Skip to main content

Years of patching, never a foundation.
Until the landscape ground to a halt.

From patching to a foundation that moves

A large association, around 2,200 workplaces. Successive mergers and years of symptom-fixing left an unmanageable, insecure landscape that ground to a halt technically, and where the mail environment was breached. We designed a new, secure cloud foundation and lead the transition, with security by design.

Migration · progressIn progress
PLEISTERSFUNDAMENT · BY DESIGN
Source · migration calendarLanding zone · zero trust
Sector
Large association
Scale
± 2,200 workplaces
Engagement
Multi-year, phased
Frameworks
Zero trust, NIST CSF
Components
± 350
inventoried and prioritised by risk.
Foundation
By design
security in the base, not bolted on.
Debt
Coming down
reduced in phases, risk-based, without standstill.

The challenge

Years of patching. Until everything ground to a halt.

A large association, around 2,200 workplaces. Successive mergers, and on top of that years of patching without an architecture vision, had produced a landscape no one fully oversaw. An inventory surfaced around 350 IT components, most of them running up against end-of-support.

Status of the components± 350
Supported
Past or near end-of-support
Supported
Past support
  • 01

    Unmanageable and insecure. No one oversaw the whole; consistent security was impossible, and the mail environment was breached.

  • 02

    Unable to move. The complexity caused inertia: every change slow, fragile and expensive.

  • 03

    Technically stuck. Core systems and the firewall were already past support; further development was locked.

  • 04

    A cloud without vision. The existing cloud was set up without a strategy, disconnected from business and security goals.

Every patch solved something, and made the whole less movable. The question was not which system, but which foundation.

The approach

No more patches on top. A foundation underneath.

We did not start from a system, but from the architecture that was never there. Risk-based, phased, with security by design as the starting point.

Security by designPrinciple
Cloud, unless, and as high as possibleStrategy
Risk-based and phasedApproach
01

Diagnosis, risk-based

Around 350 components inventoried and prioritised by risk: what runs up against end-of-support, where the greatest exposure sits, what holds the organisation back.

02

Blueprint and reference architecture

A target architecture with security by design, vendor-independent: a blueprint and roadmap that set, per system, where it goes. Security and movability built in, not bolted on.

03

A secure landing zone

Together with a partner, a standardised, zero-trust cloud foundation put in place for the organisation to build on.

04

Build, migrate, transform

An agile team migrates and transforms in phases, sorted by complexity, to bring down the technical debt step by step without grinding the organisation to a halt.

The solution

A foundation the organisation can move on again.

The gain is not in one migration, but in a foundation that makes security and change possible again. What stands is designed instead of grown, and it is being filled in step by step.

Workloads
applications
Platform
reference architecture
Landing zone
zero trust, security by design
A designed foundation

A layered cloud foundation, with security by design in the base.

Blueprint and roadmap

Set per system where it goes, repeatable and at speed.

Secure landing zone

A standardised, zero-trust cloud foundation, vendor-independent and future-proof.

From advice to delivery

We took the enterprise architecture, the security and the programme management; the cloud infra was built by a partner under our architecture. Not just drawing, but building.

“For the first time in years we can move forward again, on a foundation we trust.”

CIO · large association

The result

From standstill to an organisation that can move forward again.

Before
  • -Unmanageable and insecure; a breach of the mail environment
  • -Stuck: core systems and firewall past support
  • -Inertia: every change slow, fragile and expensive
  • -A cloud set up without vision or strategy
Now
  • A designed, secure cloud foundation, security by design instead of bolted on.
  • Technical debt is reduced in phases, risk-based and without standstill.
  • The organisation can move and develop securely again.
  • Control of its own IT, on a foundation that grows with it.

A similar challenge?

No pitch. One conversation.

One conversation in which we determine whether, and how, this works for your organisation too.

Schedule a conversation

30 minutes with a senior, no pitch.

Speak with an architectCall directly088 - 163 23 25