3 Steps to Assure Cloud Migration Success: A Detailed Assessment
|
Listen on the go!
|
Gartner predicts that by 2026, 75% of organizations will adopt a digital transformation model predicated on the cloud as the fundamental underlying platform. [Source: Garner Press Release: April 19, 2023]
Every organization has a cloud strategy and vision with annual goals, yet the business risky cloud migrations have aged in backlogs or implemented with straying budgets & timelines. ‘Assurance’ is the most critical factor in business readiness, scoping, budgeting, and concluding the cloud migration. It is either underplayed in programs or overdone, with significant wait times at multiple check gates. These approaches lean on value in the overall enterprise cloud migration/adoption journey.
The checks and compliance for the system(s) to be migrated, cut across different teams, roles, levels & vendors with every-clashing priorities. The assurance state must be traceable to a report/dashboard, and leadership can trigger at any stage of the project – pre / at / post-migration. The blog below describes a detailed cloud migration assurance assessment approach.
Step 1 – Planning & Expectations:
- Assessment duration & scope with focus areas to be finalized
- What stage(s) of project will the assessment be conducted & sign-off criteria
- Logistics – onboarding, access to tools & reports, scheduling discussions per priority
- Identify a ‘Lead Consultant’ for conducting this assessment
The objective of the assessment is not to blame any team or role but to identify ways to improve quality across migration activities to assure ‘Business Stakeholders’ on migration success.
Motto – All gaps will be treated as process gaps
Step 2 – Understand & Assess:
Project-Level Assurance:
It is essential to start the assessment by understanding the organization’s approach & facilitation to implement standard project delivery. Assess the completeness & clarity of the project approach.
Below are topics grouped under standard categories – Tools, People, and Processes.
| Tools & Automation | People Operations | Standard Process | |||||
| Lifecycle Management | Requirements | Teams & Departments | Roles & Responsibilities | Vision | Goals / Objectives | ||
| Development | Cross-team RACI | Key Results / KPIs | |||||
| Testing | Vendor Management | Epics & backlogs | |||||
| Operations | Communication Channels | Escalations | Methodology | Project Methodology | |||
| Code pipelines | Progress | Planning & Demand | |||||
| Test Automation | Unit | Audit & Compliance | User Story Management | ||||
| Integrations | Risk management | Delivery Execution | |||||
| Systems | Monitoring & Control | ||||||
| End-to-End | Release Management | ||||||
| Security | Change Management | ||||||
| Performance | Retrospective | ||||||
| Reporting | Dashboards | Assurance | Strategy & Plan | ||||
| Alerts | Design – types & levels | ||||||
| Monitoring | Non-Production | Execute – progress & control | |||||
| Production | Data & Environment | ||||||
| Documentation | All above | Defects & Incidents | |||||
| Governance | Metrics, SLAs, KPIs | ||||||
| Reporting analytics | |||||||
| Risk management | |||||||
| Config management | |||||||
| Knowledge management | |||||||
Example: People & Operations – Analyzing different teams across departments, individual roles for gaps in responsibilities in quality ownership, RACI matrix on accountability across teams with other priorities. The communication channels for transparent & compliant workflows which can be audited. Team’s knowledge of how different changes, risks, and escalations are handled.
Additionally, depending on the assessment duration & migration progress, there are specific assurance practices that can be pursued in-depth at a particular project phase (Pre-Migration, At Migration, and Post Migration). Though the assessment covers all areas for analysis, a few touchpoints are more effective at a particular phase in the project.
| Pre-Migration | At-Migration | Post-Migration | |||||
| Migration Plan | Approach & Business Outcome | Monitor & Alerts | Effort & Schedules | Assurance | Functional – feature, regression, etc. | ||
| Lifecycle of migration | Resiliency – Infra, Network failover, etc. | Non-Functional – security, perf, data | |||||
| Quantifiable KPIs – Costs, ROI, etc. | System Health | Business – workflows, user experience | |||||
| Risk & compliance | Risk & mitigation plan | Monitoring | Performance | ||||
| Readiness Assessment | Cloud Strategy – E2E | Quality | In-flight validations | Security | |||
| Security & Perf – roadmap, tools, assurance, metrics | Data aggregations | Data | |||||
| Change & release management | Functional testing | Tools & Auto-scanners | |||||
| Security Compliance | Fin-Ops | Reports | |||||
| Quantity | Workload sizing | ||||||
| Data volume & batch | |||||||
| Synchronization times | |||||||
| Compression & encryption | |||||||
| Tools | Reusable framework(s) | ||||||
Rationale: During the pre-migration phase, the team cannot provide data on synchronization times / Pen-testing reports / Performance actuals. Similarly, post-migration, the readiness report is not a checkpoint, but a Fin-Ops report is more valuable & monitored daily.
