Abstract
This document is a work in progress and has not been finalized, verified, or approved for production use. The information contained herein may be inaccurate, incomplete, or outdated. Do not rely on, distribute, or implement any guidance from this version. Use of this draft is at your own risk.
This publication covers modern IBM i development practices including RPG modernization with free-format syntax and ILE modularity, data-centric programming with SQL table definition and database design, database re-engineering strategies, character encoding and CCSID fundamentals, test-driven development with automation, and performance optimization tools for Db2 for i. The content addresses developers and technical professionals working with IBM i systems, providing practical guidance on modernizing legacy applications, implementing data-centric architectures, ensuring proper character encoding, establishing automated testing frameworks, and optimizing database performance through systematic analysis and index management.
Authors
Tim Rowe, Brad Bentley, Steve Bradshaw, Jim Buck, Andrew Clark, Andrew Youens, Scott Forstie, Ludovic Gasc, Shankar Giduturi, Wim Jongman, Sébastien Julliand, Gaurav Kumar, Marius le Roux, Benoit Marolleau, Kent Milligan, Ryan Moeller, Rahul Pareek, Het Patel, Michael Pavlak, Pascal Polverini, Marina Schwenk, Vikas Sonwal, Todd Stewart, Jeff Ticker, Khushi Wadhwa, Carol Woodbury, Jia Tian Zhong and George Van Eaton
- An Introduction to Modernizing IBM i Applications
- What This Covers
- Authors and Contributors
- Understanding Modernization Fundamentals
- Why Modernize? Key Drivers and Benefits
- Planning Your Modernization Journey
- Strategic Considerations
- Trademarks
- The Path to Modernization
- IBM i Architecture Modernization
- Modern Development Tools for IBM i
- IBM i Interfacing and Integration
- User Interface Modernization
- Modern RPG
- Data-Centric Programming on IBM i
- Database Re-engineering for IBM i
- Open source languages on IBM i
- Web serving on IBM i
- Security on IBM i
- Character Encoding and Globalization
- Source Control and Git for IBM i
- DevOps Practices for IBM i
- AI and IBM Bob for IBM i Development
- Test Driven Development with Automation
- IBM i Performance Optimization Tools and Techniques
An Introduction to Modernizing IBM i Applications
What This Covers
This IBM Redbooks® publication addresses modernization at all levels of the operating system. It covers development concepts that are in themselves modern and, when used in aggregate, will allow you to build applications that are functional, intuitive, performant and secure.
Whether you are evolving existing workloads or building new solutions, this book provides the foundation and tools you need to modernize with confidence and deliver better software, faster. You will see practical techniques to accelerate development, strengthen testing practices, and simplify integration with other applications, regardless of whether they run on IBM i.
Authors and Contributors
Brad Bentley is a Principal in Technology Expert Labs at IBM, based in Rochester, MN, USA. He has 27 years of experience in application modernization and transformation on IBM Power systems and focuses on optimizing existing workloads, leveraging cloud-native technologies, DevOps practices, and AI-driven monitoring solutions. Brad holds a Bachelor of Science in Computer Science and has worked with IBM i's largest customers across finance, manufacturing, and healthcare industries, helping them navigate their modernization journeys. He actively shapes industry best practices through customer engagements, conference presentations, and technical publications. Brad contributed to this IBM Redbooks publication during a residency on IBM i Interfacing and RPG best practices.
Steve Bradshaw is the CEO & Friendly Techie at RowtonIT.com, a UK IBM Business Partner founded in 2008 specializing in supporting Small to Medium-sized Enterprises. He has four decades of experience working on IBM i Systems since 1988. For over 15 years, Steve has been the Technical Director of the i-UG IBM i user group i and a member of the Common Europe Advisory Council, where he works closely with IBM to help shape the future of IBM i. He was made an IBM Champion in 2018 and spends much of his time teaching modern IBM i Best Practices at Universities in the UK, IBM i conferences around the world, as well as posting much of his material online.
Jim Buck is president and founder of imPower Technologies, based in Kenosha, Wisconsin. He provides professional IBM i training focused on modern ILE RPG and CLLE. With 38 years of experience in education, manufacturing, and healthcare, Jim co-authored several widely used IBM i textbooks with Bryan Meyers, including Programming in ILE RPG, 5th Edition, and the CL book. These titles are used by companies and colleges worldwide. He is a long-time IBM Champion for Power Systems and has served on multiple teams developing IBM and COMMON certification tests.
Andrew Clark is the Senior Principal Software Engineer for IBM i at Rocket Software. Andrew has over 35 years of experience on IBM i beginning with the "secret Mankato Project" on a pre-release version of OS/400, and an internship at IBM Rochester working on the Query team. He has development expertise in multiple programming languages including RPG, Java, and C++; a background in green-screen, Windows, mobile and web development; proficient at everything DB2/SQL on IBM i, has extensive experience in the entire DevSecOps lifecycle, a frequent speaker at Common and other events, is an AWS certified Solutions Architect and IBM Champion.
Scott Forstie is a Senior Technical Staff Member and Db2 for i Architect at IBM, where he has contributed to operating system development since 1989. He leads the Db2 for i development team and is a frequently published author and speaker at industry events worldwide. Scott actively shares SQL expertise through multiple channels including the Db2 for i SQL Tutor, the iSee Video blog, and GitHub, making advanced database concepts accessible to the IBM i community.
Ludovic Gasc has been passionate about Open Source, bioinformatics, and hardware for over 20 years. He has worked with various start-ups and scale-ups in Telecom and IoT, and has contributed to several Open Source software projects within the Python, Java, and JavaScript ecosystem. Moreover, he has worked as a DevOps/SRE specialist to deploy and maintain a real-time communication solution in a multi-cloud environment (4 clouds) with the help of Ansible. Currently, he specializes in modernizing the IBM Power platform using the AI and Open Source/RedHat stack.
Shankar Giduturi is a Solution Architect and Enterprise Architect at Republic Services, based in Phoenix, Arizona, United States. He has 20+ years of experience in enterprise technology, with deep expertise in Order to Cash platforms and IBM i modernization. His focus includes practical architecture, DevOps adoption, integration design, and delivery reliability for large-scale business systems. Shankar contributed to IBM Redbooks content across stored procedures, Jenkins CI/CD, data queues, Integrated Web Services, SQL-based web service consumption, fully free-format RPG, SQL procedure testing, embedded SQL, and JSON processing in RPGLE, emphasizing resilient modernization and maintainable solutions.
Wim Jongman is CTO and co-owner of Remain Software, founded in 1992 to provide DevOps solutions for IBM i. Wim has worked with IBM i and its predecessors since the platform's introduction in 1988 and has remained a strong advocate for its continued evolution. He focuses on modernizing IBM i development through DevOps, automation, integration, and continuous delivery. With decades of hands-on experience, Wim combines deep platform knowledge with a practical view on how enterprise software teams can move faster without losing reliability. His credo says it all: "To the Batmobile. Let's go!"
