Richard Malone from CNX has heard this story at least twice in the last five years. A customer calls with that particular mix of relief and disbelief in their voice. “We had a ransomware attack. Everything’s encrypted – the Windows servers, the file shares, even some of the backups. But the IBM i is still running. It’s the only thing that wasn’t affected.”
In an industry obsessed with modernization and cloud migration, there’s an uncomfortable truth nobody wants to discuss: when everything else fails, that “legacy” AS/400 is often the last system standing. The platform everyone wants to replace becomes the only thing keeping the business operational.
The Ransomware Stories They Don’t Put in IT Magazines
“We’ve had at least two customers that had ransomware attacks where the IBM i was the only system not affected,” Richard confirms. Think about that for a moment. While distributed servers displayed ransom notes and critical data sat encrypted on network shares, the IBM i kept processing orders. Kept running payroll. Kept the business alive.
One bank they work with can’t afford to run on anything else. Not because of cost, but because of reliability. When you’re processing millions of transactions, you need systems that just work. As Richard puts it, “These IBM Power systems, they just work. They are just so unbelievably reliable.”
The pattern repeats across their customer base. Companies with mixed environments – Windows, Linux, and IBM i – consistently report the same thing during security incidents. “We’re always hearing all these stories, ‘Oh, we’re having this meltdown of this server and that server, but the IBM i is not affected.'”
This isn’t luck. It’s intentional architecture.
Why Cloud Migration Actually Makes IBM i More Valuable
Three years ago, the conversation around IBM i changed dramatically. The shift to cloud wasn’t killing the platform – it was liberating it. “In the old days, you remember we used to maintain big server rooms with a lot of specialized air conditioning,” Richard recalls. The people who ran all that infrastructure are retiring. Companies faced a choice: find new specialists to maintain on-premise systems or move to the cloud.
IBM and various cloud providers now offer robust cloud hosting for Power systems. Once the IBM i is in the cloud, it becomes just another service on the network. The physical maintenance headaches disappear. The specialized knowledge requirements for running the hardware vanish.
“Once it’s in the cloud and it’s just another service on the network, so I don’t even mess with it.” Richard asks. “It’s been working for decades. The rules haven’t changed. Why would I mess with it?”
This changes the entire modernization conversation. Instead of “How do we get off this old platform?” it becomes “How do we give this reliable platform modern capabilities?” The server that survived ransomware is now running in the same cloud infrastructure as everything else, except it’s still more secure.
The Only Time Companies Actually Leave IBM i
There’s one scenario where CNX consistently sees customers abandon IBM i, and it has nothing to do with technology. “The only time we have customers actually leaving the platform is after, ironically, an acquisition,” Richard explains. A small or medium-sized company gets acquired by a large firm that doesn’t understand the platform. The new parent company mandates moving everything to their standard stack.
But it works both ways. “We have customers that are using IBM i and they acquire smaller companies and they bring them on,” Richard continues. These companies expand their IBM i footprint because they’ve seen what happens during ransomware attacks. They’ve watched other systems fail while the IBM i keeps running. They know which platform they can trust.
“We very, very rarely get customers that say, ‘Look, we’re going off IBM Power systems because we just don’t like it anymore,'” Richard notes. When you calculate total cost of ownership – considering that many shops run massive IBM i systems with just two administrators – the economics are compelling. You’ve got two people managing systems processing millions of transactions annually.
The Shop Floor Reality Check
Before CNX built modernization tools, they built software that transformed manufacturing. Their Atomic software replaced paper-based shop floor systems with real-time terminals. Rob Swanson remembers the revelation: “We could give the guys on the floor up-to-date information, real-time, what’s going on, what their priorities are, where all the inventory’s going.”
This was the late 1990s. Teaching factory workers who’d never touched a computer to use a 5250 interface was daunting. But it worked. The system was reliable. When workers scanned barcodes, inventory updated instantly. No more paper chase where you got production data the next day if you were lucky.
