This article outlines the key principles for developing a successful cloud operating model (COM) that enables organizations to efficiently and securely adopt cloud solutions and drive business outcomes.
​
Establishing an Effective COM Establishing a well-designed COM is crucial for the successful adoption of cloud technology within an organization. The impact of cloud adoption extends beyond just the IT department and has significant implications for the organizational culture and IT delivery structures. It is essential to understand these implications and the organization's readiness for change when building a successful COM.

To facilitate this transformation, organizations need to have a sufficient number of individuals with experience in utilizing cloud services, such as Amazon Web Services (AWS), who can effectively implement and manage the underlying cloud platform using a product-centric approach.

When it comes to building and establishing a Cloud Operating Model (COM), the desired outcomes are not strictly defined like in some technical domains. My experience in working with successful cloud technology leaders, such as CIOs and CTOs, has shown that they prioritize the creation of a value-generating Cloud Enablement Engine (CEE) before encountering failures and firefighting scenarios. Here are some examples of value generation observed among AWS adopters:
​

• 60% reduction in downtime
• 51% efficiency savings
• 14x reduction in time to deliver
• 43% reduction in operational costs

​

The most successful cloud customers approach their cloud initiatives with a product mindset, prioritizing excellent customer experiences. In this context, a product is defined by its ability to perform a limited set of tasks exceptionally well, with clearly defined inputs and outputs, serving multiple customers and continuously evolving to meet their needs. An example of this approach can be seen in Amazon.com, where multiple product teams manage different aspects of the customer website.

Defining products is crucial as it establishes the relationship between customers (consumers), products, and the teams responsible for creating them (suppliers). These interdependencies highlight the dual role of product teams as both consumers and suppliers, necessitating a higher level of ownership, accountability, and scrutiny to ensure the delivery of high-quality products and services.

Benefits of a Product-Based Approach

When companies fail to define and operate their systems as products, they often experience foundational failures that could have been mitigated through cross-product accountability. By assigning end-to-end ownership and accountability to each product team, encompassing business and operational aspects, they become fully responsible for all aspects of their services.

Even shared service providers act as product owners, offering services that other product teams can choose to use. It's important to note that the demand for each product should be assessed, and those that are not useful to the business should be deprioritized. The primary outcome is that each product team maintains accountability and doesn't relinquish responsibility to other product suppliers.

Building Customer Empathy and Trust

By taking full ownership of a product's operation and considering the end customer's perspective, companies cultivate empathy and understanding. As product owners establish contracts with other product owners, a supplier-consumer relationship is formed, fostering trust. Empowering product teams to make decisions about problem-solving approaches and choosing other products they collaborate with ensures full accountability for the product's performance and customer perception.

Key Concepts for a Product Mindset

To foster a functional product mindset and minimize future events that impact customers, four foundational concepts are crucial:

• Clearly defined products: Each product should be fully owned by a small team (6-10 people), responsible for all aspects from requirements to production support.
• Culture of accountability and empowerment: Product teams should be empowered to exceed expectations in the services they provide, embracing self-reliance and accountability, regardless of dependencies or leveraged products/services.
• Clear structure for the journey to production: A well-defined structure should outline the minimum requirements for taking a product to production, with clear roles and responsibilities for each step. While minimizing gates, key product teams should provide high-quality advice and guidance.
• Shared understanding of product definition and dependencies: Product owners should centrally publish and make available product definitions, metrics, and dependencies to other product owners who act as consumers or suppliers. This enhances understanding of dependencies and helps teams better manage their own products.

​

​Figure 1: Six transformational steps for building a cloud operating model

In order to build successful Cloud Operating Models (COMs), it is crucial to deliver innovative, cost-effective, reliable, and secure solutions that accelerate business outcomes for organizational business units. Many companies often make guesses or assumptions about what their customers want, relying on imagination or hunches. However, this approach increases the likelihood of being wrong.

To truly be customer-centric or customer-obsessed, teams need to move from imagining to knowing. This involves dedicating time to understanding customers, identifying their delights and pain points. Data should be leveraged to prove a deep understanding of customers and their needs. Then, the focus should be on finding the best solutions to address their pain points, gradually narrowing down the options until the simplest and most effective solution emerges.

Balancing Core COM Capabilities​

A Cloud Enablement Engine (CEE) should prioritize core COM capabilities while striking a balance between innovation and security. Reliability is essential, but it's important for organizations to operate and invest within their budget constraints. AWS helps customers achieve this balance by aligning the delivery to their Cloud Adoption Framework (CAF), which draws from the best practices of cloud transformations accumulated over many years.

​Figure 2: The AWS Cloud Adoption Framework - Capabilities and Domains

​Once a set of cloud products has been identified, the next step is to organize teams around the ownership and accountability of those products. A successful cloud operating model (COM) ensures that all components, including people, processes, and tools, are aligned to support each other effectively. As customer needs evolve over time, it is crucial to continuously evolve and meet their expectations. Clear product ownership is the key to achieving this.

Formation of a Cloud Center of Excellence (CCoE)

To establish effective product ownership, it is recommended to form a Cloud Center of Excellence (CCoE), consisting of two functional domains: Cloud Business Office (CBO) and Cloud Platform Engineering (CPE). The CBO focuses on aligning the CEE's products and services with the needs of enterprise customers and leadership. It takes charge of business governance and people enablement aspects of cloud adoption.

Figure 3: ​CBO capabilities

​
​CBO Capabilities The CBO's responsibilities include:
​

• Establishing the overall cloud change strategy, which the CEE will deliver and enable, to drive successful implementation across the organization.
• Ensuring alignment between enterprise architecture and the CEE.
• Developing processes to evaluate and create new cloud patterns that support teams adopting cloud.
• Understanding customer requirements and demand for cloud products, and translating them into a prioritized backlog of work.
• Managing the delivery of items within the CPE and CBO backlogs.
• Providing mechanisms to accurately allocate, forecast, and optimize spending by cloud consumers.
• Enabling self-service capabilities for consumers and executives to manage current and projected spending.
• Guiding consumer teams through the migration process to the cloud, including training, deployments, migration, and transitioning to steady-state operation.

CPE: Foundational Structure for the CBO

Underpinning the CBO is Cloud Platform Engineering (CPE), which is responsible for codifying the differences between stock AWS service configurations and enterprise standards applicable within the organization. The CPE's role is to package and continuously improve the cloud platform as a set of self-service deployable products for customers and consumers. Figure 4 below, illustrates this structure.

Figure 4: ​Cloud platform engineering capabilities

Cloud Platform Engineering Capabilities

The CPE teams have the following responsibilities:
​

• Establishing core and shared platform capabilities and codified patterns to facilitate enterprise self-service deployments by application development teams through a service catalog and templates.
• Building the operational platform and shared capabilities required for automated build and release processes, end-to-end operations, integration of operations products, self-service deployments, alerts, and reporting.
• Creating codified corporate security policies and controls in the cloud, leveraging automation and self-service tools whenever possible. Proactive assessment and monitoring of the environment to enforce security policies and mitigate threats.
• Emphasizing automation as a central element of the product mentality and the overall CPE delivery. This includes utilizing automation to resolve incidents by automating repetitive operational activities without human intervention. Such automation forms the basis for self-healing systems that can detect failures, proactively alert on potentially impactful behaviors, execute test scenarios, and perform remediation workflows, resulting in faster resolution times, improved service levels, and enhanced product availability.

