Why Cloud Migration Certifications Mean Less Than You Think

Another vendor just earned another cloud competency badge. Sonata Software announced their AWS Migration and Modernization Competency status last week. Damco Solutions made Gartner's Market Guide for Mainframe and Legacy System Services. The press releases are polished. The logos are impressive. And none of it tells you whether they can actually fix your problem.

I have watched this pattern repeat for fifteen years. A new certification emerges. Vendors scramble to achieve it. Marketing teams produce celebratory announcements. CTOs see the badges on proposal decks and feel a small measure of reassurance. Then the project starts. And six months later, everyone discovers that the certification tested something entirely different from what the engagement actually required.

This is not an indictment of certifications themselves. They serve a purpose. They establish baseline competencies. They give procurement teams a checkbox. But they have become a proxy for judgment, and that substitution costs companies millions. Cloud-ready architecture modernization is not a standardized problem. Your legacy system is not like anyone else's legacy system. The twenty years of decisions that built it, the workarounds that kept it running, the tribal knowledge that exists only in the heads of three engineers who might retire next year - no certification tests for that.

The Certification Industrial Complex

Let me be clear about what these certifications actually measure. AWS Migration Competency, for instance, requires a vendor to demonstrate successful migrations, maintain trained staff, and follow documented processes. What it does not measure is whether those migrations resembled your migration in any meaningful way.

A company that has successfully moved fifty simple web applications to EC2 instances earns the same credential as one that has migrated complex transactional systems with intricate data dependencies. The badge is identical. The capability is not. Martin Fowler has written extensively about the distinction between technical competence and contextual understanding. A surgeon certified in cardiac procedures is not automatically qualified for your specific heart condition. Context matters. History matters. The particular constellation of factors that created your situation matters.

The same dynamic plays out with Gartner recognitions. Being named a Representative Vendor in a Market Guide means Gartner's analysts believe you meet certain criteria for inclusion. It means you exist in the market and offer relevant services. It does not mean you are the right choice for any particular engagement. Yet these recognitions appear in sales presentations as if they were endorsements. They are not endorsements. They are acknowledgments of presence.

I am not suggesting these credentials are worthless. They filter out the completely unqualified. But the filtering happens at such a low threshold that it barely narrows the field. The real differentiation happens elsewhere.

What Actually Matters in Legacy Application Modernization

If certifications are an inadequate signal, what should you look for instead? The answer is uncomfortable because it requires more work from you, not less.

The first real indicator is how a vendor responds to complexity they have not seen before. Every legacy system contains surprises. Business rules embedded in stored procedures that nobody remembers writing. Integration patterns that made sense in 2008 but look insane today. Data formats that evolved organically across three mergers. Ask your potential partner how they handle discovery. Not in theory. In practice. What did they do on their last engagement when they found something unexpected? If the answer is vague or generic, that tells you something.

The second indicator is their willingness to say no. A vendor who promises they can modernize anything, on any timeline, at any budget, is either lying or does not understand the problem. Legitimate modernization partners turn down engagements. They identify projects where the scope is undefined, the stakeholders are misaligned, or the timeline is fantasy. They would rather lose the deal than deliver a failure. Ask who they have refused to work with, and why.

The third indicator is how they talk about failure. Every experienced modernization team has failed. The question is whether they learned from it. Request case studies of projects that did not go as planned. Not disasters - just engagements where assumptions proved wrong and adjustments were required. How they narrate those stories reveals whether they have internalized the lessons or simply moved on.

The Hidden Cost of Credential-Based Decisions

Organizations that select vendors primarily based on certifications tend to overspend in predictable ways. The pattern is consistent enough that you can almost calculate it in advance.

First, scope creep accelerates. When a vendor wins on credentials rather than on demonstrated understanding of your specific context, they enter the engagement with assumptions. Those assumptions collide with reality. