Post lift-and-shift governance in healthcare: Why the cloud alone isn’t the cure

Did you know that 80% of cloud migrations fail to provide the expected ROI (EPI-USE, n.d.)? Across all industries, the move to the cloud has been top of mind and with good reason. Being cloud native means reduced costs, allowing you to pay only for what you use, unlimited and on-demand scaling, and intelligent workflows and automations to bring your organization to the next level. Finally, being cloud-native brings along the promise of joining the AI revolution. As an innovative and daring healthcare leader, you called your IT team and told them it was time to transition to the cloud.

They quickly (or not so quickly) went to work, and here we are.

Like many organizations, you may have taken a lift-and-shift approach, migrating everything as-is, without a strategy for governance and optimization.

Now you’re left wondering what went wrong: drowning cloud costs, disorganized and messy data that can’t be used, a stack of support tickets from staff unable to access what they need, and an overwhelmed IT team.

Was it really a move forward?
The culprit? A lift-and-shift strategy with no governance follow-through.

Why “lift-and-shift” isn’t the victory lap you think it is

The most popular way to move an organization to the cloud is via a ‘Lift-and-Shift’, which essentially means ‘lifting’ everything you have on servers and dropping them into a cloud provider such as Azure from Microsoft.

It’s akin to taking every movie you own and saving them on the cloud instead of an external hard drive so that you can access it from wherever you are and without the risk of hardware breakage. It’s great!

You now have scalability to add as many movies as you’d like, you never need to worry about it falling into the wrong hands, “you know it’s backed by Microsoft, so it’s safe from damage or theft, but does that mean you built ‘Netflix’? No…. You treated the cloud like an attic, a glorified attic space. And that’s not what we call being ‘Cloud-Native’. According to Flexera, 28% of cloud spend is wasted (Flexera, 2023).

Healthcare orgs, like most others, often treat the cloud like a digital storage locker instead of rethinking how to leverage it effectively.

Symptoms of a failed lift-and-shift in healthcare:

• Storage costs spiral out of control.
• Workflows get slower.
• Care teams lose trust in systems that feel more chaotic than helpful.

What does it mean to be truly ‘Cloud-Native’

For your organization to truly reap the benefits of being ‘Cloud-Native,’ it can’t simply lift and drop its data into the cloud. Instead, the cloud environment must be architected with intention and intelligence. That means rethinking your infrastructure, not just replicating your on-prem setup. The cloud offers powerful design advantages like containerization, microservices, autoscaling, and serverless computing.

These aren’t just buzzwords; they’re key to unlocking speed, agility, and cost-efficiency. Without leveraging them, you’re trading a closet for a cloud—same clutter, higher rent.

So, before calling the movers, your best bet is to sit down and draft a Blueprint for where everything must go.

The silent saboteur: Post-migration governance neglect

Once you have properly mapped out where each document should live on the cloud, you are ready for the big move-in day. But here’s where things get critical as a healthcare organization: You can’t move in, drop your boxes, and call it a day. You need to then focus on governance.

Governance means having a clear framework that defines who owns what, how long data is retained, who gets access to which resources, and what happens when something changes. It’s a living, evolving system that ensures your digital environment remains usable, secure, and compliant over time.

In a healthcare setting, that means ensuring PHI isn’t floating in forgotten folders, that audit logs are active and reviewed, and that access rights adapt as staff join, leave, or switch roles. In other words, your staff can do their jobs, and you aren’t being sued for accidentally leaking PHI!

Without sustainable governance, healthcare organizations experience:

• Outdated Teams and SharePoint sprawl. New communication spaces and document libraries are spun up with every new initiative, but rarely cleaned up or retired. Instead of helping staff find what they are looking for faster, start spending more time searching for files. A study showed that on average, 19% of working hours are spent looking for documents (The ECM Consultant, 2023).
  
  That means about 7.6 hours of paid staff time are being used to locate files.
  
• No clear ownership of data. Files and folders float freely with no designated owners. When permissions need to be updated or changed, nobody is responsible for the data and has access to its management properties.
  
• Sensitive patient data with unclear access control. Critical PHI is stored in locations that were never intended to house sensitive information, shared broadly, or left with outdated permissions after a staff member leaves the organization.
  
• These issues cost money, block innovation, and introduce serious risks to PHI (Protected Health Information).

Cloud without governance = A missed opportunity

“You moved to the cloud… but you didn’t actually move forward.”
In most industries, governance lapses lead to inefficiencies or lost money. However, in healthcare, they can mean life-threatening delays, compliance failures that can cost millions, and eroded trust in your systems from both staff and patients.

Picture this: A nurse is preparing a discharge plan for a patient who’s set to leave within the hour. The care team is waiting, transport is scheduled, the family is ready to go, but she can’t locate the patient’s latest blood test results. She needs these to confirm that the patient is truly ready for discharge; they’re buried in a duplicated SharePoint folder. She tries searching, but multiple files pop up with similar names. Frustrated and under pressure, she reaches out to IT.

Now the discharge is delayed, the patient becomes frustrated, and the hospital bed meant for an incoming emergency remains tied up. Multiply this across units, and what should be an improvement in healthcare efficiency starts to look more like the hospital’s basement storage room.

In short, governance is what unlocks the real ROI of your cloud investment. Without it, the cloud becomes just another expensive repository. With it, your cloud becomes a resilient, responsive system that supports care delivery instead of complicating it.

How to do it right: A governance blueprint for healthcare

Getting governance right doesn’t start with a product—it starts with a plan. If you’re serious about post-migration success, especially in a healthcare environment, here’s what the journey should look like:

1. Start with a strategic blueprint

The wonderful thing is that even though you may have completed your move already, it’s never too late to clean up your environment, in the same way you would have done it before the migration. Map out data types (clinical, operational, administrative), designate ownership roles, and determine compliance needs from the start.

Think of it like packing to move to a new house: You wouldn’t want to just empty random drawers into boxes. Ideally, you want to decide where your books will go IN the new house and then pack accordingly so that the box of books is placed where it should be. Even if it’s technically the same house, we’re just doing a redo.

2. Structure your cloud move intentionally

Set up your Microsoft 365 environment in line with your blueprint. That includes naming conventions for Teams and SharePoint sites, folder structures, and permission levels based on the sensitivity of information. This is where your IT team needs to spend some time creating the diverse ‘areas’ of your new ecosystem. If you plan on putting your book collection in the living room, you may first need to build a library and attach it to the wall so that when it’s time to unbox, you can put every book in its place. In IT, that may mean creating containers, folder structures, and workflows.

3. Layer in governance from day one

Integrate governance policies from day one and not after things go sideways. Define how long data should live, who approves access, and what retention policies apply across departments. Governance can easily be an overwhelming and scattered project, so use the right tools to help you stay on track! Microsoft 365 provides a solid foundation, but managing governance at scale requires more than native features alone.
For example, a tool like Syskit Point can:

• Automate access reviews so you always know who has access to PHI and why.
• Help manage workspace sprawl by applying lifecycle rules to Teams and SharePoint sites.
• Provide audit-ready reports for compliance teams without requiring custom scripts.
• Offer a central dashboard for full visibility across your Microsoft 365 environment.

4. Run regular audits and tune as you grow

Schedule regular reviews to ensure your governance model evolves with your organization. Update roles, review external sharing, and close outdated workspaces. Remember that governance is like cleaning your house – It’s an ongoing project with no end date.

To be truly cloud-native and reap the benefits, you need to orchestrate your move efficiently. Once there, spend time putting everything in its place while diligently applying governance best practices.

References:

1. EPI-USE. (n.d.). Why over 75% of cloud migrations fail. EPI-USE. Retrieved April 18, 2025, from https://www.epiuse.com/aws-services/blogs/why-over-75-of-cloud-migrations-fail
2. Flexera. (2023). 2023 State of the Cloud Report. OpenMetal. Retrieved April 18, 2025, from https://openmetal.io/resources/blog/control-public-cloud-waste-with-alternative-cloud
3. The ECM Consultant. (2023, August 15). Document management statistics. Retrieved April 18, 2025, from https://theecmconsultant.com/document-management-statistics