Sébastien "Seb" Julliand is the R&D Technical Lead at i and me - Training and Consulting GmbH, based in Annecy, France. He has been working on IBM i for 20 years, and his field of expertise ranges from application development and modernization to DevOps. Seb has been an IBM Champion since 2024 and an active member of the IBM i community, both as a speaker and as one of the main and most active contributors to the Code for IBM i VS Code extension and other open-source projects related to IBM i. He contributed to this IBM Redbook focused on application modernization by sharing his expertise on VS Code, Code for IBM i, Git and Jenkins.
Gaurav Kumar is a Senior Systems Administrator at HSBC, specializing in IBM i modernization, code development and DevOps practices. He has 6 years of experience working on infrastructure automation using Ansible, implementing CI/CD pipelines, enhancing system observability (using OTEL, Prometheus, Manzan) as well as IBM i Integrated Web Services. He contributed to this IBM Redbooks publication covering modern IDE tools and productivity features, benefits of source control and free-form RPG, and Ansible-based automation for IBM i.
Marius le Roux is an IBM i Consultant and owner of MLR Consulting, specializing in modernization, integration, and enterprise architecture on IBM i. He has over 20 years of experience across operations, development, and system administration. He is a co-author of multiple IBM Redbooks publications, including IBM i 7.6 Features and Functions, and contributes regularly through technical articles and community forums such as IBM i groups on TechXchange.
Benoit Marolleau is a Solutions Architect and AI Engineer in IBM Client Engineering EMEA at IBM, based in Montpellier, France. He has 20 years of experience in application and infrastructure modernization, with specialized expertise in IBM i platform integration and AI solutions. Benoit holds engineering degrees in data, computer science, and management. He assists enterprise clients with digital transformation initiatives, focusing on modernizing legacy systems and implementing Cloud, Open source and AI-driven architectures. A regular speaker and part-time educator, he is passionate about knowledge sharing and diversity in technology. He contributed to this IBM Redbooks publication on application modernization concepts, AI and Web technologies.
Kent Milligan is a Senior Db2 for i Consultant in IBM Technology Expert Labs based in Rochester, Minnesota. He has over 30 years of experience as a Db2 for IBM i consultant and developer in the IBM Rochester Lab. Kent is a frequently published author and speaker on Db2 topics at IBM i industry events. He joined the IBM Redbooks residency to contribute expertise in the modernization of Db2 for i databases.
Ryan Moeller is a Staff Software Developer at IBM Rochester where he has contributed to the SQL Query Engine team since 2019, working on SQL optimization and database tooling. Ryan is an experienced speaker and has presented on various Db2 for i topics at events around the globe.
Rahul Pareek is a Technical Architect – IBM i at Programmers.io, based in Pune, India. He has 15 years of experience in IBM i application development and specializes in establishing modern source control workflows, enabling DevOps adoption, and transforming traditional IBM i development into agile, CI/CD-driven delivery models. He contributed to this IBM Redbooks publication during a residency on Git adoption on IBM i and addressing common implementation challenges.
Het Patel is an AI Software Development Engineer at IBM with approximately 8 years of experience in software development and artificial intelligence. He specializes in IBM Bob™, an AI-powered assistant, and development tools for IBM i and database engineering by contributing to Db2 for i, where he led the FVT team for several features. Het contributed to this IBM Redbooks publication during a residency on AI, Database Engineering, Java Modernization, and DevOps Practices for IBM i Modernization. He recently started a speaker journey for the IBM i community in areas of AI and Database by COMMON.
Pascal Polverini is a digital transformation expert specializing in IBM i modernization, test automation, and AI governance. As CTO of Polverini & Partners, a tooling and automation solutions provider, he brings over 30 years of experience in software architecture, development strategy, and cross-technology integration. A recognized industry voice and IBM Redbooks author, he regularly publishes and speaks at international events. Pascal joined this residency to contribute his expertise in automated testing, AI validation, and globalization.
Tim Rowe is a Senior Technical Staff Member and Business Architect at IBM for Application Development, where he has contributed to operating system development since 1989. He leads the application development & systems management teams and is a frequently published author and speaker at industry events worldwide. Tim actively shares best practices for development and system management through the iSee Video blog, speaks at countless events. When not talking about modernization on IBM i, he can be found on the Soccer pitch where he is a certified official.
Marina Schwenk is a highly accomplished and recognized leader in the IBM i community, distinguished by a rapid and impactful career. Since launching her career in the field in 2015 at Everbrite in Greenfield WI as a programmer analyst, she now holds the position of Senior Programmer analyst and IBM i Admin for Innovative Software Solutions inc. She was recognized early when she was named an IBM Fresh Face in 2019, four-year recognition as an IBM Champion, COMMON Americas John Earl Scholarship in 2020 and the Al Barsa Scholarship in 2022. Schwenk actively serves in several key leadership roles. She is the President of the Wisconsin Midrange Computer Professional Association (WMCPA), COMMON Americas Advisory Council (CAAC), and COMMON Americas Board of Directors, helping to shape the future of the world's largest community of IBM Power Systems users.
Vikas Sonwal is a Technical Architect in the Java Team at Programmers.io, based in Jaipur, India. He has over 18 years of experience in Java, API, Web, and Mobile technologies and focuses on a range of responsibilities spanning project management, delivery management, and technical architecture across different projects. Vikas holds a Master's in Computer Application and has worked on notable solutions including Green2Glass, a product from Programmers.io. He contributed to this IBM Redbooks publication during a residency on UI Modernization, sharing approaches to developing mobile applications with IBM i as a backend, using modern technologies such as Flutter, React Native, Angular, and Node.js.
Todd Stewart is an Application Architect at Heartland Cooperative, Iowa's second largest agriculture co-op. He has over 35 years of experience in IBM midrange computing, developing applications from the System/34 to IBM i on Power. Todd has held roles including Developer, Analyst, Project Lead, Solutions Delivery Manager, and Application Development Director in the retail and bonding/insurance industries. He is a 2026 IBM Champion, a member of the COMMON Americas Advisory Council, COMMON Board of Directors, and holds a DevOps Foundation Certification. Todd contributed to this IBM Redbooks publication during a residency on IBM i modernization and DevOps practices.
Jeff Tickner is a Senior Consultant and Workflow Architect at Arcad Software, where he has contributed to Application Life Cycle Management projects since 2008. He designs and implements highly automated workflow for customers using both traditional CM and Git based open systems tools for customers of all sizes with all kinds of business requirements. Jeff actively shares best practices for development workflow with Git and he was part of the team that ported Subversion server to run on IBM i back in 2005. When not talking about Git on IBM i, he can be found on the ski hill where he is a Volunteer Ski Patrol.
