How to migrate Legacy identity to Cloud the right way

Legacy identity management systems are expensive to maintain and as they age, getting them up-to-date is more difficult. Moving your system to the cloud is a great option. But how do you do it? This article covers some of the best tips for a successful migration.

Why migrate legacy identities to the cloud?

Digital transformation cannot be stopped. By the end of 2021, a Statista study predicted the number of workloads in the cloud will reach 94% of all data center workloads.

Migrating identity systems is part of achieving the scalability and flexibility of the cloud. Legacy IAM solutions present an array of challenges that are not compatible with the fast pace of digital transformation.  

Limitation of Legacy IAM solutions

The ongoing move to cloud computing and remote work is exposing the risks of on-premises legacy perimeter security. 

Most legacy IAM solutions are on-premises. That means cloud access traffic is directed to an on-prem solution, producing latency and overloading the network. To increase protection, many companies rely on VPNs for cloud access. While it may be helpful, it creates a single point of failure. 

Similarly, single-sign-on has the added risk that, if that credential is compromised, an attacker can gain access to the entire network. Most cloud identity systems work under a role-based-access approach, and adaptive access, which allows users to access just what they need but from anywhere. Thus, it prevents lateral movement if the identity is compromised.  

Finally, companies are adding increasing numbers of cloud apps to perform tasks. The costs of maintaining and scaling legacy on-premises identity management platforms can easily balloon when trying to add hundreds of cloud apps. 

Hybrid cloud identity challenges

For some companies, migrating to the cloud can take months or even years. This long cloud migration process results in companies living in a sort of hybrid limbo. Many organizations use multiple public clouds in addition to their on-premises environment. How does this affect identity management? Here are some challenges:   

Multi-cloud identity: companies need to manage identity across multiple cloud infrastructures besides their own on-premises. Each of these environments has its own built-in identity management security policies and protocols, creating another entity to manage. It is challenging to achieve consistent access policies across such a hybrid environment. 

Migrating identities requires rewriting the code: legacy on-premises identity systems are mostly near their end of life, and adapting them to cloud-native apps is not possible. When an organization wants to move an on-premises app to the cloud usually requires rewriting the code to support the new cloud’s identity system. This rewriting process is expensive and time-consuming, especially on systems with legacy single sign-on and web-access-management. Using a migration system like Strata’s free discovery tool for siteminder migration enables migrating identity systems to the cloud without the need of rewriting them. 

Multiple coexisting identities: cloud migrations can take months or even years, thus organizations need to run new systems together with existing ones. This means you need to expand the access to applications under a legacy identity system to users of the new cloud identity system. 

Tips for successful migration of legacy identity systems

Get complete visibility into your identities

You cannot manage what you cannot see. The first step is to map all systems and dependencies between apps and how the identity policies are organized. Note what are the levels of permission, who has access to what. 

Once you do that, it is time to think about improving the legacy identity system into a modern cloud identity. This will give you the chance to empower your system with a new and modern identity in a single migration. 

Define the right migration approach 

That being said, the typical big bang approach doesn’t allow you the needed control over identities. It is best to run on-premises and cloud systems in parallel for a while and migrate iteratively. 

Apply an abstraction layer

This fabric can help overcome the challenges, by orchestrating the transition from legacy to cloud identity systems. Instead of a big-bang migration, you can have an agile and controlled transition of identities. Migrating in batches further reduces risks. You can verify the user’s credentials and scan for indicators of compromise. Take the opportunity to weed out dormant or unused accounts to improve security. Applying an orchestration layer can help achieve a consistent identity. 

Prepare a plan for coexisting identities

Coexisting legacy and cloud identity systems are a reality for most organizations moving to the cloud. Develop a plan that ensures the compatibility of both systems to seamlessly manage identities while you migrate and update. 


Migrating legacy identity systems to the cloud can result in several challenges. Using an abstraction layer can reduce risks and help overcome many of the obstacles in legacy migration. A fabric-based architecture can provide agility and consistency in identities, effectively minimizing security risks.