惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

L
LINUX DO - 最新话题
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
PCI Perspectives
PCI Perspectives
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
H
Heimdal Security Blog
S
Security @ Cisco Blogs
N
News | PayPal Newsroom
J
Java Code Geeks
罗磊的独立博客
Security Archives - TechRepublic
Security Archives - TechRepublic
N
News and Events Feed by Topic
V
V2EX
WordPress大学
WordPress大学
Google Online Security Blog
Google Online Security Blog
N
News and Events Feed by Topic
www.infosecurity-magazine.com
www.infosecurity-magazine.com
月光博客
月光博客
AI
AI
小众软件
小众软件
The GitHub Blog
The GitHub Blog
MongoDB | Blog
MongoDB | Blog
A
Arctic Wolf
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
美团技术团队
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Hacker News - Newest:
Hacker News - Newest: "LLM"
T
Tailwind CSS Blog
S
Schneier on Security
博客园 - 三生石上(FineUI控件)
F
Full Disclosure
B
Blog RSS Feed
Forbes - Security
Forbes - Security
S
SegmentFault 最新的问题
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
人人都是产品经理
人人都是产品经理
云风的 BLOG
云风的 BLOG
Jina AI
Jina AI
Cisco Talos Blog
Cisco Talos Blog
U
Unit 42
Project Zero
Project Zero
H
Hacker News: Front Page
Y
Y Combinator Blog
Application and Cybersecurity Blog
Application and Cybersecurity Blog
The Cloudflare Blog
大猫的无限游戏
大猫的无限游戏
S
Secure Thoughts
The Hacker News
The Hacker News
Microsoft Azure Blog
Microsoft Azure Blog

The Cloud Experience Everywhere articles

What I learned about Epistemia: A new way to build AI you can trust Strategy is the easy part, but can you deliver? Simplify HPE Morpheus Software automation with the new visual workflow builder AI evolution: Shifting from training to inference needs infrastructure modernization HPE Morpheus Central is here. Managing a multisite fleet just changed. Architecting your IT environment for change is key to the Great VM Reset An overview of IT service management using HPE OpsRamp Software Service Desk Beyond the basics: Deeper observability for HPE Morpheus Software – VM essentials Simpler, faster hybrid cloud management with agentic AI in HPE Morpheus Software 9.0 Navigating the signal tsunami: Why shared observability matters today HPE OpsRamp Software named as major player in the IDC MarketScape Achieving zero downtime: A deep dive into HPE Morpheus Software high availability Scaling the hybrid cloud: Unveiling HPE Morpheus Software version 9.0 The rise of agentic AI: Ushering in the next era of intelligent IT Unleashing AI factory ROI: Secure agentic AI on multitenant infrastructure Introducing HPE CloudOps Software for cloud service providers Introducing HPE CloudOps Software for cloud service providers Next-gen IT unleashed: The boom of cloud paging and application packaging The critical role of security fundamentals in the age of AI GreenLake Marketplace launches end-to-end commerce capabilities Discover what’s next with HPE Services at HPE Discover Las Vegas 2026 The private cloud resurgence by IDC—rebalancing cost, control, and AI HPE global trade integration: Enabling compliance in a connected digital world Sovereign by design for the workplace Reset with intent: Four smart moves to rationalize VMware exposure Building the high-performance data foundation for enterprise AI with HPE Storage Mastering hybrid cloud migration with HPE CloudOps Software suite Why sovereign cloud is becoming the backbone of modern workplace solutions Facilitating federated data and AI at scale with federated mesh architectures Reviving private cloud by automating day‑2 operations using Kubernetes operators From alerts to action: how Operations Copilot accelerates incident response Unleashing enterprise AI factories with Kubeflow: Overcoming multitenancy hurdles What a ride it has been—HPE Morpheus VM Essentials Software hits version 8.1 Cyber resilience: Securing the last line of defense in the digital age AI-augmented endpoint engineering: From deterministic to autonomous delivery HPE OpsRamp Software March 2026 release: Key updates for IT operations teams Simplify bare metal management with HPE Morpheus Enterprise Software BMaaS Operations Copilot from HPE OpsRamp Software: Your partner for next-gen IT operations ITIL (version 5): What’s new, what’s different, and why recertification matters Stop overpaying for platforms: Invest in GPUs for real AI value Why buying a training subscription is just like buying a gym membership HPE Morpheus Enterprise Software enhances its Kubernetes service with new features The great VM reset: Why enterprise virtualization needs a new foundation Engineering modern resilient-by-design applications for hybrid cloud PostgreSQL's BM25 ranking algorithm for enterprise-grade search quality Streamlining hybrid cloud: Announcing the unified HPE/hpe Terraform provider v1.1.0 Inside HPE Morpheus Minute: A closer look at storage types in HPE Morpheus Software Half your AI factory is sitting idle; here is the blueprint that fixes it Introducing True N-Tier Multi-Tenancy in HPE Morpheus Enterprise Software v8.1.0 Beyond observability: From signals to semantic intelligence in hybrid cloud Operationalizing agentic AI with NVIDIA Nemotron and HPE agents hub
Secure application modernization with the Strangler Pattern to reduce security risk
HPE_Experts · 2026-05-30 · via The Cloud Experience Everywhere articles

Strangler Method enables secure, incremental modernization of legacy systems, reducing risk, improving cybersecurity, and ensuring continuous business operations.

HPE202601300256_800_0_72_RGB (1).jpg

Legacy systems remain the backbone of many enterprises, but they also represent one of the largest cybersecurity liabilities in modern IT environments. Outdated architectures, unsupported software, weak authentication mechanisms, and inconsistent security controls create attractive targets for attackers.

At the same time, completely rewriting legacy applications in a single big bang migration is expensive, risky, and often disruptive to business operations.

