Having served dozens of NHS trusts and universities, our client is highly respected in its field. However, it was clear that the company’s back-office software was hindering further growth. Our client’s existing training management software had three interfaces:
- a cloud-based MySQL database, managed by the company’s IT administrator
- an iOS app, used by trainers to record attendance and attendee signatures
- an on-premises ASP.NET Web App, for back-office staff to input course data
Hosting the web app on-premises required costly and time-consuming maintenance by the company’s IT staff. The web app was also running on .NET 4.0, a version that Microsoft stopped supporting in 2016. This meant the framework was no longer receiving security patches or updates, which left it vulnerable to attack.
And our analysis of user security features threw up another issue: the encryption model was flawed. Instead of modern one-way encryption, the code used two-way encryption. This would have allowed an attacker to reverse engineer a user’s password using the code and the database.
And the final problem with this outdated code was lack of compatibility. The code needed updating before it could integrate with software such as Excel and SAP Crystal Reports.
In summary, the drawbacks of this legacy training management system were:
- high cost of software ownership due to on-premises hosting
- risk of security breaches caused by flawed and unsupported code
- difficulty integrating the application with today’s business software