​By organizing teams around products and establishing clear ownership and accountability, organizations can effectively deliver cloud products and services. The CBO and CPE domains of the CEE play critical roles in aligning with customer needs, driving business outcomes, and ensuring the efficient deployment and operation of cloud solutions. Automation within the CPE further enhances resiliency, availability, and overall product quality.

Instead of building a comprehensive Cloud Enablement Engine (CEE) to support the entire business all at once, we recommend taking an incremental approach. Think big, but start small. This approach allows teams and customers to build and learn iteratively as they scale their adoption of cloud solutions.

The Cloud Foundation Team

The initial product team in the CEE is known as the Cloud Foundation Team. It should be cross-functional and encompass all the necessary roles and capabilities that will eventually expand into a full-fledged CEE. When staffing a product team, it is important to consider and balance four key concerns or perspectives:

• Viability: This perspective focuses on the customer and business, ensuring that the products being created and the resulting organizational change are aligned with their needs and goals.
• Desirability: This perspective emphasizes creating products that are desirable and accepted by the organization, promoting a positive attitude towards the change being driven.
• Feasibility: From a technical delivery standpoint, this perspective ensures that the team can successfully implement the required changes and deliver the desired products.
• Operability: This perspective focuses on the operational aspects of the products in production, ensuring that they can be effectively managed and maintained.

Scaling the Cloud Foundation Team

As cloud adoption expands, the Cloud Foundation Team must grow and scale to keep pace with the AWS customer journey. Although each customer journey is unique, successful cloud adopters often follow a pattern of subdivision and specialization. Typically, the initial CEE is divided into four product teams: one for the Cloud Business Office (CBO) and three for the Cloud Platform Engineering (CPE). In larger organizations, this subdivision and specialization process continues based on the backlog of work.

Key Roles in the Cloud Foundation Team

The cloud foundation team requires the following key roles:

• Product Owner: This role is singularly accountable for defining and maintaining the vision of the CEE, ensuring its viability from a business perspective.
• Cloud Architects: These architects translate customer, business, and governance requirements into product architectures. They may focus on overall cloud architecture or represent specific domains such as platform, operations, and security.
• Cloud Engineers: Operating in a DevOps model of "you build it, you run it," the engineers on the team are responsible for both development and operations across the platform, operations, and security domains.

Additional Roles in the Cloud Foundation Team Other roles that are typically added to the cloud foundation team, though they may be part-time, include:
​

• Financial Analyst: Responsible for financial budgeting, tracking, and reporting, including show-back/charge-backs and cost optimization.
• Organizational Change Management Specialist: Responsible for creating a desirable move to the cloud by preparing the workforce, managing communications, providing training, and developing resource and career management plans.
• Scrum Master: Facilitates the Agile process and ensures that the team progresses toward business outcomes.

​
By bringing the work to the teams and establishing the Cloud Foundation Team, organizations can effectively start their cloud journey. These teams, with their defined roles and responsibilities, provide the necessary foundation for driving successful cloud adoption and delivering business outcomes in a structured and efficient manner.

​​The cloud presents opportunities to address accumulated workarounds and neglected IT systems by adopting a proactive approach. However, organizations must be cautious not to fall into the trap of pursuing perfection at the expense of practicality.

Successful adopters take two key actions to help ensure they own their own lifecycle and deliver meaningful benefits. First, they align the operating model delivery approach to the strategic value of the workload and second, successful COMs and CEEs establish a clear roadmap of delivering capabilities and processes that align and underpin the ability to establish production operations in an MVP and iterative approach.

Operating Model Options

When it comes to the operating model, it's important to acknowledge that not everyone will immediately embrace a DevOps approach. My engagements with customers have revealed three broad operating models, as shown in Figure 5 below.

Figure 5: ​Modernizing IT

Sustain

This model follows a traditional operations approach, similar to the activity-based models found in most organizations. It is best suited for lift-and-shift workloads that require minimal operational changes due to their limited lifespan or infrequent changes.

Optimize

In this model, application engineering teams take on the responsibility for both application development and operations. This resembles a DevOps approach for application teams, where they own the complete lifecycle of their applications. Platform teams, represented by the Cloud Platform Engineering (CPE), provide codified enterprise standards and governance to enable application teams to iterate quickly without burdening them with deep implementation details.

Grow

This model is adopted by teams seeking to leverage the latest AWS services and push technological boundaries. Application engineering teams take ownership of their applications while being empowered to build platform capabilities that are not yet standardized by the CPE. The CPE ensures that application teams adhere to enterprise-wide security, financial, and operational guidelines.

It's important to note that these models are not indicative of maturity levels and can coexist within an organization. However, there is often a natural progression towards the "optimize" model, with "sustain" workloads being phased out and platform services used by "grow" workloads eventually becoming new enterprise standards.

​Delivery Roadmap

Organizations already have established operational processes and procedures for IT delivery and change management, which may align with frameworks like ITIL (Information Technology Infrastructure Library). AWS has developed an operational integration domain-based blueprint model to support the establishment of a Cloud Operating Model (COM) and Cloud Enablement Engine (CEE). The AWS Operations Domains framework represents a best-practice-based approach to transform existing ITIL-based operating models into cloud-adapted architectures.
​

Figure 6: ​AWS Operational Domain Model

Figure 6: The operational capability roadmap

To embark on a successful transformation, organizations must adopt an iterative and incremental approach to improving their operating model and embrace a product-based mindset in IT delivery. This section highlights the best practices covered in this guide for establishing a cloud operating model.
​

• Start Small with a Clear Vision: Begin your cloud journey by starting small but keeping the end goal in mind. Define a future state model that leverages the capabilities of the cloud and aligns with the core outcomes important to your business.
• Drive Change Intentionally: Take a deliberate approach to driving change and ensure that everyone is brought along on the transformation journey. Embrace iterative continuous improvements, foster cross-functional teams, and encourage experimentation to enable organizational agility.
• Pilot Success: Establish an initial cloud foundation team to pilot what success looks like. Identify a few candidate workloads to migrate to AWS, establish clear metrics to track progress, create opportunities for continuous learning, and celebrate early wins. This approach allows for learning from real-world experiences and provides a solid foundation for scaling the cloud adoption across the organization.

​
By following these guidelines, you can establish a strong foundation for your cloud operating model. This approach can serve as a blueprint that can be emulated and scaled to other parts of your organization, enabling a successful cloud transformation journey. Embrace the iterative and incremental mindset, prioritize clear objectives, and engage your teams in continuous learning and improvement to achieve long-term success.