George VanEaton is a Manager of Product Development at MEDHOST, based in Tennessee, United States. He has over 30 years of experience in IBM i application development, specializing in RPG, Db2 for i, and enterprise healthcare systems. George focuses on modernizing legacy architectures through data services, stored procedures, and AI-assisted development using tools such as IBM Bob™ and GitHub Copilot. He also shares insights on IBM i modernization and leadership through his professional platform, The RPG Blend. He leads cross-functional teams delivering regulatory initiatives, including Price Transparency. He contributed to this IBM Redbooks publication during a residency on IBM i modernization and AI-assisted development practices.
Khushi Wadhwa is an IBM i developer at Programmers.io, based in Jaipur, India. She has 4 years of experience in IBM i application development & modernization. Her experience spans API integration, web application development, and the adoption of DevOps practices, with a focus on implementing modern authentication standards, building secure web solutions, and driving git version control. She contributed to this IBM Redbooks publication during a residency on web application development on IBM i.
Carol Woodbury is Senior Advisor and IBM i Security SME at Kisco Systems. Carol has over 30 years' experience in IBM i Security beginning as Team Leader and Chief Engineering Manager for Security at IBM in Rochester, MN. Since leaving IBM, she has helped organizations - large and small - strengthen their security posture by using the integrated features of the operating system. Carol is a frequent speaker at user groups around the world and has written many articles on IBM i Security. She has two current books - IBM i Security Administration and Compliance, third edition and Mastering IBM i Security, both available from amazon.com. Carol holds her CISSP and CRISC security certifications and has been an IBM Champion since 2018.
Andy Youens is the Managing Director of UK based FormaServe Systems, an IBM ISV since 1990. Andy is a seasoned IBM i professional with over 45 years of experience in the field. He has a deep expertise in IBM i systems, including system administration, application development and modernization. Andy's extensive knowledge and hands-on experience have made him a sought-after expert in the IBM i community, both at home and internationally. As an active contributor to the IBM i community, Andy frequently shares his insights and expertise through speaking engagements, webinars and technical articles. An IBM champion, who co-wrote the IBM i developer certification, the latest IBM Developer video & exam and Redbook on Power Modernization. He is the owner of PowerWire, the monthly newsletter and articles on IBM Power. Prior to IT, Andy is proud to have served in the UK's armed forces, the Royal Navy.
Justin(Jia Tian) Zhong is a Brand Technical Specialist for IBM Power at IBM, with nearly three decades of experience on IBM i. For more than 17 years, he has served as a Senior Software Engineer specializing in Db2 for i and IBM i performance at the IBM China Systems Technology Laboratory (CSTL). Justin is also an active contributor to the IBM i community, sharing his expertise across China, Hong Kong, and Taiwan.
Understanding Modernization Fundamentals
What does modernization mean for IBM i?
What It Is
Modernization comes in many forms; it is not just simply the process of updating a user interface to make it look contemporary. In this Redbook we will show you how to modernize your applications from the ground up, taking advantage of new IBM i specific operating system features and functions, as well as harnessing the power of open-source tools and languages.
We discuss different development languages, how to select and combine them. We demonstrate how to take advantage of Db2 for i to deliver faster, more robust and more secure data to your applications.
Covering a wide range of User Interfaces, Development Tools and Integration techniques, you will learn how to create modern, modular applications that are easier to maintain and future proof against the ever-changing demands of modern solutions.
You'll also learn to use Artificial Intelligence (AI) in your development, testing modern applications as well as integrating AI into your application to make it more functionally rich.
Finally, we ensure that we keep security in mind throughout so as to create "Secure by Design" applications that are less likely to have exploits and will be easier to remediate in the event that one is found.
Why It Matters
Few things stand still in this world, and software applications are no exception. If you do not continuously enhance them, then they wither and eventually die. It is vital that any application that has users that depend upon it be well designed, maintained and supported. In addition to making applications more functionally rich, we also need to consider how they will be maintained in the future. It is not uncommon for a good application to have a life that spans many decades. Therefore it is important that it consistently evolves with the times to meet the current needs and enable future needs to be added without reintroducing old bugs or new security flaws.
How It Works
Modernization is not a single process that is completed and then forgotten about. You deliver true modernization by constantly reviewing how things are done, embracing new tools, protocols and working practices.
This doesn't mean you must constantly rewrite entire applications. Instead, constantly evolve your development, testing and support processes to take advantage of these new ideas as you carry out your everyday work.
For example, should you need to introduce a new database table, consider taking advantage of new functionality from day one. Adding functionality like:
- Temporal Support to improve Business Intelligence
- Database Constraints to add business logic to your data
- Row Column Access Control to secure your data by design
- Journaling to improve auditing
- Commitment Control to improve data integrity
Key Takeaways
- Modernization can be applied at all layers of an application solution, from operating system to user interface.
- Modernization is an iterative process that constantly evolves but does not require that you throw out all your previous work to implement it.
- Modernization makes your applications better, more secure, and easier to maintain.
- Modernization helps you maintain your relevance and reputation as a developer in a world that is increasingly taking advantage of AI and Automation.
- Instead of feeling threatened by modernization, we demonstrate how to embrace it and how it can make your life easier, more productive and hopefully more interesting.
What Approaches to Modernization Exist?
Opening Summary When organizations decide to modernize their IBM i applications, they quickly discover that "modernization" encompasses a vast range of methodologies. Some teams focus on transforming user interfaces while preserving existing business logic. Others prioritize architectural changes that enable better integration and scalability. Still others concentrate on adopting modern development practices and tools that improve productivity and code quality.
The reality is that modernization is not a single path but rather a multifaceted journey that can touch every aspect of your application ecosystem. Covering hardware, operating system version, database, business logic, user interfaces, development practices, even deployment and ongoing security practices. Understanding these various dimensions and how they interconnect is essential for crafting a modernization strategy that delivers real business value rather than simply checking boxes on a technology trend list.
Why It Matters
The approach you choose for modernization determines far more than just the technical outcome. It shapes your timeline, budget, risk profile, and the skills your team needs to develop or acquire. More importantly, different approaches address different business problems. Modernizing your user interface improves user experience but doesn't necessarily make your applications easier to integrate with other systems. Adopting modern development tools increases developer productivity but doesn't automatically improve application performance or security.
Understanding the full spectrum of modernization approaches allows you to make strategic decisions that align with your specific business objectives rather than pursuing modernization for its own sake. Organizations that succeed in modernization typically don't choose a single approach but rather combine multiple complementary strategies. They might modernize interfaces for user-facing applications while simultaneously refactoring their database design and adopting DevOps practices for faster, more reliable deployments. The key is understanding what each approach offers and how different approaches can work together to achieve your broader goals.
