a number of new potential threats. Not limited to prompt injection or model poisoning, AI by its very nature expands the attack surface through oftentimes powerful access across systems. Further, the rapid operational pace AI compounds process and technology limitations, meaning existing tooling and workflows may no longer be sufficient.
As your team expands their use of AI to modernize existing apps and create new opportunities for your organization, it is important to ensure that existing governance, assurance, and operational tools and processes are assessed and adjusted accordingly. Remember the importance of your roadmap, which can help enforce a disciplined path to productivity as your velocity increases.
Moving past roadblocks to app modernization
Modernizing apps is rarely easy. The obstacles are real, and they can significantly slow your progress. But they are surmountable. Aligning with stakeholders, building a roadmap early, understanding integration hurdles, and taking a careful approach to embracing AI can help you overcome obstacles and keep moving forward.
Cloudflare can help streamline your application modernization journey and address challenges head-on. You can integrate AI into applications, bring code up to date, and incorporate necessary security into your modern apps — all from a single platform.
This article is part of a series on the latest trends and topics impacting today’s technology decision-makers.
Dive deeper into this topic.
Learn more about app modernization challenges and discover why some organizations are ahead of schedule with their journey in the 2026 Cloudflare App Innovation Report.
Author
Liz Morton — @liz-morton-543b014
Field CISO, Cloudflare
Key takeaways
After reading this article, you will be able to understand:
How software upgrades fuel better business results
The biggest hurdles to successful system evolution
3 proven ways to clear common tech transformation blockers