Cloud migration in practice: a guide for CIOs and IT directors

paraglider, blue background, cloud

In this article, I will talk about the challenges our customers faced when moving to the cloud. I will also give you a guide on how to avoid those annoying pitfalls that can greatly increase the cost of your migration project.

A few words about me: I'm a CTO and co-founder of a software development company. My two-decade-long journey in software engineering and solution architecture has spanned across various sectors - think Logistics, Media, AgTech, Finance etc.. And it's not just all corporate - I also have a pretty strong academic streak. I have a PhD in Mathematics and I am keeping myself busy by teaching computer science at the state university. In addition, I have my own team for serious research and development.

This article is for

I see this article as a guide for CIOs and IT Directors. There will be no general words about the benefits of migration and global statistics. My goal is to share my consulting experience and talk about how to sell the project to an internal client and achieve your business goals.

I will also outline the most important stages of migration in my opinion, the necessary technology stack and the required team composition.

  • The most common challenges directors face
  • How to present the project to the executives and agree on the budget
  • How to plan and implement migration without losses
  • Essential steps of the planning stage
  • Required technology stack for cloud migration
  • Structure of the team
  • How to partner an internal IT team with a contractor
  • Estimating the timeline of the cloud migration project
  • Final thoughts

The most common challenges directors face

I would like to point out 6 in my opinion main challenges you may encounter when preparing cloud migration.


Identifying what needs to be moved to the cloud, in what order, and how to do it efficiently can be challenging. You must consider the business's current and future needs, including capacity planning, performance, and scalability. Making a detailed plan can help, I will provide an example of such a plan in the next section.

Budget planning.

Depending on the size of the company, cloud migrations can be expensive, and costs can be easily exceeded if not managed carefully. As a CIO/IT Director you have to strike a balance between optimizing costs and ensuring a successful migration.

Prepare a clear timeline and adequate budget that accounts for unexpected challenges or delays. Engage advisors, mistakes at this stage will lead to even more expenses in the future.
Security and compliance.

Ensuring that data is secure during the migration and remains secure once in the cloud is a top priority. It is important to get your legal department involved at this stage to ensure that the company remains compliant with all relevant data privacy laws and industry regulations.


Minimizing downtime during the migration is crucial, especially for businesses where system availability directly impacts revenue or customer service.

Technical complexity.

Migrating existing solutions to the cloud can be technically complex, particularly if the solutions were not originally designed to run in a cloud environment. Depending on your migration strategy, you might need specific tools or technologies.

Skill gap.

The company may not have all the necessary skills in-house for a cloud migration. Hiring or training staff, or working with external consultants, can be necessary. As a consequence, project costs may increase.

How to present the project to the executives and agree on the budget

Based on my experience of working with SMBs, the CIO or IT Director often leads the cloud migration initiative. They develop the overall migration strategy, manage risks, and ensure that the migration aligns with the company's IT and business strategy. They also communicate with the executive management about the project's progress and challenges.

As part of our consulting services, I've seen a lot of resistance to cloud adoption from executive management. Communicating the strategic importance of this adoption can be a challenge.

Here are the main points to help you argue the migration:

Potential for significant cost savings.

Instead of incurring the large upfront costs of purchasing and maintaining hardware, you pay only for the resources you use. Cloud can provide savings on data center space and IT staffing.

Additional scalability and flexibility.

Cloud services can scale to meet demand, ensuring you always have the resources you need without overprovisioning.

Speed to market.

By leveraging the cloud, businesses can deploy and scale applications faster, which can accelerate time to market for new products or services.

Free up resources for core business.

By reducing the need for your IT team to spend time on infrastructure management, they can focus more on tasks that add direct value to the business.

I recommend providing only data that is relevant to your organization and its challenges. Generic phrases work poorly, and don't sway decision makers to your side.

Consider the interests and concerns of each person. Different executives may care more about different benefits – for example, the CFO may be most interested in potential cost savings, while the CEO may care more about strategic benefits like speed and scalability.