Fast-forward to today. Those same IBM i systems are still running shop floors, still processing transactions, still maintaining inventory. They survived Y2K, survived the 2008 recession, survived COVID, and survived ransomware attacks. The interface needed updating, sure. But the core system? It just keeps working.
When Speed Actually Matters
Here’s something the modernization vendors don’t understand: sometimes the old interface is actually better. CNX discovered this with accounting software that runs on IBM i. “The data entry clerks on the GL side, they don’t use any of the browser interfaces because they want the 5250 speed,” Jim from the podcast notes. “They literally don’t even look at the screen.”
These clerks type so fast that browser interfaces slow them down. They’ve memorized every function key, every field position. They navigate by muscle memory. As Rob puts it, “They can rote process.” For them, a modern web interface isn’t an upgrade – it’s an obstacle.
Richard acknowledges this paradox: “If you can get through the learning curve of those types of interfaces, they are extremely fast for interacting with.” The solution isn’t forcing everyone to use web interfaces. It’s providing options. New users get modern web interfaces they can learn quickly. Power users keep their green screens for maximum efficiency.
The Acquisition Pitch That Reveals Everything
Before joining Izzi Software, CNX had plenty of acquisition offers. The conversations were depressingly similar. “How many customers do you have? How long will they stay on maintenance?” Richard remembers. These acquirers saw a chance to milk existing customers while letting the product die.
“It was a story of what we could do with the product in the future,” Richard explains about Izzi’s different approach. They talked about porting Valence to IBM Z, using it to modernize other acquired products, adding dedicated sellers. After decades of building and growing, Richard and Rob weren’t interested in becoming another casualty of the “where software goes to die” model.
This mirrors the broader IBM i story. Everyone assumes it’s dying, but it keeps growing. “I think there’s been significant growth in the last three years,” Richard observes. New customers are coming to the platform. Cloud migrations are making it more accessible. Companies that experience ransomware attacks are reconsidering their “modernization” plans.
Building Modern Interfaces Without Modern Vulnerabilities
When CNX built Valence after rejecting existing modernization tools, they made a crucial decision: treat IBM i programs as services, not screens. The business logic stays protected on IBM i. The web interfaces run in controlled environments with limited system access. Users get modern experiences without exposing core systems to new attack vectors.
This approach proved its worth during security audits. Auditors find plenty of vulnerabilities in distributed systems. When they examine IBM i systems with Valence interfaces, they struggle to find attack vectors. The web layer doesn’t expose the underlying system. IBM i’s security model prevents lateral movement even if user credentials are compromised.
The companies that successfully modernize IBM i understand they’re building on a foundation that’s proven its resilience. They’re not apologizing for running a “legacy” platform. They’re enhancing something that works while fixing what doesn’t. We’d call that “Legendary”.
The Two-Guy IT Department
Perhaps the most compelling argument for IBM i comes down to simple math. “You’ve got like two guys running this whole gigantic system that’s doing millions of transactions a year,” Richard points out. Compare that to modern microservices architectures requiring teams of DevOps engineers, security specialists, and cloud architects.
Those two IBM i administrators aren’t just keeping the lights on. They’re maintaining systems that survive ransomware attacks, process millions of transactions, and run for years without unplanned downtime. When calculating total cost of ownership, include the cost of systems that don’t fail during attacks, don’t require armies of specialists, and don’t need rebuilding every five years.
The next time someone suggests replacing IBM i with something more modern, ask them about ransomware recovery. Ask about running mission-critical systems with two administrators. Ask about decades of accumulated business logic that handles edge cases nobody remembers until they break.
Your AS/400 might be the oldest system in your data center. When ransomware hits, it might also be the only one still standing. That’s not an argument against modernization. It’s an argument for modernizing the right things. The platform that survives attacks doesn’t need replacement. It needs better interfaces. There’s a difference, and companies that understand this difference are the ones whose systems keep running when everything else fails.