How to Handle Migration Resistant Applications (part 3) Organizational & Regulatory Complexity

In part 1 of this series, I introduced the idea of Migration Resistant applications.


Migration Resistant applications are legacy applications currently hosted on dedicated in-house or private data center servers that have one or more attributes that make them difficult to migrate to the cloud. These are the applications that are always dropping to the bottom of the list when prioritizing applications to be moved to the cloud.


In part 2 I took a deeper dive to explore the five technical characteristics that make applications migration resistant and lead to an accumulation of technical debt over time.


In this post I’ll look at three business characteristics that contribute to making an application more migration resistant.


Internal Accounting Complexity -

Because your applications serve numerous business functions and departments, any chargeback policy for those applications makes them migration resistant. They likely required significant negotiation and complex cost accounting schemes to implement. Any changes to the application’s functionality and/or business processes, including moving the application to the cloud, put those budgetary negotiations back in play while also changing the underlying cost structure.


Nevertheless, migrating an application to the cloud can provide increased granularity of usage statistics enabling a higher level of cost accounting transparency, significantly easing chargeback complexity.


If accounting complexity is a primary barrier to moving an application to the cloud in your organization, I suggest taking these three steps:


  • Educate your CFO and others in your organization on the abilities of your cloud provider to granularly measure and assign costs to specific users.
  • Run a financial simulation of the affected departmental and business costs and how they might change after the migration to the cloud.
  • Create a “chargeback cushion fund” as part of your migration budget to cover unexpected departmental charges under the new accounting model. This provides a bridge to the next budget planning cycle and can reduce a lot of negative pushback when the inevitable surprise appears.


Critical for Regulatory Compliance -

When an application processes and stores data that is highly regulated and critical from a risk management perspective, you likely have a migration resistant application.


Early in the cloud era, regulatory compliance requirements such as HIPAA or HITRUST in health care, SOX, GLB and KYC in financial or PCI-DSS in retail were often insurmountable barriers to moving key legacy applications to the cloud. Today major cloud providers have regulatory experience, standard operating processes and security safeguards that enable compliance constrained applications to be successfully hosted on cloud infrastructures. In fact, major cloud providers are now striking deals to host classified data from various government agencies.


If your application is critical for regulatory compliance, here are four suggestions for evaluating the migration readiness of your compliance constrained application:.


  • Tap into the expertise of executives from organizations facing the same regulatory requirements that have already migrated their legacy applications to the cloud. Trade/industry and professional associations can help facilitate introductions and may also be a resource to identify the regulatory pitfalls in migration for your industry.
  • Discuss your specific regulatory compliance issues with major cloud providers to understand their capabilities and what they’ve learned from other customers. Dig into their procedures, auditing capabilities, incident reporting, and more.
  • Engage relevant internal stakeholders in the planning and RFQ process. Risk management, compliance officers, legal department, finance, operations and information technology will each have their own sets of concerns and questions to be addressed before a contract with a cloud service provider is signed.
  • Make sure the business case still stands up with all compliance associated costs included. The cloud is a more modern technology with many advantages, but when and how you migrate must still make good business sense.


Business Critical -

Applications that are absolutely integral to delivering a core capability/function of your organization, are nearly, by definition, migration resistant.


If the thought of a particular application going through a major outage makes you break out in a cold sweat, it’s business critical. When these types of applications fail, production stops, stores cannot receive money, and/or nothing gets shipped out the back door. Because they are so critical to the organization’s ability to function these applications are often on the bottom of the list to migrate to the cloud.


Four suggestions for migrating these business critical applications:


  • Start early. Make sure that you have enough time on your current server lease and data center space, if co-located, that you can do the migration and run parallel systems until the cloud-hosted version is validated and reliable. This also enables roll-back if something goes seriously wrong.
  • Be methodical. This is not a time to imitate startups with a “fail fast” mentality. Take your time and do it right. Document your process and your learnings.
  • Get key stakeholders on board. Take time to educate and evangelize them about the benefits of migrating to the cloud. Listen closely to stakeholders and make sure you get substantive answers to address their questions and concerns.
  • Don’t skimp on technical talent. Given the criticality of these systems this migration needs your best technical personnel. It’s also a good time to supplement your internal staff with external experts in cloud migration.


Technical Executives Beware


It is tempting for CIOs, CTOs and VPs of infrastructure who rose to leadership through technical competence to think of cloud migration as primarily a technical challenge. For applications like the ones I have explored in this series of posts the biggest challenges are organizational not technical.


Be wary of relying too much on your team’s technical prowess. Rather, pay attention to risk, regulation, compliance and non-technical stakeholders with their concerns. Get the accounting right. Then you and your team can be the hero for getting the organization migrated to a more flexible and scalable infrastructure that’s fit for the future.

Tim Michalski

Written by Tim Michalski

Tim Michalski is the founder & CEO of Lighthouse Software, a legacy software support and modernization firm that specializes in the delicate transition from older, reliable software systems to newer, modern technologies.

For nearly 30 years since that day, Tim has passionately devoted most of his conscious hours towards becoming an expert software engineer and experienced entrepreneur. In that time, Tim built Lighthouse Software from the ground-up and championed the cause of restoring existing technology investments with iterative modernization over time to lower risks and gain a competitive advantage for his clients. Clients include numerous Fortune 500 companies to small technology firms in banking, healthcare, and government.