Cloud Migration Glossary: Key Terms and Definitions

Cloud migration involves a dense technical vocabulary drawn from infrastructure engineering, distributed systems, software architecture, and enterprise IT governance. This glossary defines the core terms used across planning, execution, and post-migration operations, with classification boundaries that reflect how practitioners and standards bodies use each concept. Precise terminology reduces scope ambiguity during vendor negotiations, compliance audits, and team coordination. The definitions below apply to US-based enterprise and mid-market contexts and align with frameworks published by NIST, AWS, and the Cloud Security Alliance (CSA).

Definition and scope

Cloud migration terminology spans at least 5 distinct functional domains: workload classification, migration pattern selection, infrastructure configuration, security and compliance, and operational governance. Each domain carries its own vocabulary, and terms frequently overlap or conflict across vendor documentation.

Migration pattern terms are the most foundational. NIST defines cloud computing across three service models — Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) — in NIST SP 800-145. These service models determine which migration patterns are applicable to a given workload.

The "6 Rs" framework, widely referenced in AWS migration documentation, classifies migration approaches as: Rehost, Replatform, Refactor/Re-architect, Repurchase, Retire, and Retain. Each R represents a distinct scope of change applied to a workload during its transition to cloud infrastructure.

Key definitional terms:

• Workload: A discrete unit of compute, storage, or network function — an application, database, or service — treated as a single migration candidate.
• Migration wave: A grouped batch of workloads scheduled for migration in a defined sequence. See cloud-migration-wave-planning for sequencing methodology.
• Landing zone: A pre-configured, governance-ready cloud environment that enforces baseline security, networking, and identity policies before workloads arrive.
• Migration factory: A repeatable, templatized process pipeline for executing migrations at scale with standardized tooling and team roles.

How it works

Migration terminology functions as a shared reference system that aligns architecture, security, and project teams around agreed definitions of scope and risk. Misuse of a term — for example, describing a replatform as a rehost — directly affects cost estimation, timeline, and testing requirements.

The following numbered breakdown reflects the operational sequence in which these terms become relevant:

1. Discovery and assessment: Terms such as dependency mapping, application portfolio, and cloud readiness score apply. A cloud readiness assessment (cloud-readiness-assessment) produces a scored inventory of workloads.
2. Migration pattern selection: Terms including lift-and-shift (synonymous with rehost), replatforming, and refactoring define the engineering effort. Lift-and-shift preserves the existing architecture with no code changes. Replatforming vs. refactoring involves moderate-to-significant code or configuration changes.
3. Infrastructure design: Terms such as VPC (Virtual Private Cloud), subnet, availability zone, region, and hybrid connectivity define the target architecture.
4. Execution: Terms including cutover, blue-green deployment, canary release, rollback, and data synchronization describe the mechanics of the migration event itself.
5. Post-migration operations: Terms such as FinOps, cloud cost governance, rightsizing, and observability apply to the steady-state management phase.

The Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) provides a structured vocabulary for security-domain terms across all phases, including shared responsibility model, data residency, and encryption at rest vs. in transit.

Common scenarios

Term usage shifts based on migration context. Three common scenarios illustrate how vocabulary maps to specific technical situations.

Scenario 1 — Legacy system migration: An organization moving a monolithic ERP system encounters terms such as application decomposition, strangler fig pattern, technical debt, and microservices. Legacy system migrations (legacy-system-cloud-migration) commonly require refactoring vocabulary because a simple rehost is architecturally insufficient.

Scenario 2 — Database migration: Moving relational databases to managed cloud services introduces terms including homogeneous migration (same database engine, e.g., Oracle to Oracle RDS) and heterogeneous migration (different engines, e.g., Oracle to Aurora PostgreSQL). AWS Database Migration Service documentation formally distinguishes these two categories. See database-migration-cloud-options for a structured comparison.

Scenario 3 — Regulated industry migration: Healthcare and federal contexts add compliance-specific vocabulary. HIPAA migration work requires fluency in Business Associate Agreement (BAA), PHI (Protected Health Information), and audit logging. FedRAMP contexts require terms such as Authority to Operate (ATO), security control baseline, and continuous monitoring. The FedRAMP Program Management Office (fedramp.gov) publishes the authoritative definitions for federal cloud security terminology.

Decision boundaries

Precise term selection determines downstream decisions. Three high-stakes definitional boundaries affect project scope:

Rehost vs. Replatform: A rehost (lift-and-shift) involves zero code changes and moves a workload to IaaS with identical configuration. A replatform involves targeted modifications — such as swapping a self-managed database for a managed cloud equivalent — without changing core application logic. Conflating these two inflates or deflates cost estimates by a measurable margin because replatforming requires additional testing cycles.

Migration vs. Modernization: Migration moves a workload to cloud infrastructure. Modernization changes the workload's architecture, typically toward cloud-native patterns such as containerization or serverless. Treating modernization as migration scope during initial planning is a documented source of project overruns. The distinction affects cloud-migration-cost-estimation methodologies significantly.

Hybrid cloud vs. Multi-cloud: A hybrid cloud architecture combines on-premises infrastructure with one cloud provider. A multi-cloud architecture distributes workloads across 2 or more independent cloud providers. These are structurally distinct topologies with different networking, latency, identity federation, and governance requirements. See hybrid-cloud-migration-approach and multi-cloud-migration-strategy for pattern-specific guidance.

References

• NIST SP 800-145: The NIST Definition of Cloud Computing
• Cloud Security Alliance Cloud Controls Matrix (CCM)
• FedRAMP Program Management Office — fedramp.gov
• AWS Cloud Migration Resources
• NIST National Cybersecurity Center of Excellence — Cloud Migration