Key Takeaways
-
Modern Architecture and Development Practices Transform How You Build Moving to modern architecture represents one of the most fundamental shifts in IBM i modernization. Service-oriented architecture (SOA) and microservices approaches break monolithic applications into smaller, more manageable components that communicate through well-defined interfaces.
This architectural shift enables you to expose IBM i business logic as APIs or web services that can be consumed by web applications, mobile apps, or partner systems. This will also enable easier and productive integration with the next generation of AI assistants.
The benefits extend beyond integration. Modular architectures make applications easier to maintain, test, and evolve over time.
Modern development tools and practices amplify these architectural benefits. Integrated development environments like RDi (Rational Developer for i), VS Code with IBM i and IBM Bob™, extend to provide features that developers expect: intelligent code completion, integrated debugging, source control integration, and refactoring tools. These tools dramatically improve developer productivity compared to traditional SEU-based development.
Adopting modern development practices like CI/CD, DevOps, and automated testing is equally important. These practices reduce deployment risks and enable faster delivery of new features. When combined with modern source control systems like Git, these practices provide better collaboration, change tracking, and the ability to roll back problematic changes quickly.
-
Interface Modernization and Programming Style Evolution Go Hand-in-Hand Modern interfaces represent the most visible aspect of modernization, transforming green screen 5250 applications into responsive web and mobile experiences. Tools for screen modernization can wrap existing programs with contemporary interfaces, providing quick wins with minimal code changes. However, deeper interface modernization often involves rethinking the entire user experience. Moving from screen-by-screen navigation to more intuitive, task-oriented workflows.
This interface evolution naturally leads to changes in programming style. Modern applications increasingly adopt data-centric development approaches where business logic focuses on data manipulation and validation, while presentation logic is handled separately by web frameworks or mobile applications. This separation of business logic and interface makes an application more maintainable and enables the same business logic to serve multiple interface types: web, mobile, B2B, and even traditional green screens.
-
Embrace Open Source Where Appropriate The shift toward modern programming styles also includes embracing open-source languages and libraries. Many IBM i organizations now use Node.js, Python, PHP, or Java alongside traditional RPG and COBOL, leveraging the rich ecosystems of open-source libraries for tasks like communication, data transformation and or integration with third-party services.
This approach allows you to use the right tool for each job while maintaining your investment in proven IBM i business logic. Modern RPG itself has evolved significantly, supporting free-format syntax, embedded SQL, and modern programming constructs that make code more readable and maintainable.
-
Database Re-engineering and Integration Enable True Transformation Database modernization often receives less attention than interface changes but can deliver profound benefits. Many IBM i applications use physical files with embedded business logic in trigger programs or rely on logical files for data access.
Re-engineering these structures to use SQL-based views, stored procedures, and modern database features improves performance, simplifies maintenance, and enables better integration with reporting and analytics tools. Database modernization also facilitates data-centric development by creating clear, well-documented data models that can be accessed through multiple channels.
-
Opening Your Application to Third-party Integration Web and application integration represent another critical dimension of modernization. Modern applications rarely exist in isolation, they need to exchange data with e-commerce platforms, CRM systems, payment processors, and countless other services.
Enabling this integration requires exposing IBM i functionality through REST APIs, consuming external web services, and implementing robust data exchange mechanisms. The IBM i platform provides excellent tools for this integration, from built-in web services support to open-source integration frameworks.
-
Create Secure Applications from the Start Security modernization must accompany these integration efforts. As applications become more connected and accessible from more locations, security requirements intensify. Modern security practices include implementing OAuth or JWT-based authentication for APIs, encrypting data in transit and at rest, implementing role-based access control with fine-grained permissions, and maintaining comprehensive audit trails. Security can no longer be an afterthought—it must be integrated into every aspect of your modernization strategy.
-
Embrace DevOps DevOps practices tie everything together by enabling rapid, reliable delivery of changes. Automated deployment pipelines, infrastructure-as-code and comprehensive monitoring transform how you deliver and maintain applications. DevOps isn't just about speed. It reduces risk through automation, improves quality through continuous testing, and enables faster response to business needs.
Bringing It All Together
Successful modernization rarely means pursuing all these approaches simultaneously. Instead, it requires understanding your specific business drivers and choosing the combination of approaches that addresses your most pressing needs while building toward your long-term vision.
For example, you might start with interface modernization to improve user experience, then adopt modern development tools to increase productivity, followed by database re-engineering to enable better analytics, and finally implement comprehensive DevOps practices to accelerate delivery.
The key is recognizing that these approaches complement each other; modern interfaces work better with well-designed databases, modern development tools enable better security practices, and DevOps makes it safer to adopt new technologies.
Why Modernize? Key Drivers and Benefits
Why modernize the database layer?
What This Covers
This topic delves into the reasons and possible benefits to be realized by choosing to modernize the data model.
What It Is
Database modernization on IBM i transforms legacy DDS-based files into modern SQL DDL tables, enabling advanced Db2 for i capabilities that improve performance, security, maintainability, and integration with modern tools.
Why It Matters
Here are some common scenarios that can benefit from database modernization:
- The database must be modernized to make it more accessible to users and to ensure that the use of reporting and analytics software does not adversely affect the performance of the system.
- A new application is written over an existing database. The implementation of the new application would benefit from Db2 features that are only supported by SQL (Structured Query Language) such as auto-generated columns.
- An existing application is rewritten. Modernizing the database reduces the complexity of the programs in the rewritten application.
- Data integrity and business rule enforcement is embedded within the application program logic. As a result, the integrity of the database is regularly compromised by interfaces that directly update the database without using the existing programs. A modernized database would enable data integrity and simple business rules to be enforced at the database layer, so data is protected at all times.
Key Takeaways
Why modernize application interfaces?
What This Covers
The green screen interface has been the face of IBM i applications for generations. It's familiar, efficient for trained users, and has powered countless business operations reliably for decades. Yet, when a new employee encounters a 5250-terminal session for the first time, their reaction often ranges from confusion to disbelief.
This disconnect between what your applications can do and how users experience them represents one of the most critical challenges facing IBM i organizations today. Modernizing application interfaces isn't about chasing trends or abandoning proven technology, it's about ensuring your valuable business logic remains accessible, usable, and relevant in a world where user expectations have fundamentally changed.
Why It Matters
Your application interface is the bridge between your business logic and the people who depend on it. When that bridge is difficult to cross, the consequences ripple throughout your organization. Productivity suffers as users struggle with interfaces that require extensive training and memorization. Error rates can increase when cryptic codes replace intuitive visual cues. Recruitment becomes harder when talented professionals view legacy interfaces as a career dead-end rather than an opportunity.
