The 5 R's of Application Modernization: Choosing the Right Path for Each System You Own

Every application modernization program eventually faces the same question for each system in the portfolio: what do we actually do with this one?

The 5 R's framework — Retain, Retire, Rehost, Replatform, Refactor — was developed to answer that question with structure rather than intuition. It was first introduced by Gartner in the early years of enterprise cloud migration, and it has remained the most practical classification system in the field. The variants — some frameworks use 6, 7, or 8 R's — add categories like Rebuild, Replace, and Relocate. These are useful refinements. The five core R's, however, cover the decisions that actually drive modernization outcomes for most enterprise portfolios.

The framework is only as useful as the process used to apply it. A rigorous portfolio assessment produces accurate decisions. A cursory one produces a list of applications with R-labels that nobody can justify a year later. This post covers both: what each R means, when to use it, and the diagnostic work required to apply it correctly.

Why the Decision Matters More Than Most Teams Think

McKinsey research found that companies in the bottom 10th percentile for technical debt performance sink almost half of their IT change spend into applications they would just as soon retire. That is not a marginal inefficiency. It is a structural drain on engineering capacity and technology budget that compounds year over year. The 5 R's framework, applied correctly, is the primary tool for breaking that pattern — directing investment toward the applications that deserve it and removing the ones that do not.

The consequence of applying the framework poorly is equally concrete. Refactoring an application that should be retired wastes engineering time and budget. Rehosting an application that should be refactored moves technical debt to a new environment and delivers no durable benefit. Both are common, and both are avoidable with a proper portfolio assessment before the program begins.

The Five R's: What Each One Actually Means

The descriptions below reflect what each R produces in practice — not the textbook definition, but the production reality.

R When to use it What changes Effort Common mistake
Retain Stable, low-change systems critical to operations. Retiring them carries more risk than keeping them running. Nothing — monitored, not modernized. None Retaining by default. Every retained application should have a scheduled review date, not an open-ended pass.
Retire Duplicate applications, shadow IT, systems replaced by SaaS, or applications nobody can justify on business value. Decommissioned. Data migrated or archived. Dependencies resolved. Low — but requires analytical work upfront. Underbudgeting for decommissioning. Dependencies and data migration take longer than the shutdown itself.
Rehost Working applications constrained by aging infrastructure, or portfolios with hard datacenter exit timelines. Infrastructure only. Code and architecture unchanged. Low Treating rehost as modernization. It is not. It is a migration. Architectural problems move with the application.
Replatform Applications that work but are running on unsupported or inefficient middleware, databases, or runtime environments. Specific components — runtime, database, container layer — without changing business logic or core architecture. Medium Scoping too broadly. The boundary of what changes should be tightly defined before work begins.
Refactor High-value, high-change applications where technical debt is actively limiting development velocity or business capability. Internal code structure. External behavior unchanged. Enables modularity, better testability, and faster iteration. High Refactoring low-value applications. McKinsey research found companies in the bottom 10th percentile for tech debt sink almost half of IT change spend into applications they would just as soon retire.

The Portfolio Assessment That Makes the Framework Useful

The 5 R's are labels. The assessment is the work. Before assigning any application to a path, four dimensions need to be evaluated. Skipping any of them is where programs discover mid-execution that they classified an application incorrectly.

Assessment dimension What to evaluate
Business value Does this application support a core business process? Would the business stop, or materially slow, if it were unavailable for 48 hours? Is it in a domain the business is actively investing in or planning to exit?
Technical health What is the current maintenance burden—hours per quarter, incidents per month, developer complaints per sprint? Is the application on a supported runtime, database, and infrastructure stack? How modular is the codebase: can components be updated independently, or does every change carry full regression risk?
Change frequency How often does this application need to change to meet business requirements? High-change applications carry the cost of technical debt most acutely. Low-change, stable applications may be better candidates for rehost or retain than refactor.
Dependencies What does this application integrate with, and in which direction does data flow? Integration complexity is the most commonly underestimated variable in modernization programs. An application that looks simple in isolation may be a hub for eight downstream systems.

Integration complexity is the most commonly underestimated variable in application portfolio assessments. An application that looks straightforward in isolation may be a hub for eight downstream systems. The dependency mapping work is almost always more involved than teams initially estimate — and discovering it after the program has started is more expensive than discovering it before.

Where Most Programs Go Wrong

Classifying by gut feel rather than data

The most common failure mode is assigning R-labels based on the team's intuition about application age and complexity rather than a structured assessment. Applications that have been running for fifteen years tend to get classified as Retire or Rehost candidates regardless of their actual business value or change frequency. Applications that are familiar to the engineering team tend to get classified as Refactor candidates regardless of whether refactoring is justified by the business case. A structured assessment removes both biases.

Underestimating rehost as a destination rather than a waypoint

Rehosting — moving an application as-is to new infrastructure — is frequently the right first move for portfolios with datacenter exit timelines. It is fast, low-risk, and creates breathing room for deeper assessment. The mistake is treating it as modernization rather than migration. Architectural problems, performance constraints, and technical debt move with the application. If the plan is to rehost now and refactor later, that later needs a date — not a stated intent.

Assigning Refactor without a business case

Refactoring is the most resource-intensive R and the one most commonly applied without rigorous justification. The appropriate trigger for refactoring is a specific, named problem that the current code structure is preventing the business from solving — not general technical dissatisfaction with legacy code. If the application cannot be retired and refactoring cost cannot be justified by a specific business outcome, replatforming is usually the right answer.

Treating Retain as a permanent decision

Retain means the application is not being touched in this program cycle — not that it will never need to change. Every retained application should have a scheduled reassessment date. Retain-by-default, without a review mechanism, is how portfolios accumulate the technical debt that later justifies the modernization program in the first place.

A Practical Starting Point

For organizations beginning a portfolio assessment, the order of operations matters. Start with the dependency map — a complete inventory of what each application integrates with, in which direction data flows, and what downstream systems would be affected by a change. This is the dimension most teams underestimate, and it is the one that most frequently causes mid-program surprises.

Once the dependency map is complete, work through business value and technical health for each application. The combination of high business value and poor technical health is the profile that most reliably justifies refactoring investment. The combination of low business value and low change frequency is the profile that most reliably justifies retirement. Everything else falls somewhere in between, and the framework gives you the vocabulary to make those decisions explicitly rather than by default.

The goal is not to produce a perfect classification on the first pass. It is to produce a classification that is defensible — one that can be explained to a business stakeholder, justified to a CFO, and revisited when circumstances change. The 5 R's framework, applied with that standard, is what separates modernization programs that run on time and deliver on their business case from the ones that discover they have been solving the wrong problem.

Explore One Primero’s Technology Delivery Services → 

One Primero’s Technology Delivery practice has run application portfolio assessments across 12 industries. If you are at the start of a modernization program — or evaluating whether the classifications from a prior assessment still hold — we can help you do the analytical work before the program is scoped.
Technology Delivery
Post-Merger Technology Integration: A 100-Day Framework for Engineering Leaders
Read Blog →
Technology Delivery
The 5 R's of Application Modernization: Choosing the Right Path for Each System You Own
Read Blog →
CX Platform
Agentic AI in the Contact Center: What Actually Changed in 2025 — and What's Still Overstated
Read Blog →