Lift and Shift is a migration strategy that involves “lifting” your existing IT infrastructure, business processes, and data and “shifting” them to a cloud-based platform or private cloud with minimal changes to application architecture, workflows, or authentication mechanisms. Sometimes called “rehosting,” lifting and shifting is commonly used to migrate legacy on-premises identity solutions —such as Identity Governance & Administration (IGA) or Privileged Access Management (PAM) — to cloud-based platforms.
The “lift and shift” migration strategy is misguided and not recommended for identity management solutions, as it attempts to take the same business processes or integration patterns used in legacy systems and apply them to cloud-based identity solutions. An additional step is needed to “refine,” or “refactor” use cases and business processes, optimizing outdated and potentially unnecessary processes based on the newfound functionality within the cloud platform. Pursuing a “lift and shift” migration strategy is frequently a costly mistake.
Cloud-based platforms can typically achieve the same outcomes as their legacy predecessors while adding superior functionality. On-premises, legacy systems are inherently limited. The simplicity of lifting and shifting ensures that bad habits and outdated strategies get perpetuated. In other words, putting a square peg in a round hole doesn’t work.
By including a qualifying step to “refine” your business processes before making the “shift,” you negate the pitfalls of lifting and shifting. Sometimes referred to as “refactoring,” the step to “refine” your business processes specifically with the cloud in mind allows for a renovation of your systems that helps you to take full advantage of the new technology.
Companies can take advantage of newfound capabilities by “refining” business processes during a migration to a cloud-based platform. For example, let’s look at how cloud-based IGA can transform business.
Modern IGA solutions – those that are cloud-built with adaptable & frictionless design – deliver agility in various ways. Modular and customizable, they depart from traditional static, monolithic structures. Cloud-native solutions support business changes – from managing cloud identities to securing SaaS applications.
Many identity platforms promise lower risk profiles, improved decision making, reduced compliance violations, and hardened security postures built around Zero Trust. But most don’t deliver. Platforms built with intelligent design, including AI/ML and robust analytics, will help future-proof your business.
Companies should consider total-cost-of-ownership (TCO) factors. Legacy IGA solutions stick enterprises with hardware purchasing, ongoing maintenance expenses, and complex — potentially impossible — upgrades. The standard data center paradigm is a constant loop of replacing old systems and supporting backup hardware to swap out when old systems fail. The cloud paradigm eliminates the upgrade cycle trap.
Companies often underestimate the impact of these efforts and costs relative to cloud alternatives, shares Saviynt’s Sr. Director, Product and Partner Success, Harvi Nagpal. “On top of the costs for underlying servers and hardware, there are teams dedicated to maintaining the infrastructure and expensive contracts with third-party service providers to support maintenance packages.”
ComputerWeekly suggests assessing whether the platform can meet the regulatory requirements for consent management, access requests and approval, periodic access review, and the management and enforcement of SoD rules.
Focus on the original premise of improvement too, knowing that your IGA platform is the primary means for enforcing critical governance and compliance policies. “Whether you’re a healthcare company under HIPAA or a financial services company under SOX or PCI DSS mandates, you need to know the controls, metrics, and capabilities a modern IGA platform enables,” shares Nagpal.
These factors create complexity and reduce long-term value. Nagpal suggests C-level leaders ask themselves, “Do I invest in a platform that will take months to implement, or are there solutions available that let me focus on workflow migration versus installation?”
In its recent Total Economic Impact report, Forrester notes how many companies contend with onerous identity and access governance responsibilities using a “combination of on-premises, homegrown tools that require internal coding, regular maintenance and upgrading, and significant management time.”
During platform evaluation, look for differentiators like “comprehensive access governance offerings, granular integrations, intelligent user access review capabilities,” low-code/no-code environments, and a unified control framework to monitor and control applications. According to Forrester, the benefits of cloud-based IGA platforms include:
Migration, implementation, and deployment issues can overwhelm even experienced implementation teams. To improve modernization outcomes, transition around three guiding principles:
Don’t anticipate a single, major cut over. Instead, focus on a “coexistence” period between the modern IGA solution and your legacy platform. Don’t turn this into a passive wait-and-see period though. Instead, we recommend organizations transition to modern user experience, analytics, and machine learning capabilities to “front end audit” data in your existing legacy platform. By moving these capabilities first, companies may gain insights into their audit posture using existing data. This should feel like using the new platform as a facade on your old solution. This delivers immediate value by surfacing previously unknown audit issues. This qualifies business outcomes and remediation areas for the next migration phase.
Review existing processes, and validate or refine them before adopting them in the new IGA platform. Often, companies mistake applying a “like-for-like” lift and shift strategy–unwittingly introducing bad habits or manual steps into new workflows. For example, every company has those time-sucking ten-step access request and approval processes. Look for ways to consolidate into two to three steps and introduce reimagined, AI-driven processes instead.
During the brief period of coexistence between both systems, plan a cutover strategy with user experience in mind. Early user adoption sets the tone for further IGA platform use. Focus on operational efficiencies and process areas that tangibly aid users’ work. These may include automated user lifecycle management, birthright access, or priority app onboarding. In your eagerness, don’t neglect bi-directional data synchronization issues between your old and new IGA platforms. Once you onboard an application, cut over all associated processes to avoid data integrity or synchronization problems.
After migration, it’s time to look for enhancements to build on the foundation you created.
Because modern IGA platforms are flexible, reorient how you roll out updates and releases. Consider co-opting the DevOps model of micro-releases to keep your identity and digital transformation journey moving. As Saviynt’s Barngrover notes, “You put thousands of users on Microsoft Teams overnight. You have the right data points to give users the right access and make faster improvements – use them!”
Measuring success While modernization ‘success’ is broadly defined, a few key metrics typify real improvement. Plan toward these so that your migration, implementation, and deployment efforts lead to target outcomes.
Depending on your operational use case, also consider: