6 Key Learnings for Migrating Custom Applications to the Cloud: Introduction

Lessons from Migrating Custom Applications to the Cloud

Since 2010, UnifyCloud has been helping customers migrate custom built, line-of-business (LoB) applications to the Cloud (PaaS, IaaS and SaaS).1 In this series we will share our key learnings, as well as best practices from our experiences of migrating custom built LoB applications to the Cloud. First, a quick review of why people are moving to the Cloud, and their concerns:

  • 70% of CIOs are following a Cloud-first strategy as of 2016.2
  • Key drivers for the migration to the Cloud: first is reducing costs, second is improving business agility.3
  • Primary concerns around moving to the Cloud include Cybersecurity, Privacy and Compliance.4

We will go over six key Cloud migration lessons learned, and share best practices, as we walk thru the three phases of Cloud migration, with a post dedicated to our learnings and best practices from each phase. This is the Introductory post, to be followed by one for each of the three steps in the process.

This is the first post in the series, you can view the other posts in the series:

What we learned from Migrating custom applications to the Cloud
Part One Key Learnings Overview
Part Two Discover and Assess
Part Three Plan and Migrate
Part Four Monitor and Report

The key to a successful Cloud migration is to develop a data-driven Cloud strategy. Start with a detailed understanding of your existing infrastructure to develop your Cloud strategy. Once you have developed your strategy, create a detailed plan. We recommend a three-step process for migration planning, as outlined below. You may notice that this is the same migration framework recommended by Microsoft, for migration from one software version to the next, such as migrating applications from WS2008 to WS 2012.

Phases of cloud Migration

What makes Cloud migration of custom LoB applications and data platforms challenging, is Cloud Speed and Cloud Scale. Cloud Speed is the velocity of features being released by Cloud Service Providers (CSPs) such as AWS and Azure on nearly a daily basis as CSPs constantly enhance their platforms, adding new services, and deprecating others, as can be seen by the exponential growth in the chart below4. As Andy Jassy said during his AWS re:Invent 2016Keynote “Every day you wake up, on average, with three new capabilities”. Changes to other CSPs, such as Azure and Google, are happening just as fast. Cloud Speed makes it difficult for developers to be sure that they are using the latest services correctly, following best practices and ensuring applications and data platforms are secure and compliant.

pace of cloud innovation

Cloud Scale represents the number of applications that will be migrated to the Cloud. According to one report, the F1000 alone have over a Million custom LoB applications that need to be assessed for Cloud migration6. Manual assessment of applications and data platforms will not scale. Solutions designed for multi-year on premise migrations are not suited for Cloud Speed and Cloud Scale.

Lesson #1: Tools and processes designed for on premise migrations every 3-5 years do not work at Cloud Speed and Cloud Scale. You will need integrated, automated, data driven tools to ensure you control your costs, maintain cybersecurity standards, and uphold GRC (Governance, Risk management & Compliance) thru each step of the Cloud Migration.

Based on business and technical characteristics of an application and applications and data platform, one can recommend migration to different types of Cloud service models, commonly referred to as PaaS, IaaS, and SaaS. Applications based on standard application software such as Microsoft’s .NET framework, and Windows Servers and SQL Server are good initial candidates for migrating to Platform as a Service (PaaS). Migrating an application to Infrastructure as a Service (IaaS) involves deploying to VMs on the CSPs infrastructure. Software as a Service (SaaS) represents replacing existing application with a SaaS option and may require migrating existing data to the SaaS provider.

Below is a screen shot from CloudRecon. Just minutes after importing the infrastructure data you are able to see the main dashboard. 162 applications have been identified as candidates for migration to PaaS. A drill down on the list of applications is provided, as well as other useful information, such as out of compliance OS’s and Databases that are no longer supported. The menu on the left shows additional cloud migration recommendations, as well as cost analysis, and cybersecurity maturity assessment of your infrastructure.

Cloud Potential Applications

A successful migration requires that the right applications are moved to the optimal Cloud environment; PaaS, IaaS or SaaS, and the migration must be data driven and follow a logical plan. If applications are migrated incorrectly, then the organization will not receive the cost savings and business agility benefits from migration efforts. You need to know which applications and data platforms are the best candidates for migrating to the Cloud environment, and which Cloud model (PaaS, IaaS and SaaS) they should move to. In order to do so, you need to have a detailed understanding of your current on premise environment.

  • Migrating applications and data platforms includes many aspects:
  • Modernizing custom web applications to run in a PaaS environment;
  • Retiring specific packaged 3rd party software and move to Microsoft SaaS alternatives;
  • Moving existing applications to run in the Cloud as is (i.e., “lift & shift”) in IaaS;
  • Right-sizing / consolidating VMs before they are moved to run in IaaS;
  • Determining what data platforms can move to the Cloud and right-sizing storage VMs for IaaS;
  • Monitoring applications and data platforms once migrated to the Cloud for Cost/OPEX control, Security and GRC.

Shared Responsibility Model

Organizations running their own infrastructure on premise, are responsible for the cybersecurity and GRC of their infrastructure, along with the applications and data running on them. When an organization moves to the Cloud some of these cybersecurity and GRC responsibilities are transferred to the CSP. The CSP and the organization are accountable for different aspects of security and GRC. The shared responsibility model outlines the responsibility and accountability of CSPs and users, across different scenarios, from Traditional on premise environments, to IaaS, PaaS and SaaS.

Data owners are ultimately accountable for maintaining security and control over their organization’s information, resulting in a shared level of responsibility between the data owners and the CSPs. The type of Cloud service model infrastructure as a service (IaaS), platform as a service (PaaS) and software as a service (SaaS) dictates who has responsibility for which security tasks. Organizations responsibilities generally increase as they move from SaaS to PaaS to IaaS to on premise.Shared Responsibility Model

For successful Cloud migration, you need to develop a data-driven Cloud Strategy, using your existing infrastructure as the starting point. Use your actual infrastructure data to create your Cloud Strategy. Once you have the strategy, create and execute a detailed plan. Use integrated, automated tools to assist you thru the Cloud migration process to ensure you meet your Cost control; Cybersecurity; and Governance, Risk Management, and Compliance (GRC) requirements. Ensure you understand the shared responsibility model and how that affects your strategy for migrating applications and data platforms to the Cloud.


Successful migrations to the Cloud require being data driven, and following a structured process. Our experience recommends using integrated automated tools for enterprises to manage the complexity of migrating application to the Cloud, through their application lifecycles, at Cloud Speed and Cloud Scale. Different Tools are used at different stages of the process. CloudAtlas looks at migration process and challenges holistically to support Cloud migration. The underlying knowledgebase ensures best practices are followed throughout the entire process for cost control, Cybersecurity and compliance (GRC).


1 NIST Reference to Cloud Service Models starts on page 2: http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-145.pdf
2 IDC CIO Agenda webinar
3 InformationWeek; September 29, 2016 & Seth Robinson; Senior Director, CompTIA
4 SIM IT Trends Study, 2017
5 https://www.youtube.com/watch?v=8RrbUyw9uSg (starting at 11:45)
6 https://www.slideshare.net/kacyclarke/applying-systems-thinking-to-aws-application-migration?qid=6ad57fbd-5a03-4ec7-abde-b3470019c9e2&v=default&b=&from_search=3 (see slide 23)

View the other posts in the series:

What we learned from Migrating custom applications to the Cloud
Part One Key Learnings Overview
Part Two Discover and Assess
Part Three Plan and Migrate
Part Four Monitor and Report