For example, modernizing a banking application running on a Common Business-Oriented Language (COBOL)–based mainframe platform.

This is where the Strangler Method, also known as the Strangler Fig Pattern, offers a practical and secure modernization strategy.

Instead of replacing an entire system at once, organizations gradually build modern services around the legacy application, redirecting functionality piece by piece until the old system is fully retired. Beyond reducing operational risk, this incremental approach can significantly strengthen cybersecurity.

Understanding the Strangler Method

The Strangler Method works by surrounding a legacy application with new services and routing layers. Over time, individual components are replaced while the original system continues operating.

A typical architecture looks like this:

Final-BS26052157-CE Complete-Reviewed.png

Figure 1. Strangler Pattern architecture enabling secure, phased modernization from a legacy monolith to microservices

Requests are selectively routed:

  • Existing functions continue using the legacy system
  • Newly modernized features are handled by secure modern services

Eventually, the old application is removed entirely.

Why legacy systems create security problems

Many legacy applications were not designed for today’s threat landscape. Common issues include:

  • Unsupported operating systems and frameworks
  • Weak authentication and authorization
  • Hardcoded credentials
  • Poor encryption standards
  • Limited logging and monitoring
  • Flat network architectures
  • Difficulty applying security patches

As cyber threats evolve, maintaining these systems becomes increasingly dangerous and costly.

How the Strangler Method improves cybersecurity

  1. Reduces the attack surface gradually

One of the biggest advantages of the Strangler Method is the ability to isolate and replace vulnerable components incrementally.

Instead of exposing an entire monolithic application to external traffic, organizations can:

  • Move sensitive services behind secure application programming interfaces (APIs)
  • Isolate high-risk modules
  • Apply modern security controls selectively

This gradually shrinks the legacy system’s exposure.

  1. Enables zero trust architecture

Modernized services can adopt zero trust principles immediately, even while the legacy application still exists.

This includes:

  • Identity-based access control
  • Least privilege policies
  • Multifactor authentication (MFA) integration
  • Service-to-service authentication
  • Network segmentation

Rather than waiting for a full rewrite, security improvements happen continuously.

  1. Improves monitoring and visibility

Legacy applications often lack proper observability.

As services are extracted:

  • Centralized logging can be introduced
  • API gateways can inspect traffic
  • Security monitoring becomes easier
  • Anomaly detection improves

Security teams gain better visibility into application behavior and potential threats.

  1. Limits blast radius during attacks

Monolithic applications often allow attackers to move laterally once compromised.

Breaking functionality into isolated services helps:

  • Contain breaches
  • Prevent widespread compromise
  • Enforce stricter boundaries between systems

A compromised service no longer automatically exposes the entire platform.

  1. Supports faster security patching

Modern services are easier to update and deploy than tightly coupled monoliths.

With incremental modernization:

  • Patches can be applied faster
  • Vulnerable libraries can be replaced independently
  • Security fixes no longer require full-system deployments

This reduces exposure windows for known vulnerabilities.

The role of API gateways in secure modernization

API gateways are central to many strangler implementations because they act as the control layer between users and back-end systems.

They enable:

  • Authentication and authorization
  • Rate limiting
  • Request filtering
  • Traffic routing
  • TLS enforcement
  • API threat protection

The gateway becomes a powerful security enforcement point while migration occurs.

Example: Securely modernizing a banking platform

Consider a bank running a legacy monolithic platform for:

  • Customer accounts
  • Transactions
  • Loan processing
  • Reporting

Using the Strangler Method:

Phase 1

The bank extracts customer authentication into a modern identity service with MFA.

Phase 2

Transaction APIs are isolated behind an API gateway.

Phase 3

Loan processing becomes a separate microservice with stronger access controls.

Phase 4

Legacy modules are retired incrementally.

Throughout the migration:

  • Customers experience minimal downtime
  • Security controls improve continuously
  • Compliance requirements become easier to manage

Best practices for applying the Strangler Method securely

Prioritize high-risk components first

Modernize internet-facing or vulnerable modules before lower-risk systems.

Introduce security early

Do not treat cybersecurity as a later phase. Embed from the start:

  • Identity and access management (IAM)
  • Encryption
  • Monitoring
  • Secrets management
  • Logging

Use strong service boundaries

Clearly define APIs and isolate services properly.

Monitor both old and new systems

During migration, hybrid environments create visibility gaps if monitoring is inconsistent.

Automate security testing

Integrate the following controls and mechanisms:

  • Static application security testing (SAST)
  • Dynamic application security testing (DAST)
  • Dependency scanning
  • Container scanning
  • Continuous integration and continuous delivery/deployment (CI/CD) security checks into the modernization pipeline 

Challenges to consider

The Strangler Method is powerful, but not simple.

Organizations may face:

  • Increased architectural complexity
  • Temporary duplication of systems
  • Data synchronization issues
  • Integration overhead
  • Inconsistent security policies during transition

Without careful planning, modernization itself can introduce new vulnerabilities.

HPE Application Modernization Services helps organizations with application modernization and workload migration, enabling applications to continue to perform their intended function and leverage the benefits of a new hybrid cloud destination with new levels of agility, scale, and performance.

Final thoughts

Modernization is no longer only a technology initiative; it is a cybersecurity necessity.

The Strangler Method provides organizations with a safer path away from vulnerable legacy systems by enabling incremental transformation instead of risky full-system rewrites. By modernizing piece by piece, businesses can strengthen security controls, reduce operational disruption, and continuously improve resilience against evolving cyber threats.

In a world where attackers increasingly target outdated infrastructure, gradual secure modernization may be one of the most practical cybersecurity strategies available today.

Meet the author:

Santosh Deshpande, Solution Architect, Application Modernization and Migration, HPE