Throughout this series, we have explored the various perspectives of AWS CAF, providing valuable insights and practical guidance to help organizations successfully embrace the power of the cloud.
​
The Operations Perspective within AWS CAF focuses on optimizing the health, availability, and performance of cloud services, aligned with the specific needs and goals of your organization. This perspective encompasses a range of capabilities outlined below, and involves various stakeholders such as infrastructure and operations leaders, site reliability engineers, and information technology service managers.

​
A focus on security is paramount to establish a robust foundation that safeguards your organization's assets and mitigates risks in the cloud. In this article, we will explore the key capabilities that will help you strengthen your security posture and respond effectively to security threats and incidents. It comprises nine capabilities shown in the figure below. Common stakeholders include CISO, CCO, internal audit leaders, and security architects and engineers. 

 
Security Governance

Security governance is a vital aspect of establishing a robust security program. It involves developing, maintaining, and effectively communicating security roles, responsibilities, accountabilities, policies, processes, and procedures. By ensuring clear lines of accountability, you can enhance the effectiveness of your security efforts.

In the context of cloud security, it is crucial to understand your responsibility for safeguarding data and workloads. This includes conducting an inventory of relevant stakeholders, assets, and information exchanges. Additionally, you need to identify the applicable laws, rules, regulations, and industry standards/frameworks that govern your organization.

Performing regular risk assessments enables you to evaluate the likelihood and impact of identified risks and vulnerabilities specific to your organization. By allocating sufficient resources to identified security roles and responsibilities, you can strengthen your security posture. It is essential to develop security policies, processes, procedures, and controls aligned with your compliance requirements and organizational risk tolerance. Continuously updating them based on evolving risks and requirements ensures that your security measures remain effective.

By adhering to these practices, you can establish a solid foundation for security in the cloud, prioritize your security efforts, and provide ongoing direction and advice to your teams, enabling them to operate with greater agility and efficiency.

Security Assurance

Security assurance is a continuous process of monitoring, evaluating, managing, and enhancing the effectiveness of your security and privacy programs. It is essential to instill trust and confidence in your organization and the customers you serve, assuring them that the implemented controls enable you to meet regulatory requirements and effectively manage security and privacy risks aligned with your business objectives and risk tolerance.

To achieve security assurance, it is important to document controls within a comprehensive control framework. This framework should establish demonstrable security and privacy controls that align with your objectives. It is beneficial to review audit reports, compliance certifications, or attestations obtained by your cloud vendor. This helps you gain insights into the controls they have implemented, how these controls have been validated, and the effectiveness of controls within your extended IT environment.

Continuously monitoring and evaluating your environment is crucial to verify the operational effectiveness of your controls and demonstrate compliance with regulations and industry standards. Regularly reviewing security policies, processes, procedures, controls, and records is necessary to ensure they remain up to date and aligned with your security objectives. Conducting interviews with key personnel as required further enhances your understanding of the security landscape and aids in identifying any areas that require improvement.

Identity and Access Management

Identity and access management (IAM) involves the management of identities and permissions at a large scale. In AWS, you have the flexibility to create identities within the platform or connect to your existing identity source. By granting users the appropriate permissions, they can securely sign-in, access, provision, and orchestrate AWS resources and integrated applications. Effective IAM practices play a vital role in ensuring that the correct individuals and machines have access to the right resources, under the appropriate conditions.

The AWS Well-Architected Framework provides valuable guidance on managing identities by outlining relevant concepts, design principles, and architectural best practices. These include leveraging a centralized identity provider, utilizing user groups and attributes for precise access control at scale, and implementing robust sign-in mechanisms like multi-factor authentication (MFA). To govern access for both human and machine identities to AWS and your workloads, it is essential to define permissions for specific service actions, resources, and conditions.

Adhering to the principle of least privilege (PoLP), setting permissions boundaries, and utilizing service control policies enable the appropriate entities to access the necessary resources as your environment and user base expand. Granting permissions based on attributes (Attribute-Based Access Control or ABAC) allows your policies to scale effectively. Continuously validating your policies ensures that they provide the necessary protection in alignment with your security requirements.

Threat Detection

Threat detection is crucial in understanding and identifying potential security misconfigurations, threats, or unexpected behaviors. By gaining a deeper comprehension of security threats, you can prioritize the implementation of protective controls. Effective threat detection enables prompt response to threats and facilitates learning from security incidents. It is essential to establish consensus on tactical, operational, and strategic intelligence goals, as well as an overall methodology. This involves mining relevant data sources, processing and analyzing data, and disseminating and operationalizing valuable insights.

To ensure comprehensive coverage, deploy monitoring mechanisms ubiquitously throughout your environment to collect essential information. Additionally, deploy monitoring at ad hoc locations to track specific types of transactions as needed. By correlating monitoring data from multiple event sources such as network traffic, operating systems, applications, databases, and endpoint devices, you can establish a robust security posture and enhance visibility into potential threats. Consider leveraging deception technology, such as honeypots, as a strategic approach to gain insights into unauthorized user behavior patterns and enhance your overall threat detection capabilities.

Vulnerability Management

Vulnerability management involves the ongoing process of identifying, categorizing, remediating, and mitigating security vulnerabilities. It's important to note that vulnerabilities can emerge not only from changes to existing systems but also from the introduction of new systems. To safeguard against new threats, it's crucial to conduct regular vulnerability scans. By employing vulnerability scanners and endpoint agents, you can associate systems with known vulnerabilities and take appropriate measures.

Prioritizing remediation actions based on the level of vulnerability risk is essential. This allows you to allocate resources effectively and address the most critical vulnerabilities first. After applying the necessary remediation actions, it is important to report the progress to relevant stakeholders to ensure transparency and accountability.

To enhance your vulnerability management practices, consider leveraging techniques such as red teaming and penetration testing. These approaches help identify vulnerabilities in your system architecture by simulating real-world attack scenarios. However, it's important to seek prior authorization from your cloud provider when performing such activities. This ensures compliance with any necessary guidelines and regulations.

Infrastructure Protection

Infrastructure protection involves validating that the systems and services within your workload are safeguarded against unintended and unauthorized access, as well as potential vulnerabilities. By effectively protecting your infrastructure from such risks, you can significantly enhance your security posture in the cloud. One recommended approach is to implement defense in depth, which involves layering a series of defensive mechanisms to protect your data and systems.

To implement infrastructure protection measures, you can create network layers and segregate workloads with no need for internet access into private subnets. Utilizing security groups, network access control lists, and network firewalls enables you to control and regulate traffic flow. Applying the Zero Trust principle ensures that access to your systems and data is granted based on strict verification, taking into account their value and sensitivity.

Leveraging virtual private cloud (VPC) endpoints allows for private connections to cloud resources, ensuring secure communication. It is important to inspect and filter traffic at each layer of your infrastructure, such as employing web application firewalls and network firewalls. Additionally, using hardened operating system images and physically securing any on-premises and edge infrastructure in a hybrid cloud environment further strengthens your protection measures.

