Most enterprises have hundreds of applications, many built a decade or more ago. The modernisation pressure comes from multiple directions: cloud cost optimisation (legacy apps waste cloud resources), feature velocity (monoliths are slow to change), talent retention (engineers don't want to work on COBOL), and security (legacy frameworks have unpatched vulnerabilities).
The most common mistake is treating all applications the same. Not every application needs the same modernisation approach — and some shouldn't be modernised at all.
The Modernisation Spectrum
| Strategy | Description | Effort | Risk | Best For |
|---|---|---|---|---|
| Retain | Keep as-is | None | None | Working systems with no change drivers |
| Rehost (lift-and-shift) | Move to cloud VMs, no code changes | Low | Low | Quick cloud migration, not real modernisation |
| Replatform | Minor changes to use cloud services | Medium | Low-Med | Database migration, managed services adoption |
| Refactor | Restructure code for cloud-native patterns | Medium-High | Medium | Monoliths with good code quality |
| Rearchitect | Redesign as microservices/cloud-native | High | High | Strategic applications needing scalability |
| Rebuild | Rewrite from scratch | Very High | Very High | Small applications, obsolete technology |
| Replace | Buy a SaaS solution | Variable | Medium | Non-differentiating capabilities (HR, finance) |
Assessment Framework
Step 1: Application Portfolio Analysis
For each application, assess:
| Dimension | Questions | Scoring |
|---|---|---|
| Business value | How critical is this application? What revenue does it support? | 1-5 (5 = mission-critical) |
| Technical health | Code quality, test coverage, dependency currency, documentation | 1-5 (5 = excellent health) |
| Cloud readiness | Statelessness, containerisability, external dependencies | 1-5 (5 = cloud-ready) |
| Change frequency | How often does this application change? | 1-5 (5 = changes weekly) |
| Cost to operate | Infrastructure cost, support cost, licensing | 1-5 (5 = very expensive) |
| Risk | Security vulnerabilities, compliance exposure, operational risk | 1-5 (5 = high risk) |
Step 2: Plot on the Modernisation Matrix
High business value + High technical health: Replatform or refactor. Invest in making a good application better.
High business value + Low technical health: Rearchitect or rebuild. The application is critical but holding you back.
Low business value + High technical health: Retain or rehost. Don't invest in modernising something that works and isn't strategic.
Low business value + Low technical health: Replace or retire. Don't modernise something that should be eliminated.
Step 3: Prioritise
Prioritise modernisation based on:
- Business impact: Which modernisations unlock the most business value?
- Dependencies: Which applications block other modernisation efforts?
- Quick wins: Which applications can be modernised quickly to build momentum?
- Risk reduction: Which applications pose the highest operational or security risk?
The Strangler Fig Pattern at Scale
For large, monolithic applications, the strangler fig pattern is the safest modernisation approach:
- Identify a boundary: Find a well-defined functional area within the monolith (e.g., user authentication, search, notifications)
- Build the replacement: Create a new, modern service that implements the same capability
- Route traffic: Use an API gateway or routing layer to direct requests to the new service
- Validate: Run both systems in parallel, comparing results
- Cut over: Route all traffic to the new service
- Remove from monolith: Delete the old code from the monolith
Key principles:
- Work from the outside in (start with capabilities that have clear API boundaries)
- Maintain backward compatibility (the rest of the monolith shouldn't know the difference)
- One bounded context at a time (resist the urge to extract multiple services simultaneously)
- Keep the monolith deployable and stable throughout the process
Database Modernisation
Database modernisation is often the hardest part of application modernisation:
Options
| Strategy | Description | Risk | Duration |
|---|---|---|---|
| Managed migration | Move existing DB to managed service (e.g., SQL Server → Azure SQL) | Low | Weeks |
| Engine migration | Change database engine (e.g., Oracle → PostgreSQL) | Medium | Months |
| Schema modernisation | Restructure schema for new patterns | High | Months |
| Database per service | Split monolithic DB into service-owned DBs | Very High | 6-18 months |
The Shared Database Problem
The biggest obstacle to microservice extraction is the shared database. Multiple services reading from and writing to the same tables create tight coupling that's extremely difficult to unwind.
Approach:
- Identify which tables each bounded context owns
- Introduce APIs for cross-context data access (instead of direct DB queries)
- Gradually move tables to service-owned databases
- Use change data capture (CDC) for synchronisation during transition
Containerisation Strategy
Containerising applications is a common modernisation step, but it's not always the right one:
Containerise when:
- You want environment consistency (dev = staging = production)
- The application is stateless or can be made stateless
- You want to leverage Kubernetes for orchestration and scaling
- Multiple applications share the same host and need isolation
Don't containerise when:
- The application is a simple, single-instance service (use a managed platform instead)
- The application has heavy state dependencies that don't fit container patterns
- Containerisation would be a significant refactoring effort with no other benefit
Testing Strategy for Modernisation
Modernisation introduces risk. Your testing strategy must account for it:
- Characterisation tests: Before touching the code, write tests that capture the current behaviour. These tests serve as a safety net.
- Contract tests: When extracting services, contract tests verify that the API contract between the new service and its consumers is maintained.
- Shadow testing: Run the new implementation alongside the old one, comparing results without serving the new results to users.
- Canary deployment: Gradually shift traffic to the modernised component, monitoring for regressions.
Timeline Expectations
| Application Type | Replatform | Refactor | Rearchitect | Rebuild |
|---|---|---|---|---|
| Small (< 50K LOC) | 2-4 weeks | 1-3 months | 3-6 months | 2-4 months |
| Medium (50-200K LOC) | 1-2 months | 3-6 months | 6-12 months | 4-8 months |
| Large (> 200K LOC) | 2-4 months | 6-12 months | 12-24 months | 8-18 months |
| Legacy monolith | 3-6 months | 12-24 months | 24-48 months | 12-36 months |
Application modernisation is a strategic investment that compounds over time. Every modernised application is faster to change, cheaper to operate, and more secure. If you're planning your modernisation strategy, let's talk.