The business case for interface modernization extends beyond user satisfaction as modern interfaces enable mobile access, allowing your workforce to be productive from anywhere. They make your existing IBM i applications active participants in digital transformation rather than isolated islands.
Perhaps most importantly, a modern interface protects your investment in IBM i by making your applications more attractive to use and easier to maintain, extending their viable lifespan and maintaining their relevance.
Key Takeaways
-
User Experience Directly Impacts Business Performance Every keystroke, every screen navigation, and every moment of confusion adds up across your organization. When users must memorize function key combinations, navigate through multiple screens for simple tasks, or manually transcribe information between systems, you're paying a hidden tax on productivity.
Modern interfaces reduce this friction through intuitive design, contextual information, and streamlined workflows. The impact is measurable: faster transaction processing, reduced training time for new employees, and fewer errors that require correction. Organizations that modernize their interfaces often report significant and tangible productivity improvements. This is not because the underlying business logic changed, but simply because users can work more naturally and efficiently.
-
A Modern Workforce Expects a Modern Interface The workforce entering your organization today grew up with smartphones, web applications, and intuitive interfaces. When you ask them to work with green screen applications, you're not just presenting a learning curve, you're sending a message about your organization's commitment to modern practices.
Talented developers and business users increasingly view legacy interfaces as a red flag, questioning whether the organization values innovation and employee experience. Conversely, modernizing your interfaces signals that you're investing in the future, making your organization more attractive to the talent you need to compete. This isn't about superficial appearances; it's about creating an environment where skilled professionals want to build their careers.
-
Modern Interfaces Enable New Business Capabilities Interface modernization opens doors that green screens simply cannot. Mobile access allows field service technicians to update work orders in real-time, sales representatives to check inventory while meeting with customers, and managers to approve requests from anywhere.
Web-based interfaces enable customer and supplier self-service portals, reducing administrative overhead while improving service levels. Modern interfaces also facilitate integration with analytics tools, allowing users to visualize data and gain insights that would be invisible in traditional character-based displays. These are not just "nice-to-have" features, they're competitive advantages that can differentiate your business in the marketplace.
Why modernize program code?
What This Covers
Justifying the resource, cost, and risk of modernizing code is important. To convince your business that a modernization project is a sound investment, you need to convey the benefits of modernization.
Why It Matters
Modernization projects can deliver significant value to the business, including:
- Faster velocity for satisfying business requirements
- Lower maintenance costs
- Easier for the business to acquire and on-board talent
- Improved ability to retain staff
- Doors open to using CI/CD tools, test automation and other DevOps methodologies
- Elimination of duplicated code
- Easier transition to CI/CD, test automation and other DevOps methodologies
- Ability to modernize the UI/UX and database
Developer Productivity and Talent
Modern code is easier for developers to learn and maintain.
- Free-form syntax (RPG, COBOL) is more readable and familiar to developers with experience in other languages
- Standard programming constructs (IF/ELSE, DO/WHILE) replace legacy operation codes
- Easier onboarding for new developers reduces training time and costs
- Talent acquisition is significantly easier when using modern coding practices
- Developer satisfaction improves, leading to better retention
Example:
Key Takeaways
- The cost and time needed to modernize an application's code will have significant ROI through reduced maintenance costs, improved developer productivity, and enhanced system capabilities
- Future maintenance costs decrease dramatically with modern, modular code
- Staffing challenges are reduced as modern code attracts and retains talent
- Developer efficiency increases through code reuse, better tools, and clearer structure
- Business agility improves with faster feature delivery and easier integration
- Technical debt is reduced, preventing future costly rewrites
- Competitive advantage is gained through faster time-to-market and innovation
Why Enable Cloud and Mobile Access?
What is it?
The traditional model of business computing (employees sitting at desks, connected to systems through local trusted workstations and networks) has fundamentally changed. Today's workforce expects to access information and complete tasks from anywhere, whether at their desk, roaming the warehouse, working from home, at a customer site, or even traveling between locations. The new mantra has to be making our applications online, all the time.
Meanwhile, cloud computing has transformed how organizations think about infrastructure, offering flexibility and capabilities that were once available only to the largest enterprises. For IBM i organizations, the question is no longer whether to enable cloud and mobile access, but how quickly can you do so without compromising the security and reliability that make your platform valuable.
Why It Matters
Business doesn't happen only at desks anymore. Your sales team needs inventory information while meeting with customers. Your service technicians require work order details at job sites. Your managers need to approve requests and review dashboards regardless of their location. When your IBM i applications are accessible only from office workstations, you're forcing your business to operate within artificial constraints that competitors without legacy systems don't face.
The implications extend beyond convenience. Organizations that cannot provide mobile and cloud access face real competitive disadvantages. They risk losing deals because sales representatives cannot access real-time information during customer meetings. They experience delays because approvals must wait until someone returns to the office. They struggle with business continuity when circumstances prevent employees from reaching physical workstations.
Cloud and mobile access are not a passing fad, they are technologies that remove barriers that limit an organization's productivity, agility and resilience in an increasingly demanding business environment.
Key Takeaways
-
Mobile Access Transforms How Work Gets Done: Enabling mobile access to IBM i applications fundamentally changes the relationship between work and location. Field service technicians can update job status, record parts usage, and capture customer signatures on-site, eliminating paperwork and reducing the time between service completion and billing. Warehouse staff can perform inventory transactions using mobile devices, improving accuracy and efficiency. Executives can review key metrics and approve critical decisions from anywhere, preventing bottlenecks that slow business operations.
The value is not just about doing the same work in different places; it is about enabling workflows that weren't previously possible. When information flows in real-time between mobile workers and your IBM i systems, you eliminate delays, reduce errors from manual data entry, and create a more responsive organization.
-
Cloud Capabilities Provide Flexibility Without Sacrificing Control: Cloud access to IBM i applications can offer benefits that extend far beyond remote connectivity. It enables you to scale resources dynamically based on demand, rather than provisioning for peak capacity that sits idle most of the time. It facilitates disaster recovery and business continuity by providing geographic redundancy without the cost of maintaining multiple physical data centers.
Cloud deployment can also simplify partner and customer access, you can provide secure, controlled access to specific applications without requiring VPN configurations or complex network arrangements.
Importantly, cloud access doesn't mean abandoning your IBM i platform or migrating everything off premises. Many organizations adopt hybrid approaches, keeping core systems on premises while using cloud services to extend access and capabilities. This flexibility allows you to modernize at your own pace while maintaining security and maximizing flexibility.
