Cloud Maturity: How Ready Are You for the Cloud?

How is a company’s cloud maturity determined? What is it actually good for, how can you assess it, and what stage of the maturity model are you at? 

written by Kamil Kovář

Do We Have To Worry About The Processes?

I want to discuss an interesting issue we're addressing with customers transitioning to the cloud. Before we start working with a customer, we need to understand their teams' mental state, processes, and knowledge. We're particularly interested in their cloud maturity. What is it, and how do we assess it?

Before I pick an apple, I check if it’s only red on one side. Similarly, we collaborate with the customer (partly through self-assessment) to evaluate various aspects of their capabilities and operations.

What does a company have to be like to be considered a mature cloud company in all respects?

The maturity assessment method we use is largely based on a process maturity assessment. And that’s the right thing to do. Because we are talking about IT services provided to the business, and in the operational model these consist mainly of processes. Functioning processes – please don’t show us the paper hidden deep in your document repository drawer.

There’s a sophisticated general methodology for assessing process maturity. It’s not difficult to determine by examining several parameters across basic architectural, change, and operational processes. However, it’s not just about being procedural.

Do you feel now that the more procedural the customer, the more mature they are for us? Oh, no.

Do We Have Enough Certified People?

I can hardly talk about cloud maturity when most of the team hasn’t touched the ball (i.e. the cloud) yet. Specifically, in 2024, a significant portion of IT operations professionals have already touched it, but often only in the locker room, not on the field.

Surprisingly many companies have teams that are trying out cloud services on of their own, personal initiatives or shadow IT. But the lack of preparation will not allow them to learn how to operate and use the cloud properly in practice.

On the other hand, we have encountered companies that have been forced to consume cloud services by leaps and bounds. There we find a very good deep knowledge of often advanced services in people who “somehow haven’t had time” for AZ-104 or some AWS Practicioner.

So do you feel that the more certifications in the team, the more cloud mature the company will be? Also no.

Do We Have a Sophisticated IT Strategy?

Using cloud services is usually a major IT outsourcing step that a company must be prepared for. In addition, which fortunately customers who are affected by even more regulations than GDPR are well aware of, the company must internally analyse use of external cloud services in terms of regulation, data and process compliance.

A detailed study of the current IT strategy documents and compliance analysis is one of the first steps we take in the maturity assessment. We are interested in the company’s attitude to cloud services, how it treats outsourcing, how it wants to treat different types of data, how it wants to set rules for operation and more.

Does it seem to you that a well-developed cloud IT strategy points to a mature customer? It doesn’t have to be that way.


Do We Have The Tools We Need?

Enough questions, even that’s not enough. The pile of tools implemented left and right rather shows how much power individual teams have to inflate the budget. It doesn’t have much to do with maturity.

So What Is It Then?

Let’s go back to the opening paragraph on why we care about any cloud maturity at all: “We need to understand where the customer’s teams are mentally, process-wise and knowledge-wise.”

  • The right mental setup = I have it figured out and experienced.
  • Ideal process setup = I do it the same way, auditable, recordable.
  • Correct knowledge settings = I use the tools optimally.


WANT is the basic parameter. Do you have toxic individuals in your team talking about the dysfunctional unreliable expensive public cloud or a bunch of people who want to have modern tools that remove all unnecessary routine? Those who want to work with the public cloud have the necessary mental setup. They have already adapted and mastered the processes and knowledge with us.

Once the above things are working, the customer is able to run business applications in the cloud. We are happy to help him with the complexities of DevSecOps and automation in general, security, advanced monitoring, translating regulatory changes into compliance or creating cloud centers of excellence. And with my personal favorite – continuous cost optimization, preferably using a self-optimized coded infrastructure.

And if those three settings don’t work?

We  and the customer have a lot of work to do. But we’ll follow the beaten path.

Let’s see your maturity model!

OK, here it is. For convenience and some compatibility with other models, we use five maturity levels, which we call:

Which one do you find yourself in?

Ad-hoc Approach – Resistant

  • Is piloting, trying his first steps in the cloud with e.g. test environment.
  • Is delaying the move to the cloud because he understands that it is an investment with a long payback period.
  • Expects a sizeable business case in the application unit, which means a large investment in his own datacenter and easy launch in the public cloud.

Opportunistic Approach – Explorer

  • Already has the first non-critical production workloads in the cloud.
  • Tries to place suitable applications in the cloud, e.g. at the life cycle end.
  • Paired core ITSM processes to support cloud operations.
  • Tries to acquire adequate knowledge in teams.
  • Is considering appropriate tools for monitoring its distributed infrastructure.

Repeatable Approach – Player

  • Operates in the cloud with clear operating principles.
  • Runs business-critical applications in the cloud.
  • Has well-configured monitoring, backup and high availability.
  • Addresses security and compliance in the cloud.
  • Has set processes for budgeting and monitoring costs.

Controlled Approach – Transformer

  • They are changing their business thanks to IT.
  • Applications are primarily hosted in the cloud, and when that’s not possible, they seek a hybrid cloud solution.
  • On-premises remains a zoo of applications before transformation or shutdown.
  • Regularly innovates and uses new services.
  • The cloud application lifecycle is driven by the DevOps approach.
  • Effectively manages capacity.

Optimised Approach – Disruptor

  • The cloud is an essential IT tool for developing business potential.
  • Has full automation within the DevSecOps mentality.
  • Automates meta-processes to control, monitor and improve processes.
  • Has long-term experience in cost optimization.
  • Uses the latest services and often works directly with the provider to develop them.

Cloud maturity: is the top tier the best?

All maturity levels are validas long as they align with the business needs. It’s not wrong to be at the beginning of the journey; it’s wrong to think you’ve reached the end without addressing necessary steps like strategy, compliance, ITSM processes, tools, knowledge, motivated teams, sophisticated automation, exit scenarios, and risk analysis.

For us, working with Explorers is rewarding, while Disruptors challenge us with their specific problems and deep knowledge.

Defining a customer’s cloud maturity is essential for making positive changes.


Do you need guidance? We are here to help!

Start your individual journey with ORBIT.