When approaching the notion of adopting Cloud, it can be a daunting task. You’re faced with establishing a strategy, identifying your approach, commercials, governance, operational changes, people skills. Where do you begin?

Based on the numerous adoptions I’ve worked through, I recommend leveraging the AWS Cloud Adoption Framework as a guide to establishing a pathway through some of these decisions and realising business value, faster.

What is the AWS Cloud Adoption Framework?

The Amazon Web Services Cloud Adoption Framework (CAF) is a framework originally developed by AWS Professional Services (ProServ) to help organisations design and travel an accelerated path to successful cloud adoption. The guidance and best practices provided by the framework help you build a comprehensive approach to cloud computing across your organisation and throughout your IT lifecycle.

Using the AWS CAF helps you realise measurable business benefits from cloud adoption faster and with less risk.

We’ll first introduce how the CAF is organised, then focus in on our main area of focus, namely Security.

How is the AWS CAF organised?

The AWS Cloud Adoption Framework (AWS CAF) organises guidance into six areas of focus, called perspectives. Each perspective covers distinct responsibilities owned or managed by functionally related stakeholders. In general, the Business, People, and Governance Perspectives focus on business capabilities; while the Platform, Security, and Operations Perspectives focus on technical capabilities.

Cloud Adoption Framework

Let’s briefly introduce each of the six perspectives.

Business Perspective

The Business Perspective helps you move from separate strategies for business and IT to a business model that integrates IT strategy. Agile IT strategies are aligned to support your business outcomes, and they can adjust to business needs or technical capabilities as they change.

Common Roles: Business Managers; Finance Managers; Budget Owners; Strategy Stakeholders.


IT Finance addresses your capacity to plan, allocate, and manage the budget for IT expenses with the use-based cost model of cloud services.
IT Strategy helps you take advantage of cloud-based IT approach to deliver value and end-user adoption.
Benefits Realisation helps you to measure the benefits of your IT investments using methods for a cloud-based IT operating model.
Business Risk Management helps you estimate the potential business impact of preventable, strategic, and/or external risks.


People Perspective

The People Perspective helps Human Resources (HR) and personnel management prepare their teams for cloud adoption by updating staff skills and organizational processes to include cloud-based competencies.

Common Roles: Human Resources; Staffing; People Managers.


Resource Management helps you understand and forecast new personnel needs for a cloud-based model.
Incentive Management helps you implement a compensation program that will attract and retain the personnel required to operate a cloud-based IT model.
Career Management helps you identify, acquire, and retain the skills needed for your cloud migration and ongoing operating model.
Training Management provides guidance on how to develop or acquire training for your employees so they can perform their roles in a cloud environment.
Organisational Change Management helps you manage the impact of business, structural, and cultural changes caused by cloud adoption.


Governance Perspective

The Governance Perspective integrates IT Governance and Organizational Governance. It provides guidence on identifying and implementing best practices for IT Governance, and on supporting business processes with technology.

Common Roles: CIO; Program Managers; Project Managers; Enterprise Architects; Business Analysts; Portfolio Managers.


Portfolio Management provides a mechanism to manage it based on desired business outcomes. It can help to determine cloud-eligibility for workloads when prioritizing which services to move to the cloud.
Program and Project Management helps you manage technology projects using methodologies that take advantage of the agility and cost management benefits inherent to cloud services.
Business Performance Measurement helps you measure the impact of the cloud on business objectives.
License Management defines methods to procure, distribute, and manage the licenses needed for IT systems, services, and software.


Platform Perspective

The Platform Perspective helps you design, implement, and optimize the architecture of AWS technology based on business goals and objectives. It helps provide strategic guidance for the design, principles, tools, and policies you will use to define AWS infrastructure. The Platform perspective also includes principles and patterns for communicating your target state environment, implementing new solutions on the cloud, and migrating on-premises workloads to the cloud.

Common Roles: CTO; IT Managers; Solution Architects.


Systems and Solution Architecture helps you define and describe the system design and your architectural standards.
Compute, Network, Storage, and Database Provisioning helps you develop new processes for provisioning infrastructure in a cloud environment. Provisioning shifts from an operational focus aligning supply with demand, to an architectural focus aligning services with requirements.
Application Development addresses your ability to support business goals with new or updated applications, and helps implement new skills and processes for software development that take advantage of the agility gained by cloud computing.


Operations Perspective

The Operations Perspective helps you to run, use, operate, and recover IT workloads to levels that meet the requirements of your business stakeholders. Insights gained through the Operations Perspective define your current operating procedures as well as process changes and training needed for successful cloud adoption. Well-managed IT operations support the operations of the business from planning and sustaining, through change and incident management.

Common Roles: IT Operations Managers; IT Support Managers.


Service Monitoring focuses on detecting and responding to IT operations health indicators, to meet your service level agreements and operating level agreements.
Application Performance Monitoring (APM) provides you with new approaches for monitoring application performance in a cloud environment to ensure that application health meets defined requirements.
Resource Inventory Management helps you manage virtual IT assets to provide services that are both high performing and cost efficient.
Release/Change Management helps your teams adopt software development best practices such as automation and Continuous Integration/Continuous Delivery (CI/CD) techniques, increasing the pace of your innovations.
Reporting and Analytics helps you monitor the health of cloud assets and provide insights to help you reach the desired level of performance.
Business Continuity/Disaster Recovery helps you implement processes to keep your business running during a catastrophic event.
IT Service Catalog helps you to offer cloud services to the business using a model that can help to improve efficiency of providing IT services as well as the productivity of consuming them.


Security Perspective

The Security Perspective helps you structure the selection and implementation of controls. Following this guidance can make it easier to identify areas of non-compliance and plan ongoing security initiatives.

Common Roles: CISO; IT Security Managers; IT Security Analysts.


Identity and Access Management (IAM) helps you integrate AWS into your identity management lifecycle, and sources of authentication and authorization.
Detective Control provides guidance to help identify potential security incidents within your AWS environment.
Infrastructure Security helps you implement control methodologies necessary to comply with best practices as well as meet industry or regulatory obligations.
Data Protection helps you to implement appropriate safeguards that protect data in transit and at rest.
Incident Response helps you define and execute a response to security incidents.



AWS Cloud SME and DevSecOps Specialist