How to plan and implement migration without losses

If we combine all the necessary actions to realize a smooth and successful migration, I would suggest breaking down the whole process into 4 main steps.

Assessment and analysis

  • Identify and catalog all existing applications, workloads, data, and infrastructure that will be migrated to the cloud.
  • Analyze each application or workload to determine its suitability for the cloud. Understand its dependencies, performance needs, and security requirements.
  • Clearly identify business objectives and what does your organization hope to achieve with cloud migration. From my experience it is most often cost reduction and better scalability, but goals can be unique to each organization.
  • Identify potential risks associated with the migration process, such as downtime, data loss, or security breaches. Plan a strategy for each identified risk.
You may need to migrate data from one Auth provider to another. In case the provider does not take care of this, I recommend using the "Lazy Migration" strategy. With this approach, users initiate an automatic migration of their data when they log in to their account, and a label is added to the old database that the user has migrated. This continues for some time, usually 2-3 months, after which the unlabeled records are exported and migrated using the export-convert-import scheme.


  • Define the migration strategy for each application or workload if required. I will talk about each of the strategies in the next section, as I believe this is the most important step in the planning process.
  • Depending on the business needs and type of applications, choose the appropriate cloud model: Public, Private, or Hybrid. The hybrid model is the one most often chosen by customers, because it avoids problems associated with the use of only a public cloud.
  • Evaluate different cloud providers (like AWS, Azure, GCP) based on their services, costs, security measures, and support options and choose the most suitable for you.
  • In case of migration failure, define a rollback strategy to revert back to the original state.
  • Determine how data will be moved to the cloud without impacting business operations.
We use several methods, for example, if the transition takes less than 12 hours, and the amount of data is small, you should make a backup and deploy it to the cloud. If deployment takes more time, we do a step-by-step synchronization. First we take a backup of the old database, and deploy it in a new environment, and then we take only the latest changes to the database and add them.


  • My advice is to always сarry out a test migration with non-critical workloads to understand potential challenges and to give your team practice before migrating critical workloads.
  • Manage risks and never start a migration without creating a backup of all critical data and applications.
  • Monitor the migration process using automatic and manual checks to validate successful migration.
Migration should be smooth with the lowest business disruptions. Here you can find an example of migrating a non-serverless workload to serverless for a large system with a volume of data more than 3.5 million objects.

Post-migration actions

  • Once the migration is complete, test all migrated applications and data to ensure they're working properly in the new environment.
  • Provide necessary training to employees so they can effectively use the new cloud-based systems.
  • Continually monitor the new environment for performance, cost, and security. Designate people responsible for this process.
The most common problem leading to security threats is the use of vulnerable versions of applications, e.g. Docker. It is also important to make sure that no sensitive data is publicly available. The data may remain in the repository, container image or frontend.

Essential steps of the planning stage

I would like to elaborate on the planning stage as the most important for a successful migration. Mistakes at this stage lead to changes in project cost and budget overruns. This can lead to a complete stoppage of the project and as a consequence claims to you as a director. I emphasize the following planning stages:

Choose a deployment model

Your decision between a public, private, or hybrid deployment model will depend on the nature of your business, specific workload requirements, budget, compliance, and security needs. Each deployment model is defined according to where the infrastructure for the environment is located.

For example, for companies dealing with sensitive data we advise a private or hybrid model to tighten up data control. At the same time, the best choice for you may be a public model to ensure cost-effectiveness.

Evaluate and choose a cloud service provider on these criteria:

  • The range of their services and how well these align with your business needs.
  • Pricing model and how well it fits with your budget especially in the long term, taking into account future development and scaling.
  • Security measures and how well they meet your compliance requirements.
  • Reliability, including uptime guarantees and disaster recovery capabilities.

Chose a migration strategy

Rehosting (lift-and-shift).

Moving applications to the cloud without any modifications. This is the quickest migration strategy.


Migration with minor changes of the application to optimize it and run efficiently, reduce costs, or leverage the power of the cloud.