Data Protection

Protecting your data from unintended and unauthorized access, as well as potential vulnerabilities, is a crucial objective of your security program. To establish appropriate protection and retention controls, it is important to classify your data based on its criticality and sensitivity, such as personally identifiable information. Define data protection controls and establish lifecycle management policies to ensure the secure handling of data.

Encrypting all data at rest and in transit, and storing sensitive data in separate accounts, adds an extra layer of protection. Leveraging machine learning capabilities can aid in automatically discovering, classifying, and safeguarding sensitive data. By maintaining control over data access and usage, you can minimize the risk of data breaches and ensure compliance with regulatory requirements.

Application Security

Application security plays a crucial role in identifying and resolving security vulnerabilities throughout the software development process. By proactively detecting and addressing security flaws during the coding phase, you can significantly reduce the time, effort, and expenses associated with fixing issues later on. This proactive approach instills confidence in the security posture of your application as it moves towards production.

To protect against emerging threats, it is important to conduct regular scans and apply patches to address vulnerabilities in your code and dependencies. By automating security-related tasks across your development and operations processes and utilizing tools, you can minimize the reliance on manual intervention and streamline the security workflow.

Employing static code analysis tools helps identify and mitigate common security issues, further fortifying the overall security of your applications. By prioritizing application security and integrating it into your development lifecycle, you can establish a robust defense against potential security risks and ensure the integrity and reliability of your software systems.

Incident Response

In the realm of incident response, it is crucial to swiftly and effectively address security incidents to minimize potential harm. By responding promptly, efficiently, and consistently to such incidents, you can significantly mitigate their impact. To ensure readiness, it is important to educate your security operations and incident response teams about cloud technologies and their intended use within your organization.

Creating runbooks and establishing an incident response library can provide valuable guidance and resources for your teams. It is also essential to involve key stakeholders, allowing for a comprehensive understanding of the potential organizational impact resulting from your incident response choices.

To enhance preparedness, it is beneficial to simulate security events and conduct tabletop exercises and game days to practice your incident response procedures. Through these simulations, you can identify areas for improvement, enhance the scalability of your response posture, and reduce both the time to value and overall risk. Moreover, conducting post-incident analyses using standardized mechanisms can enable you to learn from security incidents and effectively identify and address root causes.

By prioritizing incident response and continually refining your approach, you can bolster your organization's ability to effectively handle security incidents, minimize their consequences, and foster a proactive security culture.​

​The Platform Perspective encompasses seven essential capabilities that are vital for success as shown in the figure below.
​

The Platform Perspective is a crucial framework for accelerating the delivery of cloud workloads and achieving success in your cloud initiatives. By establishing guidelines, principles, and guardrails for your cloud environment, you can create a well-architected foundation that accelerates implementation, reduces risk, and drives cloud adoption.

With the Platform Perspective as your guide, you can navigate the complexities of infrastructure and applications, harnessing the power of an enterprise-grade, scalable, and hybrid cloud environment. By embracing these capabilities, you will be well-equipped to meet the demands of today's dynamic business landscape and drive successful outcomes in your cloud initiatives.

​In Part 6, we will explore the crucial elements and best practices for securing your cloud workloads, protecting your data, and mitigating risks. From identity and access management to network security, data protection, and compliance, the Security Perspective plays a pivotal role in ensuring the confidentiality, integrity, and availability of your cloud environment.​

​Governance plays a vital role in providing control and oversight to ensure that cloud adoption aligns with strategic objectives and delivers value to the organization. Indeed, when it comes to cloud transformation, the governance perspective plays a vital role in ensuring the success of your initiatives while minimizing risks.

This perspective focuses on control and oversight, allowing you to maximize the benefits for your organization. Within the governance perspective, there are seven key capabilities that are crucial to consider, as depicted in the figure below. Common stakeholders involved in this perspective include the chief transformation officer, CIO, CTO, CFO, CDO, and CRO.
​

As organizations embark on their cloud journeys, it becomes increasingly evident that success lies not only in adopting cutting-edge technologies but also in cultivating a supportive and adaptive culture that empowers employees and aligns with digital transformation aspirations. The People Perspective encompasses seven essential capabilities that contribute to this cultural evolution, organizational structure, leadership, and workforce development.

​The People Perspective acts as a vital link between technology and business, expediting the cloud journey and enabling organizations to swiftly transition to a culture of continuous growth, learning, and embracing change as the new normal. This perspective encompasses seven key capabilities, as illustrated in the following diagram. Key stakeholders in this perspective include the CIO, COO, CTO, cloud director, and leaders across different functions and the enterprise.
​

Culture Evolution
​

• Evaluate and gradually evolve the organizational culture by integrating digital transformation aspirations and best practices for agility, autonomy, clarity, and scalability.
• To thrive in digital transformation, it is crucial to leverage existing heritage and core values while incorporating new behaviors and mindsets that attract, retain, and empower a workforce committed to continuous improvement and innovation in serving customers.
• Foster a long-term focus, customer obsession, and a bold approach to innovation.
• Establish an organization-wide approach for recognizing behaviors and goals that shape the desired culture, considering rapid experimentation, agile methodologies, and cross-functional teams to drive ownership, autonomy, quick decision-making, and minimize unnecessary approvals or bureaucracy.

​
Transformational Leadership

• Strengthen leadership capabilities and mobilize leaders to drive transformative change and facilitate outcome-focused, cross-functional decision-making.
• Successful cloud transformation requires leaders to prioritize the human side of change as much as technology.
• Gain active and visible executive sponsorship from both technology and business functions, who will play a critical role in making strategic decisions regarding vision, strategy, scope, and resource allocation.
• Executives and program-level leaders should co-develop, co-lead, and co-deliver culture change strategies.
• Ensure clear and consistent communication from every level of management to align the organization on cloud value, priorities, and new behaviors.
• Consider evolving the cloud leadership function through a transformation office and/or Cloud Center of Excellence (CCoE) to drive and evangelize transformation efforts using consistent and scalable patterns.
• Adapt this function over time to meet the changing needs of the transformation journey.

Cloud Fluency
​

• Develop digital acumen across the organization to confidently and effectively leverage cloud technologies for accelerated business outcomes.
• Building an exceptional workforce goes beyond adapting to a digital environment. The greatest challenge lies in hiring, developing, retaining, and motivating a talented, knowledgeable, proficient, and high-performing workforce.
• Given the rapid pace of technological innovation, address your overall training strategy, including timing, tooling, and technology-specific training.
• Assess existing cloud skills and create a targeted training strategy.
• Establish a skills guild to generate enthusiasm and momentum for the transformation journey.
• Emphasize data literacy to enhance talent skills and knowledge in data analytics.
• Combine various training methods such as virtual, classroom, experiential, and just-in-time training.
• Leverage immersion days and validate skills through formal certifications.
• Implement mentoring, coaching, shadowing, job rotation programs, and create communities of practice that focus on specific areas of interest.
• Reward individuals for sharing knowledge and formalize processes for knowledge elicitation, peer review, and continuous curation.

