EXECUTIVE SUMMARY

Katz, Sapper & Miller (KSM) is one of the nation’s 50 largest independent CPA firms, providing advisory, tax, and audit services to national and international organizations. As a firm operating in a highly regulated environment, KSM required an approach aligned with CleanSlate’s expertise in finance and risk management, where security, governance, and resiliency are critical. To reduce operational risk and support future growth, KSM partnered with CleanSlate to deliver AWS migration and modernization services that enabled a rapid data center exit, improved resiliency, and long-term scalability.

KSM faced a fixed and inflexible deadline to exit its on-premises data center within ten weeks while simultaneously entering peak business season. Any disruption to availability, performance, or security posed an unacceptable risk to client delivery and firm operations. In addition, the firm’s existing architecture lacked sufficient disaster recovery capabilities, limited automation, and constrained the firm’s ability to modernize workloads or prepare for future initiatives such as AI-driven services. 

KSM partnered with CleanSlate Technology Group to execute a rapid migration and modernization initiative on Amazon Web Services (AWS). Rather than performing a simple lift-and-shift, CleanSlate designed an AWS-first architecture that emphasized governance, security, automation, and long-term scalability. The engagement combined accelerated assessment, phased migration waves, Infrastructure-as-Code, and CI/CD automation to safely transition both Azure and on-prem workloads into a unified AWS environment. 

Within ten weeks, CleanSlate successfully delivered a secure, multi-account AWS landing zone; migrated critical workloads; modernized application hosting patterns; and established hybrid connectivity, while maintaining full business continuity. Through these AWS migration and modernization services, KSM established a secure, scalable AWS foundation that supports continued growth and future innovation. The result was a resilient, scalable cloud foundation that reduced operational overhead, improved performance, and positioned KSM for more than 30% in projected cost savings through rightsizing and optimization. 

THE BURNING PLATFORM

As a financial services organization operating under strict compliance and risk requirements, KSM needed a cloud strategy aligned with modern finance and risk management best practices.

The firm operated a hybrid environment consisting of on-premises VMware infrastructure alongside Microsoft Azure services. Over time, this created fragmentation across tooling, security controls, networking models, and operational processes. As workloads grew more interconnected, managing dependencies and scaling environments required increasing manual effort from a small IT team. 

The most pressing challenge was an immovable deadline to exit the on-premises data center within ten weeks. Extending the lease was not a viable option due to cost, and the timing coincided with the firm’s busiest operational period, leaving no tolerance for downtime or instability. 

Additionally, KSM required stronger disaster recovery capabilities, improved resiliency, and a modern foundation capable of supporting future initiatives such as AI, automation, and acquisitions. A traditional lift-and-shift approach would not meet these requirements. 

These challenges underscored the need for AWS migration and modernization services that could consolidate environments, reduce risk, and enable long-term transformation.

Migrating to AWS provided KSM with the opportunity to consolidate environments, modernize workloads, standardize security and governance, and introduce automation—while reducing long-term operational risk. 

MAJOR CHALLENGES & PROBLEMS TO SOLVE

• Mandatory exit from on-premises data center within a fixed 10-week timeline 

• Migration occurring during peak business operations with zero tolerance for downtime 

• Complex Azure workloads with tightly coupled dependencies 

• Legacy application architectures not suited for cloud scalability or cost optimization 

• Limited internal IT bandwidth to support migration and long-term operations 

• Need for standardized security, governance, and networking across environments 

• Requirement for improved disaster recovery, resiliency, and observability 

SOLUTIONS

Accelerated Assessment & Migration Planning

CleanSlate began the engagement by delivering AWS migration and modernization services through an accelerated assessment powered by its Cloud Optimization Blueprint, powered by AWS OneOLA and the CleanSlate MAP++ approach. This assessment evaluated application dependencies, cost profiles, licensing considerations, and modernization opportunities, allowing CleanSlate to define migration waves and prioritize workloads for transformation. 

This approach enabled a compressed timeline while ensuring technical and operational risk was minimized. 

Secure Multi-Account AWS Landing Zone 

As part of its broader AWS migration and modernization approach, CleanSlate implemented a governed multi-account AWS landing zone architecture using AWS Control Tower. This provided centralized logging, guardrails, and security controls while enabling future scalability. 

Key architectural components included: 

• Dedicated networking account with inspection VPC 

• Hub-and-spoke connectivity using AWS Transit Gateway 

• Gateway Load Balancer and AWS Network Firewall for centralized inspection 

• Shared services account for platforms such as AppStream and WorkSpaces 

• Zero Trust access via Zscaler ZPA/ZIA 

• Hybrid connectivity using AWS Direct Connect with Site-to-Site VPN as a resilient fallback 

On-Premises Migration to AWS 

KSM’s VMware-based workloads were migrated using AWS Application Migration Service (MGN). Source systems were replicated into AWS VPCs with automated rightsizing applied at launch. 

Custom post-launch automation standardized instance configuration joined systems to Active Directory and reduced manual cutover effort, allowing migrations to complete with minimal disruption. 

Azure Workload Modernization 

Rather than replicating Azure patterns directly, CleanSlate modernized workloads to align with AWS-native services: 

• Azure App Service workloads were migrated to Elastic Beanstalk, App Runner, or ECS/Fargate based on complexity and scaling needs 

• Azure Functions were re-architected using AWS SAM and deployed to AWS Lambda 

• Azure Easy Auth patterns were replaced with Application Load Balancer and Amazon Cognito integrated with Microsoft Active Directory via SAML 

• Terraform templates enabled repeatable deployment of application patterns across environments 

This modernization effort was a critical component of CleanSlate’s AWS migration and modernization services, ensuring workloads were cloud-native rather than simply replicated.

CI/CD Automation & Enablement 

CleanSlate implemented CI/CD pipelines using GitHub Actions and AWS SAM, enabling automated build, test, and deployment workflows. 

In parallel, CleanSlate delivered hands-on enablement using a crawl-walk-run approach, progressively transferring operational knowledge so KSM’s internal IT team could confidently manage and optimize the AWS environment post-migration. 

SUCCESS METRICS

The CleanSlate + KSM partnership demonstrates how AWS migration and modernization services can deliver measurable results under aggressive timelines.

• Completed full migration and data center exit within 10 weeks 

• Unified on-prem and Azure workloads into a single AWS-native platform 

• Improved application performance, scalability, and resiliency 

• Reduced operational overhead for a lean IT team 

• Established standardized governance, security, and deployment patterns 
• Positioned the firm for 30%+ projected cost savings through rightsizing and optimization 

👤  Artie Sluka, Darren Mills