-
Remote Access Enables Business Continuity and Attracts Talent: Recent years have demonstrated that organizations capable of operating remotely possess a critical competitive advantage. When circumstances prevent employees from reaching physical offices, whether due to weather, health concerns, or personal situations, mobile access ensures business operations continue uninterrupted. This resilience protects revenue, maintains customer service levels, and provides peace of mind for both leadership and employees.
Additionally, enabling remote access expands your talent pool dramatically. You are no longer limited to hiring within commuting distance of your office(s); you can recruit the best person for the job regardless of their location.
In an increasingly global market, where attracting and keeping the best talent is increasingly challenging, this flexibility can be the difference between filling critical positions and leaving them vacant.
What are the business benefits of modernization?
There are several business benefits to modernizing your IBM i environment. Modernization is not just limited to the code base, database or OS version you are running. Modernization encompasses your entire environment.
Benefit #1: Operations
Modernization directly reduces your overall operational risk. At the application layer, you eliminate the catastrophic exposure of relying on a single person who "knows it all" ensuring your code is manageable, maintainable, and transferable to any qualified resource for years to come. A modernized database is accessible, scalable, and understandable, removing the bottleneck of tribal knowledge and making your data a business asset rather than a liability. At the system level, hardening your security posture reduces your exposure to both internal and external threats — protecting the business from risks that legacy configurations were never designed to address.
Benefit #2: Total Cost of Ownership
Modernization is not an expense. It stops the hemorrhaging of IT costs and lowers your overall budget over time. By modernizing the code base, database and system you are lowering your day to day, year by year costs by ensuring you have a scalable, secure foundation that your business can grow from.
Benefit #3: Talent Acquisition and Retention
An unmodernized system, code base and database comes with an expectation that the skillset needed to maintain the existing system is more advanced than new IT professionals can handle. By modernizing your system, code base and database you are eliminating the risk of not finding the resources you need to maintain your existing system. Developers, system architects, admins all want to work on a modern system; they don't want to lose any of the skills they have retained by experience and formal training. The newer generations are more likely to jump ship if they are expected to work on system/36 code, multi member files and no possibility of using newer modern tools.
Benefit #4: Scalability
When you have a monolithic code base, outdated system and database the business struggles to scale to new heights. New requests take a lot of time to implement causing businesses to struggle to scale. Over time the delay in implementing new business requests has a bigger impact to the business than expected. With Modernization you see business requests implemented in a quick and orderly fashion, enabling your business to scale to new heights.
Benefit #5: Business Growth
On the same token as scalability, when you modernize your codebase, database and system you find that you are able to take a good hard look at business opportunities that help your business grow. Imagine having System/36 code, multi member files and trying to acquire another company and have that company supported by your existing set up. It would take months or years to fully onboard the new company where the ROI shrinks in the amount of time it takes for the request to be fulfilled.
Conclusion
Overall the IBM i is your core business system and it should stay that way. Its scalability, security capabilities and ability to interconnect with various systems allows your opportunities to be endless you just have to take the step and modernize what you have and take advantage of everything IBM i is offering you.
Planning Your Modernization Journey
Where should I start my modernization journey?
What This Covers
Modernizing an IBM i application can feel like standing at the base of a mountain, looking up at the peak shrouded in clouds. The path forward isn't always clear, and the sheer scope of possibilities can be overwhelming. So not feeling certain about where to start is common and you should not let this concern you in any way. But that does not mean it is not important to consider where to start.
What It Is
Many of the most successful modernization journeys don't begin with grand technical blueprints or a massive budget. They start with a simple question: "What problem are we trying to solve?"
Whether you're a developer eager to leverage modern tools or a manager balancing business needs with technical debt, understanding where to begin is the difference between a transformation that benefits your organization and one that antagonises it.
Why It Matters
The IBM i platform has proven its reliability and value for decades, but the world around it has changed dramatically. Your users expect responsive, intuitive interfaces; your business demands reliability and integration with new technologies; and both parties often take it for granted that your ability to quickly respond to changes, without impacting them, is not an easy balance to maintain.
How It Works
Starting in the right place matters because resources are finite. Every organization has constraints on time, budget, and expertise. A poorly chosen starting point can consume resources without delivering visible value, eroding confidence in the entire modernization initiative. Conversely, beginning with the right focus creates momentum, demonstrates quick wins, and builds the organizational support needed for sustained transformation.
Key Takeaways
-
Start with User Pain Points, Not Technology: The most effective modernization journeys begin by listening to your users, your customers, and your business stakeholders. Find out what frustrates them most about the current system?
Is it the green screen interface that requires extensive training? The inability to access information on mobile devices? Slow response times during peak hours? Inability to integrate with key partner systems? By identifying the most pressing pain points, you create a clear target for your initial efforts. This approach ensures your modernization delivers immediate, tangible value that people can see and appreciate.
-
Assess Before You Act: You cannot effectively modernize what you don't understand. Before making any changes, invest time in documenting your current application, as a minimum, ensure you understand:
- What programs are actively used versus those that are remnants of how you used to work.
- Which business processes depend on which applications.
- Where are the integration points with other systems.
- Which users use which parts of these applications.
This assessment doesn't need to be exhaustive or perfect, but it should give you enough visibility to make informed decisions. Many organizations discover during this phase that significant portions of their codebase are no longer used, immediately simplifying the modernization scope. Others identify critical dependencies that must be preserved, preventing costly mistakes down the road.
-
Think Big, Start Small, Scale Fast: Successful modernization requires balancing ambition with pragmatism. Develop a vision for where you want to get to but don't try to achieve it all at once. Instead, identify a small, well-defined project that can demonstrate value quickly, ideally within days or weeks rather than months or years.
This might be modernizing the user interface for a single, frequently used application, or exposing a critical business function as a web service, or making it easier for users to access key performance data.
The goal is to prove the concept, learn from the experience, and build confidence. Once you've achieved that first success, you can scale the approach across more applications, refining your methods and building expertise along the way.
What roadblocks should I anticipate?
What This Covers
Modernization often involves adopting new technologies, redesigning processes, and encouraging cultural change within an organization. However, while the benefits of modernization can be significant, organizations frequently face several roadblocks during the journey. These obstacles can slow progress, increase costs, or even cause projects to fail if they are not anticipated and managed effectively.
What It Is
Common roadblocks include resistance to change, legacy systems, lack of clear strategy, limited skills within the workforce, and budget constraints. At the same time, employees may feel uncertain or uncomfortable about changes to familiar tools and workflows.
Without careful planning and communication, these challenges can stall progress and reduce the overall effectiveness of modernization efforts. Understanding these potential barriers early allows organizations to plan more effectively and build strategies that reduce risk while maintaining momentum.
Why It Matters
Recognizing roadblocks in modernization is important because when obstacles arise unexpectedly, they can delay implementation, increase costs, and create frustration among teams. In some cases, poorly managed modernization projects can disrupt operations or fail to deliver the expected benefits.