Workforce Transformation

• Enable talent and modernize roles to attract, develop, and retain a digitally fluent, high-performing, and adaptable workforce capable of driving key capabilities autonomously.
• To succeed in cloud transformation, take a proactive approach to talent enablement planning that goes beyond traditional HR functions and involves C-suite leadership.
• Modernize approaches to leadership, learning, rewards, inclusion, performance management, career mobility, and hiring.
• Strive for a diverse and inclusive workforce with a balanced mix of technical and non-technical skills.
• Identify skill gaps across the organization and develop a workforce strategy that enhances overall cloud capability.
• Leverage digital-skilled talent and individuals eager to learn and set an example.
• Strategically consider the use of partners and managed service providers to supplement and support your workforce on a temporary or permanent basis.
• Build a strong employer brand by publicly promoting your digital vision and organizational culture to attract new talent. Incorporate this brand into your recruitment strategy, social networking channels, and external marketing.

Change Acceleration

• Speed up the adoption of new ways of working by implementing a structured change acceleration framework that minimizes the impact on people, culture, roles, and organizational structure during the transition from the current to the future state.
• Cloud transformation brings about significant changes across business and technology functions. Organizations that employ a structured, integrated, and transparent change process achieve higher rates of success in realizing value and adapting to new ways of working.
• Customize and apply a change acceleration framework from the start of the project to foster organizational alignment and create a shared enterprise reality, reducing wasteful practices.
• Mobilize cross-functional cloud leadership, define success criteria early in the journey, assess the organization's readiness for cloud through impact assessments, identify key stakeholders and dependencies, and address risks and barriers to transformation.
• Develop a change acceleration strategy and roadmap that includes leadership action plans, talent engagement, communications, training, and risk mitigation strategies.
• Engage the organization and equip it with new capabilities to increase acceptance of new ways of working, foster skill development, and accelerate adoption.
• Track well-defined metrics, celebrate early wins, establish a change coalition, leverage cultural levers for momentum, and ensure changes endure through continuous feedback mechanisms, rewards, and recognition programs.

Organization Design

• Assess and evolve organization design to align with the new cloud-based ways of working as you progress through the transformation journey.
• When leveraging cloud technologies for digital transformation, ensure that your organization design supports core business strategies, the needs of your workforce, and the operating environment.
• Develop a case for change and evaluate whether the current organization design reflects the desired behaviors, roles, and culture necessary for business success.
• Assess team formations, shift patterns, reporting lines, decision-making procedures, and communication channels to ensure they align with desired outcomes.
• Design the new model and implement it using the change acceleration framework.
• Consider establishing a centralized team that can evolve over time and initially facilitate the transition to a cloud operating model aligned with your vision.
• Weigh the trade-offs between centralized, decentralized, and distributed structures, aligning the organization design to support the strategic value of cloud workloads.
• Clarify relationships between internal and external teams, including managed service providers.

Organizational Alignment
​

• Foster ongoing partnership and alignment between organizational structures, business operations, processes, talent, and culture to enable rapid enterprise adaptation to market conditions and capitalize on new opportunities.
• Organizational alignment enhances the realization of cloud value by ensuring that technology changes are embraced and effectively integrated by the business units responsible for driving business outcomes.
• Prioritize business outcomes such as operational resiliency, business agility, and product/service innovation.
• Enable talent to work autonomously, focus on key objectives, make informed decisions, and improve productivity.
• Gain leadership commitment to applying a change acceleration framework early on to integrate people capabilities such as leadership agility, workforce transformation, talent enablement, culture, and organization structure from the beginning.
• Establish measurable targets, joint goals, and mechanisms for cloud adoption.
• Create expectations for skill development at the individual role level to foster sustainable change ownership.
• Adopt a top-down approach to developing shared values, processes, systems, working styles, and skills that collectively drive business outcomes and break down functional silos.
• Align innovation efforts with customer experience.
• Recognize and reward individuals who embrace continuous adoption and innovation.

Now, let's dive deeper into the specific capabilities that comprise the Business Perspective: Strategy and Outcomes. Within this perspective, there are eight key capabilities that play a crucial role in aligning your cloud strategy with your long-term business goals. From strategy management and portfolio prioritization to innovation, product management, strategic partnerships, data monetization, business insights, and data science, each capability offers unique insights and strategies to maximize the value of your cloud investments.

By understanding and effectively implementing these capabilities, organizations can gain a competitive edge, foster innovation, and transform their operations to thrive in today's dynamic business landscape. So, join us as we explore the Business Perspective: Strategy and Outcomes, and discover how these capabilities can empower your organization to achieve its digital transformation goals and drive measurable business success. Let's dive into the first capability within the Business Perspective
 
The business perspective within the AWS Cloud Adoption Framework (AWS CAF) focuses on leveraging your cloud investments to accelerate your digital transformation ambitions and drive tangible business outcomes. This perspective comprises eight key capabilities that are essential for success. Common stakeholders include the CEO, CFO, COO, CIO, and CTO.
​

Cloud adoption frameworks, like the AWS Cloud Adoption Framework (AWS CAF), provide guidance based on best practices and industry experience to help organizations navigate their digital transformation journeys and achieve desired business outcomes using cloud technologies.

The AWS CAF serves as a comprehensive resource for organizations looking to digitally transform their operations through the innovative use of AWS. It offers a structured approach to identify and prioritize transformation opportunities, assess cloud readiness, and develop a transformation roadmap that can be iteratively refined over time.

​These decisions have the potential to impact an organization's scalability and its ability to enhance the environment in the future. To simplify this complexity, customers are actively seeking prescriptive guidance across a wide range of AWS services that can be utilized to create a solid foundational environment.

The key to establishing a successful cloud foundation on AWS lies in tailoring the guidance to the unique business needs of each organization. By adopting a capability-based approach, organizations can create an environment that enables them to efficiently deploy, operate, and govern their workloads. Furthermore, this approach allows them to enhance their capabilities and expand their environment as their requirements evolve and additional workloads are deployed to the cloud.
​
A standardized, prescriptive set of capabilities spanning different functional areas can serve as a structured approach for swiftly building or expanding an AWS Cloud environment. Organizations can adopt and implement these capabilities based on their operational and governance needs. As their business requirements mature, the capability-based approach can be utilized to ensure that their cloud environment is prepared to support their workloads and scale accordingly.

​Each capability includes stages of maturity that enable you to implement based on where you are in your cloud journey, including your governance and operational requirements. As your cloud environment grows and matures, the capabilities can be enhanced to meet your new requirements.

​When it comes to Governance, Risk Management, and Compliance (GRC), it's all about establishing a solid foundation for meeting security and compliance requirements while defining the policies that should govern your cloud environment. These capabilities play a crucial role in determining what needs to be done, defining your risk tolerance, and ensuring alignment with internal policies.

