Case Study: Cloud Migration
Scenario
Organization: A national healthcare provider (1,200 IT staff) operating 200+ applications across three on-premises data centres nearing end of life. Average infrastructure age: 8 years. Annual data centre operating cost: $12M.
Initiative: Migrate 80% of workloads to a public cloud platform within 24 months. Retain 20% on-premises for systems with strict data residency requirements (patient records subject to national health data regulations).
Complexity context: This is a complex initiative. No healthcare cloud migration follows a predictable path: application dependencies are poorly documented, regulatory interpretations vary, and staff have limited cloud experience.
PESTLE analysis (pre-migration)
| Factor | Finding | Impact on Migration |
|---|---|---|
| Political | Government promoting cloud adoption in healthcare ("Cloud First" policy) | Supportive: political tailwind for the initiative |
| Economic | Data centre lease renewal in 18 months at 25% higher cost | Accelerator: financial pressure to migrate before lease renewal |
| Social | IT staff anxious about cloud skills gap; potential resistance | Risk: change management essential; training must precede migration |
| Technological | Several legacy applications have no cloud-equivalent; some run on unsupported OS | Blocker for some workloads: "lift and shift" is not possible for all |
| Legal | Patient data must remain within national borders; consent requirements for data processing | Constraint: must use cloud regions within the country; some data cannot move to cloud |
| Environmental | Sustainability targets: reduce carbon footprint by 30% within 3 years | Supportive: cloud providers report lower carbon per workload than aging data centres |
Four Dimensions impact
| Dimension | Migration Impact |
|---|---|
| Organizations and People | 40% of IT staff need cloud skills training; new roles needed (cloud architect, SRE); some roles become redundant (hardware engineers) |
| Information and Technology | Application portfolio assessment needed; data classification for cloud eligibility; new monitoring and security tools |
| Partners and Suppliers | New cloud vendor relationship; existing SI contracts must be renegotiated; data centre lease termination |
| Value Streams and Processes | Deployment processes move from manual to IaC; incident management extends to cloud-native monitoring; change enablement must accommodate faster deployment cycles |
Migration approach: the 6 Rs
| Strategy | Description | Count | Example |
|---|---|---|---|
| Rehost | Move as-is to cloud VMs | 80 apps | Email servers, file shares |
| Replatform | Minor changes to use managed services | 45 apps | Database migration to managed DB |
| Refactor | Rearchitect for cloud-native | 20 apps | Core patient portal → microservices |
| Repurchase | Replace with SaaS | 30 apps | Legacy HR system → cloud HR SaaS |
| Retain | Keep on-premises | 15 apps | Systems with strict data residency |
| Retire | Decommission | 10 apps | Unused applications |
ITIL practices applied
Service Configuration Management
Before migration, the team discovered their CMDB was 40% inaccurate. Application dependencies were undocumented.
| Action | Result |
|---|---|
| Automated discovery scan across all data centres | Identified 200+ applications (30 more than expected) |
| Dependency mapping using network traffic analysis | Discovered 150 undocumented dependencies |
| CMDB cleanup and validation | Accuracy improved from 60% to 92% |
Critical lesson: "Migrating without accurate configuration data creates cascading failures." The team spent 6 weeks on CMDB accuracy before migrating any workloads.
Risk Management
| Risk | Likelihood | Impact | Mitigation |
|---|---|---|---|
| Application fails after migration | High | Medium | Pilot each migration wave; maintain rollback capability for 30 days |
| Data breach during transfer | Low | Critical | End-to-end encryption; dedicated network link; audit logging |
| Cloud vendor outage | Medium | High | Multi-AZ deployment; DR in second cloud region |
| Skills gap delays migration | High | High | Training program begins 3 months before migration starts |
| Cost overrun | Medium | Medium | FinOps practices: real-time cost monitoring; reserved instances for predictable workloads |
| Regulatory non-compliance | Low | Critical | Legal review of each workload category; data residency validation |
Change Enablement
The migration used a wave-based approach with governance adapting per wave:
| Wave | Workloads | Risk Level | Change Governance |
|---|---|---|---|
| 1 (Pilot) | 10 non-critical apps | Low | Full CAB review; detailed documentation |
| 2 | 40 standard apps (rehost) | Low-Medium | Lightweight review; automated deployment |
| 3 | 45 apps (replatform) | Medium | Normal change process; technical review |
| 4 | 30 apps (repurchase) | Medium | Vendor management + change process |
| 5 | 20 apps (refactor) | High | Architecture review + CAB; phased rollout |
| 6 | Cleanup: retire + retain decisions | Low | Standard process |
Results (24 months)
| Metric | Before | After |
|---|---|---|
| Annual infrastructure cost | $12M | $7.2M (40% reduction) |
| Data centre footprint | 3 facilities | 1 facility (retained workloads) |
| Deployment speed | 2-4 weeks (manual) | Hours (IaC automated) |
| Application availability | 99.5% | 99.9% |
| Carbon footprint (IT) | Baseline | 35% reduction |
| Staff cloud-certified | 5% | 65% |
Lessons learned
| Lesson | ITIL v5 Connection |
|---|---|
| CMDB accuracy is a prerequisite, not an afterthought | Service Configuration Management |
| Training must precede migration, not follow it | Organizations and People dimension |
| FinOps is essential: cloud costs can exceed on-premises without active management | Service Financial Management |
| Regulatory review per workload category is essential (not per individual application) | Risk Management, PESTLE (Legal) |
| Wave-based migration with governance adaptation works better than "big bang" | Guiding principle: "Progress iteratively with feedback" |
Discussion questions
-
The team discovered 30 more applications than expected during discovery. What does this say about the maturity of their Service Configuration Management practice?
-
Using the 6C Model, which AI capabilities could have assisted with application dependency mapping?
-
The Legal factor in PESTLE drove the decision to retain 15 applications on-premises. How should the organization monitor for regulatory changes that might eventually allow cloud migration of these workloads?
-
Cloud migration changed the skill requirements for 40% of IT staff. Using the value co-creation model, how should the organization engage IT staff (as "consumers" of the change) in the training design?
Related pages
- Strategic Analysis (PESTLE) (external factor analysis)
- Platform Engineering (cloud platform management)
- Implementation Roadmap (phased approach)
- Measuring Success (KPIs and metrics)