Completing the data analysis across the above areas will help qualify an organization’s assurance on the approach for cloud migration at the project level. During Cigniti’s Cloud Assurance engagements, we found significant gaps across project planning & governance more frequently.
Architecture Level Assurance:
The technical cloud migration assessment is addressed in this step. Though called upon at a high level in previous steps, the detailed sub-focus areas presented below point to the direction a consultant can probe & explore to gather insights.
Start with a quick check on the cloud architecture approach & documentation for both Prod and non-prod environments:
- Application architecture
- Data architecture
- Security architecture
- Performance architecture
- Operational architecture
Then, an assurance deep-dive on critical areas: Security, Data, Performance, and Verification and validation.
| Security | Data | |||
| Approach | Lifecycle | Storage | Types & volume | |
| NFRs & Use Cases | Locations – constraints, etc. | |||
| Audit & Governance KPIs | Policies & lifecycle | |||
| IAM | Access Matrix – privileges, personas, etc. | Disaster Recovery | ||
| Automation | Quality | Accuracy – Dirty data, Sync, etc. | ||
| ITSM | Completeness – data checks, fallback, etc. | |||
| Infrastructure | Hardware & software, Platforms, etc. | Integrity – aggregations, referential, etc. | ||
| Environments – IAC, VMs, Gateways, etc. | Consistency – profiling, conventions, etc. | |||
| Network | Boundary – VPC, Zones, Firewalls, etc. | Precision – truncations, etc. | ||
| Hardening | Governance – automation, schedule, etc. | |||
| Integrations | Warehouse | Architecture – layers, schema, procedures, etc. | ||
| Traffic Monitoring | Integration – ingestion, messaging, etc. | |||
| Logging | Tools – pipelines, analytics, etc. | |||
| Data | Encryptions | Transformation | Queries – types, perf, refresh, etc. | |
| Backups | Automation – masking, etc. | |||
| Tools | Continuous Testing | |||
| Vulnerability scans | Performance | |||
| Threat management | System & Network Assurance | SLAs & Baselines | ||
| Patch management | Resiliency, Reliability & Responsiveness | |||
| Container scans | Availability, Scalability & Latency | |||
| Analytics & notifications | Concurrency, Redundancy & Replication | |||
| Disaster Recovery | ||||
| Verification & Validation | Bandwidth & iOPs | |||
| Quality Engineering | Requirements | Automation | Allocations – Compute, Storage, etc. | |
| Design techniques | Alerts & limits | |||
| Test cases – Interoperability, config, etc. | Cost | |||
| Coverage & Traceability | Integrations | Connections & downstream, etc. | ||
| Monitoring | Analytics – models, predictions, real-time, etc. | |||
| FinOps – Trends, Permissions, etc. | ||||
Example: Data Assurance – Under the ‘Storage’ area, analyze assurance practices for different types of data & sizes – check for data storage policies, data lifecycle & archiving strategy, data structures & their encryption strategy, and lastly, data at rest & transit.
A consultant can ask the below questions to gain assurance perspective for each area:
Q1) Has the selected <area> recognized, documented, reviewed, and approved by relevant stakeholders?
Q2) What state of implementation is the team currently in – Not yet implemented / Partially implemented / Blocked / Implemented / Not Applicable
Q3) What is the approach to validate/verify the? <area> Who is responsible and accountable?
Q4) Can the team generate a report on the <area> quality assurance aspects with any quantifiable metric or KPI?
Step 3 – Assurance Outcome
The consultant will gather raw findings data by gathering inputs via documentation reviews, team & individual discussions, tool walkthroughs & metric reports analysis.
By categorizing & prioritizing these findings, the consultant arrives at critical gaps & necessary recommendations. A readiness/maturity score can be calculated by scoring individual questions & areas with weightage, which helps quantify the migration against a numerical baseline.
Categorizing recommendations can be done in many ways:
- Activities & deliverables in a timeline format
- Maturity based break-up
- Track/initiative based
- Effort vs. Value matrix
Core Aspects of a Final Report:
- An Executive Summary slide with quick wins and high-value initiatives
- Assurance score with the ability to double-click on any analysis area
- Findings & recommendations – Top & detailed. Sorted by impact/priority
- Detailed forecast presented in the format of a Transformation roadmap
- Best Practices and industry-wise suggestions also add weight to the report
Conclusion
Cigniti’s cloud migration assurance service has succeeded with multiple client cloud migration programs. As an independent party assessing with exhaustive 700+ checkpoints, we have advised and transformed diverse cloud migration journeys over the years. The assessment duration ranges from 3-6 weeks, depending on the service delivery’s size, complexity, phases, and location.
Need help? Contact our Cloud Migration Assurance experts to learn more about the steps to ensure cloud migration success, along with a detailed assessment.
Leave a Reply