Cyber Resilience

Don't Wing It: 4 Steps to Building a Cloud Migration Plan

Migrating to the cloud is an inevitable shift for most organizations. But each organization's pathway towards migration in terms of maturity can vary greatly and requires much more forethought than just technical considerations.

When embarking upon or assessing the success of a cloud migration strategy, recognize that there is no one-size-fits-all approach. The diversity of each landscape and organizational goals means different metrics of success and methods to achieve them.

The most important thing you can do? Don't wing it. Create a clear, actionable plan for migrating to the cloud.

Learn more from my discussion with Brian Pitta, Illumio's Global Principal Systems Engineer, about how you should be migrating to the cloud:

Here are 4 steps to help you build a winning strategy to achieve cloud migration maturity.

Step 1: Determine your current migration maturity

A recent article from Gartner, Advance Through Public Cloud Adoption Maturity, looks at organizations through four distinct areas:

  • Organization and governance
  • Infrastructure and operations
  • Software engineering, application architecture, and data governance
  • Security, risk, and identity

While synergy amongst these four domains is critical for public cloud adoption, they don't all necessarily move along the cloud maturity model at the same pace.

The Gartner public cloud maturity model includes these 4 stages:

  • Stage 0 - Ad hoc cloud
  • Stage 1 - Opportunistic and planned cloud
  • Stage 2 - Trusted and repeatable cloud
  • Stage 3 - Automated and intelligent cloud

In order to reach full maturity in your cloud migration, it's incredibly important that each area of the organization has a clear, manageable migration plan in place.

As Gartner explains: "Winging your approach to cloud migration can and will cost more time, money and resources. On the flip side, a framework and strategy that commits to cultural, technical, and organizational changes in people, processes, and technology can advance maturity with less pain."

Have you shifted your mindset about cloud security? Learn more here.

Step 2: So where does your organization fit? Achieving Stage 3 maturity

If you are dipping your "toe" so to speak, into the cloud, it may look like a small number of workloads - perhaps non-production applications running in the public cloud. If this resonates, it is probably safe to say there isn't much planning or governance to the strategy.

While you may have avoided upfront planning, this kind of ad hoc approach creates an unsustainable model. The risk of security gaps becomes amplified as decisions of control and authority are not typically resolved.

According to Gartner in a recent report, Break Down 3 Barriers to Cloud Migration, there are a couple of strategic assumptions that should be considered when developing and planning your timeline:

  • By 2024, 15% of all enterprise applications will run in a container environment, up from less than 5% in 2020.
  • By 2024, 30% of custom enterprise applications will run in a container environment, up from less than 10% in 2020.

Getting from Stage 0 to Stage 1

To move past stage 0 into a more structured arrangement, organizations will need to make investments of time, resources, and redefined roles and responsibilities to execute with alignment toward a clear goal and outcome.

Reaching Stage 2

Significant time and investment in new standards, processes, governance, policies, and security best practices allows for automation and repeatable processes.

And then, congratulations! You have graduated to stage 2 of your cloud maturity. This could be the case for certain workloads that are prioritized over others, but ultimately, if you are moving in this direction, "cloud-first" policies are likely the goal.

Achieving Stage 3

"Intent-based cloud" as defined by stage 3 of maturity per Gartner, is the pinnacle of the maturity model. But it is important to note that realistic timelines and expectations, technical advancements, skills gaps, and governance, to name a few, will introduce a learning curve that we are all facing together.

This means that Stage 3 maturity doesn't look the same for all businesses.

According to Gartner, technical professionals should "determine the optimal target maturity level for their organization — not every organization is a Netflix or Airbnb, nor should they try to be."

And it's ok if your organization's maturity changes over time. In fact, it's almost guaranteed to.

"Keep in mind that this target may need to shift in future years based on changes in markets and technologies or may vary based on teams within the organization," says Gartner.

Step 3: Choose the best application modernization approach

There are critical barriers that organizations face when migrating existing applications to the cloud:

  • Application size: The larger an application is, the less portable.
  • Customization equals complications: Non-standard applications are oftentimes incompatible with cloud-native infrastructure.
  • Skills gaps: Knowledge gaps must be filled in order to accommodate the application lifecycle changes that come with modernization.

When considering the best path of migration take inventory of your applications.

  • Are they standard or non-standard?
  • What is the size of your application?
  • How easily can the application be modernized?
  • Which applications are most critical in terms of scale and accessibility?

The answer to each question per application will most definitely require a different approach. As stated above, there is NOT a one-size-fits-all for every organization, department, and application.

With this insight, you can then decide which is the best direction for applications in the cloud. Gartner provides these five directions:

  • Lift and Shift: Traditional, Non-cloud applications running unmodified in a cloud environment
  • Lift and Optimize: Traditional, non-cloud applications running with modifications in a cloud environment
  • Refactor: Traditional, non-cloud applications utilizing cloud APIs and middleware
  • Replace: New applications replacing traditional, non-cloud applications
  • Build or Buy: Brand new applications

Read why traditional security approaches don't work in the cloud.

Step 4: Understand the business and IT drivers behind modernization

Once each application is assessed for cloud migration viability, it becomes a smoother process to determine how and when to prioritize the path forward based on the business and IT drivers.

Gartner has developed this helpful graphic for understanding the main drivers of application modernization.


What are your organization's main drivers? With this knowledge, you can prioritize where specific areas of your organization might be slower or quicker to mature during cloud migration - and where best to focus your efforts during planning.

Every area of the business needs to be part of the migration plan, but knowing your main drivers can help prioritize how each area gets time, resources, and support.

Learn how Zero Trust Segmentation fits into your cloud migration plan here.

Cloud migration: New models mean new processes

Moving through your cloud journey comes with many variables and requires new processes and models.

Understanding and accepting the changes cloud migration requires across people, processes, and technology will help remove friction along the way.

Buy-in from various stakeholders and personnel will be critical to a smooth transition.

Ready to learn how Illumio can help secure your migration to the cloud?

Follow us on LinkedIn and YouTube to watch the latest video on this series and become a part of the discussion with your comments and feedback!

Related topics

Related articles

More Cyberattacks, Zero Trust Analysis Paralysis, and Cloud Security
Cyber Resilience

More Cyberattacks, Zero Trust Analysis Paralysis, and Cloud Security

Illumio CEO and co-founder Andrew Rubin discusses workload paralysis and how traditional security tools lack durability against today's catastrophic attacks

Get 5 Zero Trust Insights from Microsoft’s Ann Johnson
Cyber Resilience

Get 5 Zero Trust Insights from Microsoft’s Ann Johnson

Hear from Ann Johnson, Corporate VP of Microsoft Security Business Development, on cyber resilience, AI, and where to start with Zero Trust.

Securing Australian Government Assets in 2020: Part 1
Cyber Resilience

Securing Australian Government Assets in 2020: Part 1

In part 1 of this series, learn why government agencies are turning to Illumio to implement micro-segmentation.

No items found.

Assume Breach.
Minimize Impact.
Increase Resilience.

Ready to learn more about Zero Trust Segmentation?