 
Within the Governance, Risk Management, and Compliance category, you'll find a range of capabilities designed to empower you in your GRC efforts:
​

• Tagging: This capability allows you to group resources by assigning metadata to them, serving various purposes such as access control, cost reporting, and automation. Tagging also offers visibility and control by grouping resources together, like microservices, applications, or workloads.
• Log Storage: Securely collecting and storing environment logs in tamper-resistant storage is vital. This capability enables you to evaluate, monitor, alert, and audit access and actions performed on your AWS resources and events.
• Forensics: In the event of a potential compromise, forensics involves analyzing log data and captured images to determine if a breach occurred and identify the root cause. This information helps drive the application of preventative measures.
• Service Onboarding: This capability enables you to review and approve AWS services for use, considering internal, compliance, and regulatory requirements. It involves risk assessment, documentation, implementation patterns, and communication regarding service consumption.
• Data De-Identification: Anonymizing sensitive data subsets during storage and processing is crucial. This capability reduces sensitivity for specific data types (e.g., national ID numbers, trade data, healthcare information) and may involve tokenization of sensitive data (e.g., credit card numbers, physical addresses, healthcare records) to minimize the need for direct access.
• Governance: This capability allows you to implement executive board policies that govern your AWS Cloud environment. It includes defining environment rules, identifying risks, and ensuring alignment with internal policies. As your cloud foundation evolves, elements of governance are integrated into all other capabilities to maintain compliance.
• Audit & Assessment: Gathering and organizing documentary evidence is essential for internal or independent assessment of your cloud environment. This capability provides information about access, changes, and helps validate that all actions align with policies and follow appropriate workflows.
• Change Management: This capability focuses on deploying planned alterations to configurable items within a defined scope, such as production and test environments. Approved changes are implemented with minimized risk, ensuring the stability of your existing IT infrastructure.

These capabilities within the Governance, Risk Management, and Compliance category offer you the necessary tools and guidance to establish a secure and compliant cloud environment. By leveraging them effectively, you can confidently navigate the complexities of GRC and safeguard your organization's interests.

​
When it comes to Operations, the goal is to enable your developers and operations teams to innovate at a rapid pace while maintaining the quality of application and infrastructure updates. The capabilities within this category empower you to effortlessly build, deploy, and operate workloads in the cloud, enhancing the developer experience and leveraging powerful tools.

Let's explore the capabilities within the Operations category that can revolutionize the way you manage your cloud environment:
​

• Rollout/Rollback: This capability involves having a well-defined strategy for rolling out application or configuration changes to your environment. It also includes the ability to roll back these changes if any issues or failures occur. Whether it's updating permissions, implementing new policies, configuring networks, or deploying new versions of applications or software development kits, this capability ensures smooth and reliable changes to your infrastructure.
• Logging & Monitoring: Gathering and aggregating security and operational data about your system and application activities is crucial. This capability allows for near-real-time analysis of data, enabling you to identify anomalies, indicators of compromise, performance issues, and configuration changes. With comprehensive logging and monitoring, you can proactively address any issues and ensure the smooth operation of your workloads.
• Metadata Sorting/Searching: The ability to search and filter resources based on applied metadata within your environment is invaluable. By leveraging this capability, you can efficiently locate and manage resources, whether they are specific accounts or resources within those accounts. It simplifies resource management and enhances visibility across your cloud environment.
• Patching: Keeping your infrastructure and workloads up to date is essential for optimal operation and security. This capability enables you to deploy sets of changes that address security vulnerabilities, apply bug fixes, and enhance the overall performance of your systems. From operating systems to applications and other relevant software systems, patching ensures that your environment remains secure and up to date.
• Developer Experience and Tools: To empower your developers, you need to provide them with the right tools and processes for building and deploying workloads seamlessly in the cloud. This capability covers everything from storing code to building workflows and facilitating the promotion of workloads from the testing phase to the production environment. By streamlining the developer experience, you can boost productivity and foster innovation within your teams.

With these Operations capabilities at your disposal, you can revolutionize how you manage your cloud environment. By enhancing the developer experience, ensuring effective rollout and rollback strategies, implementing robust logging and monitoring, simplifying resource management, and keeping your systems patched, you can drive efficiency, reliability, and innovation throughout your operations.

​
When it comes to Security, the focus is on creating a secure, high-performing, and resilient foundation for your cloud environment. The capabilities within this category allow you to design and implement robust security policies and controls at different levels of the stack, protecting your valuable resources from both external and internal vulnerabilities and threats. These capabilities ensure confidentiality, availability, integrity, and usability, while providing guidance and recommendations for effective remediation.

Let's delve into the capabilities within the Security category that empower you to establish a strong and reliable security framework for your cloud environment:
​

• Identity Management & Access Control: This capability enables your teams to efficiently build and centrally manage access to your cloud platform environment. It allows you to structure your organization, organize your accounts, and establish access based on the principle of least privilege. With effective identity management and access control, you can ensure that only authorized entities can access your resources, enhancing security and reducing the risk of unauthorized access.
• Data Isolation: Protecting your data is of utmost importance, and this capability enables you to limit access to data at rest and in transit. By implementing data isolation measures, you ensure that sensitive data is only accessible to authorized entities. Furthermore, this capability includes the ability to detect any misuse, unauthorized access, leaks, or theft of data, providing an additional layer of security for your valuable information.
• Application Security: Safeguarding your application software is crucial, and this capability focuses on protecting your applications from threats such as unauthorized access, privilege escalation, and other application-level vulnerabilities. It also involves detecting and responding to anomalous behavior in the context of application interactions with clients. By prioritizing application security, you can mitigate risks and ensure the integrity and reliability of your applications.
• Encryption and Key Management: This capability revolves around centrally managing encryption keys for different workloads and implementing encryption for data at rest and in transit. Access to keys follows the principle of least privilege, and usage is monitored to detect any anomalies. Additionally, encryption and key management provide various patterns for key rotation based on specific requirements, ensuring the ongoing security of your data.
• Secrets Management: Managing secrets, such as passwords, access keys, and API keys, is crucial for maintaining the security of your environment. This capability encompasses storage, access control, access logging, revocation, and rotation aspects of managing secrets. By effectively managing secrets, you can prevent unauthorized access and reduce the risk of credential misuse.
• Security Incident Response: In the event of a security incident, this capability enables you to respond effectively. It involves characterizing the nature of the incident and implementing appropriate changes, such as restoring operational status, identifying and remediating the root cause, and gathering evidence for potential legal actions. By having a well-defined incident response process, you can minimize the impact of security incidents and swiftly mitigate any potential risks.
• Vulnerability & Threat Management: Identifying and addressing vulnerabilities is a crucial aspect of maintaining a secure environment. This capability allows you to identify vulnerabilities that can affect the availability, performance, or security of your environment. It includes assessing the impact and scope of vulnerabilities and threats, and implementing necessary measures to address and remediate them. By effectively managing vulnerabilities and threats, you can enhance the overall security posture of your cloud environment.