By anticipating challenges, you can design more realistic plans and allocate resources more effectively. For example, identifying skills gaps early allows organizations to provide training or hire specialists before major systems are implemented.
Addressing roadblocks also improves employee engagement. When organizations communicate openly about challenges and involve employees in the process, they build trust and encourage collaboration. This helps create a culture that supports innovation and continuous improvement.
How It Works
Successfully navigating modernization roadblocks requires a proactive and structured approach.
First, conduct a thorough assessment of their current systems, processes, and capabilities. This helps identify potential risks such as outdated technology, complex integrations, or operational dependencies that could complicate modernization efforts.
Second, create a clear and realistic strategy. A well-defined roadmap with measurable goals helps teams understand priorities and ensures that modernization initiatives remain aligned with broader business objectives. Breaking large transformations into smaller phases can also make the process more manageable and reduce disruption.
Third, investing in people is essential. Training programs, workshops, and open communication help employees understand the purpose of modernization and develop the skills needed to work with new technologies and processes. When employees feel supported, they are more likely to embrace change rather than resist it.
Finally, organizations should adopt flexible implementation methods such as iterative or agile approaches. These allow teams to test solutions, gather feedback, and adjust plans before full-scale deployment. Continuous evaluation ensures that problems are identified early and addressed quickly.
Key Takeaways
Resistance and legacy systems are major barriers. Many modernization efforts struggle because of outdated infrastructure and reluctance to change.
Planning reduces risk. Identifying potential roadblocks early allows organizations to prepare solutions before problems escalate.
People are critical to success. Training, communication, and strong leadership help teams adapt and support long-term transformation.
Don't let perfection get in the way of progress. Getting started can be daunting and so if in doubt, start small, demonstrate success and then use this as part of your justification for future modernization projects including any investments and support you may need.
What Problem Are We Actually Trying to Solve?
What is it?
Ironically, one of the most dangerous moments in any modernization initiative comes right at the beginning, when enthusiasm is high and the path forward seems clear. Teams gather around whiteboards, vendors present compelling demonstrations, and everyone agrees that "we need to modernize." Yet beneath this apparent consensus often lies a fundamental disconnect, with different stakeholders imagining different problems and different solutions.
For example: An IT director might worry about the available resources, the CFO might want a solution that lowers ongoing running costs, the sales team might want real-time access to inventory information on mobile devices and an operations manager wants a more intuitive interface to make his team more productive.
Each of these is a real problem, but they require different solutions. Rushing into modernization without clearly defining which problems you are trying to solve is like setting out on a journey without knowing your destination, you might end up somewhere, but probably not where you need to be.
Why It Matters
Problem definition isn't just an academic exercise or a box to check before getting to the "real work" of modernization. It's the foundation that determines whether your modernization initiative will deliver business value or white elephant that fails to meet expectations.
When you don't clearly define the problem, you cannot measure success, you cannot make informed decision between competing approaches, and you cannot effectively communicate with stakeholders about what you are doing and why it matters. These misalignments don't just waste money, they erode confidence in IT, create organizational fatigue toward change and leave the real problems unsolved.
How it Works
User Experience Problems Versus Technical Debt Problems One of the most common sources of confusion in modernization initiatives is conflating user experience problems with technical debt problems. These are fundamentally different challenges requiring different solutions.
-
User experience problems: These manifest in how people interact with your applications: difficult navigation, cryptic error messages, inability to access systems from mobile devices, workflows requiring too many steps, or interfaces demanding extensive training. These problems directly impact productivity, error rates, and user satisfaction. They're highly visible to business stakeholders and create urgency for change.
-
Technical debt problems: These live beneath the surface, often stemming from poorly structured code that's difficult to maintain, a lack of automated testing that makes changes risky, monolithic architectures preventing independent deployment, or database designs making reporting difficult. These problems primarily impact IT's ability to respond to business needs quickly and reliably. They're often invisible to business stakeholders until they manifest as slow delivery of new features or frequent production issues.
User Experience and Technical Debt problems generally require different solutions and have different business cases. Screen modernization tools can address user experience problems quickly with relatively low risk, but they don't resolve technical debt. Conversely, refactoring code to improve maintainability doesn't immediately improve user experience.
Many organizations need to address both, but trying to solve them simultaneously in a single initiative often leads to scope creep, extended timelines, and diluted focus. Understanding which problem is more urgent for your business or recognizing that you need parallel efforts to address both is essential for effective planning.
Key Takeaways
Integration and Accessibility Challenges in a Connected World Modern business operates in an ecosystem of interconnected systems. Your IBM i applications do not exist in isolation, they need to exchange data with other platforms, share information with mobile applications, integrate with partner systems, and feed data to analytics tools.
When stakeholders say, "we need to modernize," they're often really saying "we need our IBM i applications to participate more effectively in our broader technology ecosystem." Good modernization strategy will generally involve a design that allows for easier integration with other applications, you must resist the temptation to try and do everything inside the IBM i environment.
Defining Your Problem Clearly The path to successful modernization begins with honest, specific problem definition. Instead of saying "we need to modernize," articulate exactly what's not working. For example, "Our sales team loses deals because they can't check inventory while meeting with customers," or "We can't deliver new features quickly because our code is difficult to test and deploy," or "We're losing experienced developers and can't recruit replacements."
These specific problem statements lead to focused solutions, measurable outcomes, and stakeholder alignment. They also help you avoid the trap of modernizing for modernization's sake, pursuing technology changes that do not actually address your business challenges.
Take the time to clearly define what problem you're solving, and you'll dramatically increase your chances of modernization success. If a problem becomes too complex to clearly express, then break it down into a series of smaller problems and describe success for each of them individually as well as the group as a whole.
What happens if we do nothing?
What This Covers
When you consider the consequences of doing nothing, it is important to consider not only the functionality and aesthetics of your applications but the wider implications to the applications' long term viability in your business.
What It Is
Doing nothing can often seem like a safe and sensible strategy, as change can often bring additional work, cost and resistance from colleagues, management, users and other stakeholders.
It can feel like a poor proposition with the IT team getting the majority of blame for the pain of change and the minority of the recognition for improved productivity, security and long-term cost savings that such enhancement deliver.
This do-nothing attitude is often expressed via the now infamous mantra "if it ain't broke then don't fix it".
Why It Matters
The problem with this attitude is that doing nothing for prolonged periods of time means that when something does need to be done, it becomes much more difficult to achieve, this is for several reasons:
- Atrophy of application knowledge
- Less able to deliver new functionality quickly and cost effectively
- Longer, more complex development processes
- Loss of access to application developers and harder to train replacements
- More difficulty when integrating with third party APIs and tooling
- Application no longer suits the way the business operates
- Higher risk of business interruption as changes are implemented
- Harder to implement and audit more application and data security
Any one of these bring can bring the overall value of the application into question, leading business management to consider replacement rather than enhancement and this replacement may include replacing you and your colleagues.