Rewriting the existing application, or a large chunk of the code base to take full advantage of cloud-native features. This requires more effort but can offer greater efficiency and agility.


Decommissioning applications that aren't needed.


Keeping certain applications in your existing environment if they're unsuitable for cloud migration or if the migration isn't cost-effective.

The selection of a migration strategy is closely tied to the assessment and analysis phase described above. The decision should be made only after identifying and cataloging all existing applications, workloads, data and infrastructure.

Define a rollback strategy that involves:

  • Keeping the original system operational until the new system is fully validated.
  • Regular data backups during the migration so that it can be restored to the original system if necessary.
  • Having a plan to redirect users back to the original system in case of problems.

All these steps require a strong understanding of your business's needs, the nature of your existing applications and workloads, and the opportunities and challenges of cloud migration. It's essential to involve key stakeholders from across the organization in the planning process.

Required technology stack for cloud migration

The technical stack of a project can be very scope dependent. I will provide the main categories of tools and some examples of technologies that we use most often in our migration projects.

Cloud service provider tools.

AWS Migration Hub, AWS Server Migration Service (SMS), AWS Database Migration Service (DMS). Azure Migrate, Azure Site Recovery, and Azure Database Migration Service..

Infrastructure as сode (IaC) tools.

IaC tools allow the management and provision of cloud infrastructure using code, making the process more repeatable and less prone to human error. We prefer to use AWS CloudFormation and Terraform, but the Google Cloud Deployment Manager is very good, too.

Configuration management tools.

These tools help manage and control the configurations of the systems in a cloud environment. Examples include Ansible, Puppet, Chef, and SaltStack.

Containerization tools.

We use tools like Docker for creating containers and Kubernetes for orchestrating them in a cloud environment.

CI/CD Tools.

Such tools can help automate the testing and deployment of your applications in the cloud. Examples include Jenkins, CircleCI, AWS CodePipeline, Azure DevOps, and Google Cloud Build.

Monitoring and logging tools.

These tools help monitor cloud environments and troubleshoot any issues. Examples include AWS CloudWatch, Google Stackdriver, Datadog, Splunk, and Elastic Stack (Elasticsearch, Logstash, Kibana).

Security tools.

Special tools to manage the security of the cloud environment, including identity and access management (IAM), firewall, and encryption tools. Examples include AWS IAM, AWS Security Hub, Azure Security Center, Google Cloud Security Command Center, and third-party tools like Palo Alto Networks and Tenable.

Networking tools.

These help manage the network aspects of your cloud migration, such as load balancing and DNS. Examples include AWS Route 53, Azure DNS, Google Cloud DNS, and F5 BIG-IP.

Performance testing tools.

These are used to test the performance of your applications in the cloud. Examples include Apache JMeter, Gatling, and LoadRunner.

Backup and recovery tools.

These tools we use for backing up data and recovering it in case of any issues during the migration. Examples include AWS Backup, Azure Backup, Google Cloud's operations suite (formerly Stackdriver), and Druva.

The specific tools you need will depend on your selected cloud migration plan and the needs of your organization. Knowledge of programming/scripting languages like Python, JavaScript, and command line interfaces (CLI) like AWS CLI, Azure CLI, or Google Cloud SDK, will be very helpful.

Structure of the team

A successful cloud migration requires a team with appropriate skills. The exact composition of the team may vary based on the size and nature of your organization, the chosen migration strategy, and whether you're working with an outsourcing partner. Here's a minimal team structure for a cloud migration project in my experience:

  • Project manager who oversees the migration project, managing the schedule, budget, and resources, and ensuring that the project meets its objectives. They need strong organizational, communication, and leadership skills, as well as some technical understanding.
  • Cloud architect who designs the cloud infrastructure that you'll be migrating to. They need deep knowledge of cloud technologies and the specific cloud platform you'll be using, as well as an understanding of your business needs.
  • Migration specialist or cloud engineer who is responsible for actually carrying out the migration. They need to understand the technical details of the systems being migrated and the tools and techniques for migrating them.
  • Security specialist who ensures that the migrated systems are secure and compliant with any relevant regulations.
Compliance requirements vary by data type, industry, and migration destination. Healthcare organizations must follow HIPAA, while financial institutions must meet PCI DSS standards. Sensitive data, like encryption, may require additional security measures.
  • DevOps engineer who helps automate the migration process and the post-migration deployment and management of applications. They need skills in automation tools and CI/CD practices, and in managing applications in a cloud environment.
  • Quality Assurance (QA) analyst who can test migrated applications to ensure they function correctly in the new environment. They need to understand the specifics of testing in a cloud environment.

