This paper examines the City of Los Angeles' transition from on-premise information systems to cloud-based infrastructure, focusing on three critical considerations: feature compatibility between legacy and cloud systems, data migration and management processes, and security governance. Through analysis of this case study, the paper identifies lessons learned regarding contract stipulations, vendor accountability, and phased migration strategies. The author argues that successful cloud transitions require early identification of system requirements, comprehensive security measures before implementation, and a tiered approach to migration that allows for testing and vendor performance verification at each stage.
The City of Los Angeles' cloud transition case study reveals critical considerations when integrating new cloud systems with existing legacy infrastructure. Many of these considerations pertain to the features and capabilities—and the differences between them—in on-premise versus cloud models. After agreeing to implement the cloud as a replacement for the city's on-premise calendaring and email system, the city discovered that several features central to their former system's operations were simply not supported by the cloud version.
This gap highlights a fundamental requirement for any cloud migration: systematically documenting the most widely used and vital characteristics of the current system and determining how they align with the proposed cloud solution. It may be possible to modify aspects of the cloud system to accommodate legacy capabilities, but this cannot be known without detailed analysis. Organizations must compile a comprehensive list of specific use cases and the features required to support them, then present these requirements to the cloud service provider before agreeing to implementation. This advance vetting ensures that the provider can accommodate all organizational needs and prevents costly surprises during or after deployment.
The stakes of this mismatch are significant. When assumptions about feature parity prove incorrect, organizations face difficult choices: modify their workflows to match cloud capabilities, request custom modifications from the vendor, or delay migration. Each option carries operational and financial costs that could have been avoided through thorough pre-implementation analysis.
Another critical consideration involves the mechanics of transitioning from legacy systems to cloud environments. Beyond simply moving files, this process requires careful attention to data migration and replication from the on-premise environment to the virtualized infrastructure that cloud computing provides (Williams, 2012). In practice, these measures often involve significant organization and data sanitization—cleaning and preparing data that existed in legacy architectures for the new environment.
The City of Los Angeles experienced this firsthand during its email system migration. The city had to undertake several administrative efforts to prepare for the cloud transition, including deleting certain emails, organizing mail by year, and restructuring how emails were saved to ensure they could be readily archived and accessed through the new system. These data preparation steps are not incidental; they directly reflect the specific capabilities of the target cloud system. This reinforces a key principle: understanding what specific capabilities a new system has is essential to determining how it can accommodate an organization's particular needs and use cases.
The planning process must account for these data hygiene steps well in advance. Organizations should not assume that data simply moves unchanged from legacy to cloud. Time and resources must be allocated for data review, validation, and transformation to meet cloud system requirements.
Perhaps the most significant concern in integrating legacy infrastructure with cloud environments relates to security. Security has long been central to cloud computing discussions, particularly regarding the risks of hosting sensitive, proprietary data outside an organization's firewalls (Harper, 2014). However, not all security considerations are direct or immediately obvious.
The Los Angeles case illustrates this complexity. Due to insufficient security measures in the new cloud environment, the city had to migrate some data that it had already moved to the cloud back to its physical on-premise systems. This proved time-consuming and costly. This experience demonstrates that security oversight can negate the benefits of cloud migration, forcing expensive reversal of transition decisions.
Organizations must determine how thoroughly new systems account for all legacy system needs—including those not directly related to features or capabilities, but essential to security measures. Security vetting must occur before migration begins. Postponing security assessment until after data has been moved to the cloud risks expensive re-migration and operational disruption. Ideally, the degree of security and the specific protection measures that will be employed should be established and verified during the contract negotiation phase, not discovered during implementation.
The Los Angeles case study demonstrates both successful and notable security measures undertaken during cloud transition. The city worked to implement mechanisms such as encryption, data masking, and tokenization—security tokens that are now relatively standard in contemporary cloud deployments (Harper, 2014). When deployed alongside hybrid cloud solutions (which integrate both public and private cloud resources), these mechanisms effectively address many organizational security concerns.
Beyond standard encryption protocols, the city implemented contractual protections that extended beyond typical vendor relationships. Notably, the city required that cloud provider employees who would work with city data undergo the same background check process as city employees. This exceeded industry standards for SaaS provider relationships. Additionally, the city secured clarity regarding data ownership rights—important not strictly for security but closely related to it—which many organizations value when considering cloud adoption.
The city also negotiated for on-site auditing rights over the provider's security program, a stipulation typically reserved for government entities or organizations with exceptionally lucrative contracts. Whether private sector organizations could secure similar rights from providers remains questionable. Finally, requiring the provider to obtain express written consent before accessing specific city files provided an additional safeguard, helping the city maintain confidence in privacy and security despite housing data outside its own firewalls.
"Performance-based contracts and incremental deployment strategies"
You’re 72% through this paper. Sign up to read the remaining 1 section.
Sign Up Now — Instant Access Already a member? Log inAlways verify citation format against your institution’s current style guide requirements.