How It Works
Nothing stands still in the IT world, so if you are not moving forward then you are falling behind. This is often the key reason for technical debt accumulating over the years.
It is often the result when business leaders ask more from their existing teams than application support and enhancement. It is made worse when companies do not replace existing IT resources as they move on.
In some cases, businesses have chosen to outsource their IT support and development in the true belief that they can improve productivity and reduce costs. Unfortunately, all too often they find that such short-term savings lead to higher longer-term costs, costs not just measured financially but also in modification timescales, data risk and lost opportunity.
Key Takeaways
One such example is that applications designed in years gone by focused on data priority in their core design but gave little to no thought about data security. The modern IT environment means that such systems run a much higher risk of unauthorized data access, exfiltration or even malicious corruption.
The key takeaway is that Modernization needs to be a constant factor that is considered by all IT professionals and their management. As a failure to invest in an application that is key to the way a business operates, is a risk to the long-term success of that business.
Strategic Considerations
Is modernization about technology, process, or culture?
What This Covers
Modernization is often interpreted as simply adopting the latest technology. While new tools and platforms play an important role, true modernization is broader and requires a combination of all three elements: technology, process, and culture.
What It Is
Modernization is not just about upgrading systems, replacing or updating software. It is a strategic transformation, that when done right, improves how an organization operates, delivers value, and adapts to change. Technology such has hardware, software and programming languages continuously evolve and an agile modernization strategy will embrace the functionality that these new technologies bring in order to enhance the overall solution in the most efficient, cost-effective and secure manner.
Processes ensure that these capabilities are planned, tested and used efficiently through improved throughput. Culture is often overlooked and is a key factor as to whether people within an organization are willing and able to embrace the changes that this modernization delivers. Therefore, the most successful modernization strategies require a balance of all three elements Technology, Process and Culture.
Why It Matters
Modernization matters because organizations operate in rapidly changing environments. Customer expectations evolve quickly, competition increases, and technological advances constantly reshape industries. Organizations that fail to modernize risk inefficiency, loss of competitiveness and in extreme case even data loss through corruption or security breaches. Additionally, modernization helps attract and retain talent. Employees increasingly expect modern tools, flexible ways of working, and organizations that encourage continuous productivity improvements.
How It Works
Implementing modernization requires a structured but adaptable approach. Ideally, organizations should establish a clear vision for modernization. Leadership must define what modernization means for the organization, including the outcomes they want to achieve, such as improved customer experience, faster product development, or operational efficiency.
Technology investments should align with these desired outcomes, not just purchases made because there is newer version available. For example, adopting new hardware or an operating system upgrade but just as important is deciding when to adopt new programming styles, programming languages and development tools. Thought should be given to adopting new technologies such Artificial Intelligence, automation tooling and integration with cloud services.
Processes must evolve to take advantage of new capabilities. For example, introducing automation should also involve revising workflows to remove redundant steps. Agile or iterative approaches can help organizations adapt processes continuously as they learn what works best.
Cultural change is essential. For example, modernizing your training, communication, and collaboration with other employees and business partners.
Together this helps understand why modernization matters and how they can contribute to it and when people feel supported and involved, modernization initiatives are far more likely to succeed.
Key Takeaways
Modernization requires balance. Technology, process, and culture must evolve together for meaningful transformation.
Modernization requires cooperation. Even the best technology and processes fail if people are unwilling to adopt new ways of working.
Modernization is continuous. It is not a one-time project but an ongoing effort to adapt, learn, and improve over time.
How can modernizing an IBM i application make it more secure?
What This Covers
YES! Without a shadow of a doubt, the best way to make an application more secure is to modernize it. And as you modernize you do so with both data integrity and data security in mind.
For more information, see IBM Security and Privacy by Design.
What It Is
IBM Security by design strategy is a streamlined and agile set of focused security and privacy practices. These practices aim to reflect their commitment to improving security and privacy when designing generally available products and services from IBM. it is influenced by the United States National Institute of Standards and Technology Secure Software Development Framework.
Why It Matters
Most businesses operating today must adhere to one or more compliance standards. Common amongst these are:
-
CCPA – California Consumer Privacy Act & GDPR – General Data Protection Regulation: Legal regulations that govern how organizations collect, process, store, and protect personal data of individuals in their jurisdictions, that apply to companies that may reside outside.
-
HIPAA – Health Insurance Portability and Accountability Act: A U.S. law that establishes national standards for protecting sensitive patient health information and securing electronic healthcare data.
-
PCI DSS – Payment Card Industry Data Security Standard: A global security standard that requires businesses handling credit card data to maintain secure systems, protect cardholder data, and regularly test their security controls.
-
SOX – Sarbanes-Oxley Act: A U.S. federal law that mandates strict financial reporting, internal controls, and corporate governance requirements for publicly traded companies.
-
ISO/IEC 27001 – Information Security Management System Standard: An international standard that specifies requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS).
All of the above have strict requirements for compliance and significant legal and financial consequences for failing to comply.
How It Works
This process does not mean that you undertake one single project to just focus on security of your application; instead add security as a key design factor to the changes you plan to make to your system as you modernize it.
One way to do this is by following IBM's secure by design strategy. To do this there are three steps that you must build into every change you make to any part of your application:
-
Threat assessments: Perform both cyber and privacy threat assessments to help ensure data minimization and adequate data protection are in place from the beginning.
-
Security testing: Perform System, code and application security tests; in addition consider using tools or third parties to perform penetration tests and manual ethical hacks. Such testing should be integrated and automated into DevOps pipelines, supporting agile practices and continuous deployment.
-
Release review: Carry out a final product review of changes prior to release, check that key foundational security requirements have been or will be addressed to the satisfaction of your business's standards.
Key Takeaways
If you include "Secure by Design" thinking when making the changes to your system, over time you will consistently improve the security of your application alongside its functionality.
While there is an overhead in adding security to your modernization process, this is tiny compared with the effort of trying to retrofit security to an existing application on mass. The cost is also offset by the reduction in risk of large financial penalties that your company might be liable for in the event of a breach, as most regulators will reduce or even waive the fine if you can demonstrate the due diligence you give to security when making changes to your systems.
Trademarks
IBM, IBM i, Db2, WebSphere, Rational, and IBM Bob are trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available at ibm.com/trademark.
Visual Studio Code is a trademark of Microsoft Corporation.
Git is a trademark of Software Freedom Conservancy.
All other trademarks are the property of their respective owners.