WP Introduction to Cloud Migration | Challenges, Tools & Strategies | Imperva

Cloud Migration

App SecurityEssentials

What is Cloud Migration?

Cloud migration is the process of transferring digital assets, such as data and applications, in and out of cloud environments. The most common type of cloud migration involves shifting enterprise assets from on-premise data centers to the cloud. However, there are other types.

When enterprise assets are already located in the cloud, and the enterprise shifts the information to a different cloud, the process is called cloud-to-cloud migration. Enterprises can also perform a reverse cloud migration, and shift assets from the cloud to a local data center.

Cloud Migration Benefits

Each cloud migration implementation provides different advantages. Here are common benefits of moving enterprise assets to cloud environments:

  1. Less operating costs—enterprises deploying assets to the cloud do not need to set up and manage their own data centers. This significantly reduces overhead typically allocated for hardware and in-house IT.
  2. Faster time to market—cloud vendors provide ready-made automation tools and features that enable enterprises to shorten deployment cycles and quickly release new features.
  3. Scalability and utilization—traditional on-premise systems were designed for peak loads, utilizing less than 20% of their capacity. Cloud platforms enable enterprises to consume only the resources needed during each period.
  4. Reducing upfront costs for new projects—cloud computing models offer flexible payment options, like “pay-as-you-go”, reducing upfront investment in licensing and hardware.
  5. Application modernization—cloud vendors offer services and technologies that help enterprises modernize development and IT processes and create agile and efficient pipelines.

Cloud Migration Strategies

The type of data and applications the enterprise transfers, and the location the assets are shifted to, significantly impact the migration strategy designed and implemented. There are six main cloud migration strategies—rehosting (lift and shift), re-platforming, repurchasing, refactoring, retiring, and retaining.

Cloud migration strategies

Cloud migration strategies

Rehosting (Lift and Shift)

Rehosting is a cloud migration strategy that involves “lifting” applications, data, as well as physical and virtual servers, from one location, and “shifting” the assets into another location, without making changes to the migrated assets.

It is possible to lift and shift assets only when the migrated assets are compatible with the new environment.


Replatforming is a cloud migration strategy that involves making minor changes to the codebase before migrating from one location to another.

Typically, re-platforming is performed to ensure the asset performs optimally when placed in the new environment or adding new features. Enterprises choose re-platforming because it is often a cost-effective strategy. However, if the scope changes during the implementation, overhead might accumulate due to excessive modifications.


Repurchasing is a cloud migration strategy that involves discontinuing existing legacy systems in favor of using a cloud-based service. This process might involve repurposing services on new platforms and ending previous licensing.

Enterprises choose to repurchase when their legacy system is not compatible with the target cloud environment and business needs require a change.


Refactoring is a cloud migration strategy that involves modifying the entire codebase. The goal is to ensure the asset is completely compatible with the new target environment, before making the move to the cloud.

Enterprises typically choose this strategy when the application is business or mission-critical, but a move to the cloud is necessary.


Retiring is a decision to discontinue the use of certain datasets and applications, typically when the assets no longer justify their cost. When enterprises plan a migration implementation, they assess existing assets, as well as the scope of the project. To reduce costs, migration complexity, and security risks, enterprises might decide to retire certain assets.


Retaining is a decision to keep certain digital assets, rather than retiring them. In this case, if the asset is not compatible with the main target cloud environment, the enterprise might decide to implement a hybrid cloud strategy. Enterprises decide to retain assets for technical, security, compliance, or economical purposes.

Cloud Migration Challenges

Security Risks

Surveys indicate that most enterprises are concerned about cloud security issues, and there is confusion regarding responsibility over cloud security. Typically, cloud providers are in charge of infrastructure security and providing cloud users with tools to secure their environment.

While cloud providers perform security audits and implement stringent security controls, cloud users struggle to manage their own security aspects. Enterprises may see security risks due to application misconfigurations and weak access controls, for example.

Inadequate Planning

To address security threats, enterprises should first assess the scope of security coverage provided by the cloud vendor, as well as the scope of cloud security tooling offered. Once there is more transparency and visibility, the enterprise can better design and implement proper security measures for the migration process and for future normal operations.

When planning the migration process, enterprises should also account for downtime, and design failover measures that ensure business continuity at the minimum possible cost. Planning for disaster, as well as normal operations, can help reduce any overhead that might accumulate when there is no adequate plan in place.

Vendor Lock-In

Sometimes enterprises decide to shift their data to one particular cloud platform. After a period of time, the enterprise might ascertain that the cloud platform no longer suits business needs. It could be because the project outgrew the cloud or another cloud offers greater benefits. However, some cloud implementations might leave the enterprise locked into one cloud.

When vendor lock-in occurs, enterprises cannot shift their assets without spending significantly high costs, struggling through legal constraints, or experiencing technical incompatibilities. There are, however, ways to avoid vendor lock-in. Enterprises can sign agreements with exit strategies only, for example, and standardize their data to ensure portability.

Cloud Security with Imperva

Imperva provides a cloud security solution that protects applications, APIs, and Databases on Amazon Web Services, Microsoft Azure, and Google Cloud, with one pane of glass for application and data security. Imperva supports cloud migration projects, providing visibility and control across hybrid workloads, and reducing the risk of enterprise migrations.

Key features of Imperva cloud security, which is offered in two deployment options: security solutions as a service, or self-managed VMs:

  • Protects cloud workloads – stops web applications and API attacks that can lead to data theft, mitigates DDoS attacks without disrupting user workflows.
  • Ensures compliance – helps meet PCI, GDPR, SOX, and other compliance standards in a complex cloud environment. Supports compliance with a combination of network edge security (WAF), application security (RASP), and data security (DAM).
  • Mitigates risk – tracks access to data and applications, as well as data activity by cloud administrators, DBAs, and users, across applications and microservices. Provides split-second response against threats to protected data.
  • Accelerate digital transformation – provides a simple way to deploy Imperva security products and services across a multi-cloud environment.