By leveraging these Security capabilities, you can establish a robust security framework for your cloud environment, safeguarding your resources, and mitigating risks. From identity management and access control to data isolation, application security, encryption and key management, secrets management, incident response, and vulnerability management, these capabilities provide a comprehensive approach to protecting your cloud environment from a wide range of threats and vulnerabilities.

​When it comes to Business Continuity, resilience is key as it directly impacts the quality of service your users experience. The capabilities within this category empower you to establish a comprehensive strategy to ensure the continuity of operations during times of inefficiency or crisis. By implementing Disaster Recovery, Backups, and Support, you can proactively mitigate the impact of disruptions, minimize downtime during outages, and navigate unprecedented situations more effectively.

​When it comes to Finance, it's essential to establish and enhance your existing finance processes to be cloud-ready. By leveraging the capabilities within this area, you can effectively manage costs, ensure transparency and control, optimize spending, and meet compliance and regulatory requirements. Additionally, these capabilities enable you to efficiently manage your records and resource inventory, ensuring accurate financial management within your cloud environment.

Let's explore the capabilities within the Finance category that empower you to establish robust financial processes and optimize your cloud operations:
​

• Cloud Financial Management: This capability focuses on managing and optimizing your variable expenses associated with cloud services. With near real-time visibility and comprehensive cost and usage analysis, you gain valuable insights to support decision-making processes. From spend dashboards and optimization techniques to implementing spend limits and chargeback mechanisms, this capability enables you to proactively manage costs and detect anomalies. It also includes budgeting and forecasting features, allowing you to design a cost-optimized architecture for your workloads, select the right pricing models, and attribute costs to relevant teams. By centralizing expense information and providing targeted visibility to critical stakeholders, you can effectively track, notify, and apply cost optimization techniques across your environment and resources.
• Resource Inventory Management: This capability provides visibility and configuration management of the cloud-based resources that form an integral part of your IT-level services or workloads. By tracking resources and associated configurations in the environment, you can establish a system of record, such as a Configuration Management Database (CMDB) for IT Service Management (ITSM)-managed environments. This system of record facilitates visibility and configuration management of all software, hardware, and firmware resources within your cloud environment. With resource inventory management, you can effectively track and manage your cloud resources, ensuring accurate accounting and streamlined operations.
• Records Management: Records management is crucial for maintaining compliance and meeting internal policies and regulatory requirements. This capability enables you to define data retention policies, including the transition of data to archival storage before deletion. It encompasses various types of data, such as financial records, transactional data, audit logs, business records, and personally identifiable information (PII). By implementing effective records management practices, you can ensure proper data retention, meet compliance obligations, and maintain the integrity and security of sensitive information.

By leveraging these Finance capabilities, you can establish a cloud-ready finance framework that promotes cost transparency, control, planning, and optimization. From effectively managing variable expenses to maintaining accurate resource inventories and meeting regulatory requirements, these capabilities provide the foundation for efficient financial operations within your cloud environment. By embracing cloud financial management, resource inventory management, and records management, you can drive financial efficiency, ensure compliance, and optimize your cloud investments.

​When it comes to Infrastructure, it's crucial to design, build, and manage a secure and highly available cloud infrastructure. By leveraging the capabilities within this area, you can ensure the reliability and security of your infrastructure while accommodating the migration of applications from on-premises environments or building them natively in the cloud. Let's explore the key capabilities within the Infrastructure category that empower you to create a robust and resilient cloud infrastructure.

• Network Security: This capability focuses on designing and implementing security policies and controls across different levels of the networking stack. By leveraging network security practices, you can safeguard your resources from external and internal threats, ensuring confidentiality, availability, integrity, and usability. This capability encompasses measures such as monitoring ingress/egress and lateral data movement, detecting and blocking anomalous network traffic, and implementing preventive security measures.
• Network Connectivity: Network connectivity is essential for building a secure and highly available cloud infrastructure. This capability provides best practices and resources to design, build, and manage a network infrastructure that ensures reliable connectivity. From automating network infrastructure provisioning and configuration to facilitating expansion and scaling, network connectivity capabilities empower you to establish a robust and resilient network foundation for your cloud environment.
• Template Management: Template management enables you to streamline infrastructure deployment, management, and updates by creating and organizing reusable templates in a centralized repository. These templates encompass infrastructure configurations, schemas, golden images, and resources that can be readily deployed across your environment. With template management, you can expedite the provisioning process, ensure consistency, and easily manage updates and changes. These pre-approved templates follow established implementation patterns and leverage AWS services that have been onboarded and approved, providing teams with ready-to-use resources tailored to their specific requirements.
• Workload Isolation Boundary: This capability allows you to create and manage isolated environments to contain your newly created or migrated workloads. By implementing a workload isolation boundary, you minimize the impact and blast radius of vulnerabilities and threats. This approach simplifies compliance efforts by providing mechanisms to isolate access to resources, ensuring that workloads operate within defined boundaries while maintaining the necessary security and control measures.

By leveraging these Infrastructure capabilities, you can design, build, and manage a secure and highly available cloud infrastructure. From implementing robust network security measures to ensuring reliable network connectivity, template management, and workload isolation, these capabilities provide the foundation for a secure and scalable infrastructure. By prioritizing infrastructure security and reliability, you can create a resilient environment that supports the migration and development of applications in the cloud with confidence.

​​In the previous two articles on Cloud Migration Strategy and Best Practices, we discussed the importance of having a well-defined strategy, a clear scope, and realistic timeline for successful cloud migration projects. We also highlighted the critical role that people and technology play in the success of cloud migration projects. ​In this article, we will shift our focus to the process perspective of cloud migration in terms of preparing for a large migration and running a large migration.

To ensure a successful migration journey, it is crucial to establish core principles that provide a clear direction and obtain buy-in from stakeholders.

In this section, we will cover the following topics:
​

• Define business drivers and communicate strategy, cope, and timeline.
• Define a clear escalation path to help remove the blockers.
• Minimize unnecessary change.
• Document an end-to-end process early.
• Document standard migration patterns and artifacts.
• Establish a single source of truth for migration metadata and status.

​
Define Business Drivers and Communicate Strategy, Scope and Timeline

Defining business drivers and having a clear communication plan for the straetgy, scope and timeline are vital for large migrations to AWS. Different migration paths can be considered, such as rehosting workloads, containerizing applications, or redesigning them into serverless architecture. To determine the appropriate migration path, it is important to align with business drivers.

Involving various stakeholders, including application owners, network teams, database administrators, and executive sponsors, is crucial. Documenting business drivers and setting key performance indicators (KPIs) aligned with target outcomes helps ensure stakeholder alignment and effective decision-making.
 
Define a Clear Escalation Path to Help Remove Blockers

Large cloud migration programs involve multiple stakeholders with their own priorities, which can create challenges. To address this, a clear escalation path must be established to outline the necessary actions for removing any blockers that may arise. This streamlines decision-making processes and ensures alignment among teams. An example of resolving conflicting migration paths is setting a clear mandate following an escalation to the Chief Information Officer (CIO) and implementing a mechanism for requesting required decisions.
 
Minimize Unnecessary Change

While change is beneficial, excessive changes can introduce additional risks. When a business case for a large migration is approved, it is recommended to set a two-week rule to prevent application teams from spending excessive time rewriting their applications. This rule helps maintain consistency and enables a sustainable migration process over a multi-year period. By minimizing changes that do not align with the desired business outcomes, mechanisms can be developed to manage such changes in future projects.
 
Document an End-to-End Process Early

Comprehensive documentation of the entire migration process is essential for effective planning. This documentation should assign ownership of tasks and processes to specific stakeholders, ensuring clarity of roles and responsibilities. It also helps identify potential issues and facilitates ongoing improvements.

​Existing processes, dependencies, and integration points should be documented, and a RACI matrix can be created to assign responsibilities and accountabilities. Additionally, establishing a countdown plan, working backward from the workload migration cutover date and time, provides a structured approach.
 
Document Standard Migration Patterns and Artifacts
​
Documenting standard migration patterns and artifacts is critical for success. These resources serve as reusable references, documentation, and runbooks for future migration projects, enabling avoidance of past pitfalls and issues. Standard processes and artifacts significantly accelerate the migration process and improve consistency.

It is recommended to establish central ownership of these documents and artifacts, with a process for submitting recommended changes. Regularly sharing updates and changes with all teams promotes effective communication and ensures consistency throughout the migration project.
 
Establish a Single Source of Truth for Migration Metadata and Status
​
Creating a single source of truth for migration metadata and status is essential for effective planning. This allows all teams to align and make data-driven decisions. Initially, multiple data sources may exist, such as configuration management databases (CMDBs) or inventory lists. Data capture mechanisms, like using discovery tooling or surveying IT leaders, may be necessary. Aggregating all data sources into a single dataset simplifies tracking the migration progress, including the status of migrated servers.​

Once the business outcomes have been established and the migration strategy has been communicated to the stakeholders, it is time to plan how to divide the scope of the large migration into manageable migration events or waves. The following sections provide essential guidance for creating a wave plan.

Plan Migration Waves Ahead of Time to Ensure a Steady Flow

Thorough planning is crucial for the success of the migration program. Planning migration waves in advance allows the project to progress smoothly and enables the team to be proactive in addressing migration requirements. It facilitates scalability, enhances decision-making, and improves forecasting as project demands become more complex. Additionally, planning ahead enhances the team's adaptability to changes. For instance, a financial services customer working on a data center exit program initially faced delays due to sequential wave planning. When stakeholders were informed about their applications' migration to AWS, they still had several tasks to complete before starting the migration, causing significant program delays. To address this, the customer implemented a holistic approach where migration waves were planned months in advance. This provided ample time for application teams to complete pre-migration activities and eliminated unnecessary delays.

Keep Wave Implementation and Wave Planning Separate

Separating the teams responsible for wave planning and wave implementation allows both processes to work concurrently. With effective communication and coordination, this approach avoids slowdowns in the migration caused by insufficiently prepared servers or applications. It is crucial to involve the migration implementation team during wave planning to ensure complete and accurate data collection. Additionally, creating a buffer between wave preparation and implementation is essential. Collaboration between the wave planning team and the migration team is necessary to gather the right data and minimize the need for rework.

Start Small for Great Outcomes

Starting with a small-scale initial wave and gradually increasing migration velocity in subsequent waves leads to favorable outcomes. The first wave should involve a single, small application with fewer than 10 servers. As the migration progresses, additional applications and servers can be included in subsequent waves, gradually building up to the target migration velocity.

Prioritizing less complex or risky applications and incrementally ramping up the migration velocity allows the team to adjust to working together and learn from the process. With each wave, the team can identify and implement process improvements, significantly enhancing the velocity of later waves. For example, a customer migrating over 1,300 servers in a year began with a pilot migration and a few smaller waves.

This approach allowed the team to identify opportunities for improvement, optimize network segments, collaborate with the firewall team to prevent delays, and develop automation scripts for discovery and cutover processes. Starting small enabled the team to focus on process enhancements and increased overall confidence.

Minimize the Number of Cutover Windows

Maintaining discipline in managing scale is crucial for successful mass migrations. Limiting the number of weekly cutover windows ensures that the time spent on cutover activities is maximized. By reducing flexibility in this area, unnecessary delays and operational burdens associated with scheduling are minimized. For instance, instead of having multiple small cutovers, consolidating servers into fewer, larger cutovers optimizes operational efficiency and reduces potential delays.

A large technology company experienced delays early in their migration project due to application teams having the flexibility to dictate migration schedules until the last minute. This resulted in constant negotiation and stress for the migration team. To address this, the company improved their planning discipline and reduced the number of cutover windows, avoiding delays in meeting data center contract expiration dates.

Fail Fast, Apply Experience, and Iterate

It is common for initial migration waves to encounter challenges and setbacks. Failing early in the process allows the team to learn, identify bottlenecks, and apply lessons learned to subsequent waves. During the initial stages of a migration, the team needs time to adjust, integrate various tools and people, and continuously improve the end-to-end process. Understanding and communicating that initial issues are expected is crucial, as some teams may be reluctant to embrace new approaches and failure.

Ensuring everyone understands that these challenges are part of the journey encourages the team to learn, adapt, and ultimately achieve a successful migration. For instance, a company planning to migrate over 10,000 servers in 24-36 months began with learning waves to understand the processes and permissions involved. Through iterative improvements, such as integrating with CMDB and CyberArk, the team increased their migration velocity to over 120 servers per week within six months.

Don't Forget the Retrospective

Conducting retrospectives is an essential part of an agile process. These sessions allow the team to reflect, discuss, learn, and make necessary adjustments before moving forward. Retrospectives provide a structured approach to capturing lessons learned, which can then be used to drive improvements. For large migrations to succeed, constant evolution and improvement of processes, tools, and teams are vital. Retrospectives play a significant role in this continuous improvement cycle.

Instead of waiting until the end of the program, lessons learned from previous waves should be applied to the planning of subsequent waves. Regular retrospectives provide opportunities to identify areas for streamlining, process improvements, and automation. By implementing a countdown schedule and automating manual tasks, one customer significantly minimized delays and optimized their cutover process.

Another large tech company held regular retrospectives that led to improvements in processes, scripts, and automation, resulting in a 40% reduction in average migration time over the course of the program.

Large migrations present different challenges when compared to smaller migrations. This is mostly due to the complexities introduced by the scale. Running a large migration requires meticulous planning and execution as well as effective coordination, and a focus on continuous improvement. By following the guidance provided in this three-part series, organizations can navigate the complexities of large-scale migrations and achieve successful outcomes.​