I'd like to highlight two more roles that are not part of the standard team composition, but should be assigned depending on the type of project:

  • If you're migrating databases to the cloud, a Database Administrator (DBA) with experience in cloud-based databases will be crucial. They will handle the migration of data and ensure the performance and availability of the databases in the cloud.
  • You need a network engineer who ensures that your network infrastructure supports the migrated applications and that connectivity is maintained throughout the migration. This is especially important for hybrid cloud migrations, where you'll be maintaining a connection between your on-premises infrastructure and the cloud.

Keep in mind that depending on the composition of your current team and its competencies, sometimes bringing in a partner to do the migration may be a better solution. A successful migration requires not just technical skills, but also soft skills like communication, problem-solving, and adaptability. However, if you make that decision, you may face misunderstanding and sabotage of the project by internal specialists. The next section is about how you can avoid this.

How to partner an internal IT team with a contractor

In my experience, about every third case, the customer faces opposition from their internal team to hiring a contractor. I work a lot with affiliate teams, and I can understand the reasons for such resistance. If you as a director are interested in involving a third party, it is important to prepare your existing IT team as well.

Here are a few ways to handle this situation:

Explain the reasons.

Explain why you're considering outsourcing the cloud migration. Talk about the need for specific expertise, the desire to complete the migration more quickly, or to allow them to focus on core business tasks.

Reassure job security.

One of the main fears in my view is job security. Assure your team that outsourcing doesn't mean their jobs are at risk. Argue that there is a lack of expertise, cost and timing. Many people will be unwilling to take on this responsibility once they realize the challenge.

Temporary partnership.

Emphasize that the outsourced company is a partner, not a replacement. There will be plenty of work post-migration such as managing and optimizing the new cloud environment. Their involvement in the process is crucial.

Involve them in the selection process.

If possible, involve your internal IT team in selecting the outsourcing partner. This can give them confidence in the decision and make them feel more invested in the project's success.

Your goal on this stage is to maintain a positive working environment and help ensure the success of the migration.

Estimating the timeline of the cloud migration project

The timeline for a cloud migration project can vary significantly based on the size and complexity of the migration, the readiness of the organization for cloud migration, and the resources available for the project.

For small businesses with simple infrastructure, the migration could potentially be completed in a few weeks or months. Medium-sized businesses may require several months to a year, while large enterprises with complex infrastructure and applications might require years to fully complete the migration.

Here's a general estimate based on the size of the organization:

  • Small businesses: 1-3 months
  • Mid-sized businesses: 3-12 months
  • Large businesses or enterprises: 1-3 years

Keep in mind that these are very rough estimates. The actual timeline will depend on numerous specific factors, including the number and complexity of applications being migrated, the amount of data to be transferred, the specific cloud architecture being implemented, the need for any refactoring or replatforming of applications, the organization's experience with cloud migrations, and so on.

It's important to note that cloud migration is often not a one-time event but a phased process. I always recommend our customers to start by moving less critical systems or a single business unit to the cloud, learn from that experience, and then gradually migrate other systems over time. This can make the migration process more manageable and reduce risk that is crucial for most managers.

Final thoughts

As you can see the migration process can be quite complex. Proper resource planning and assessment are crucial. If you do not have experience in migration, I would advise you to engage consultants at these early stages to avoid problems in the future.

Andrew Pankov
Twelvedevs co-founder and CTO. Practicing professor with PhD in mathematics and leader of an in-house R&D unit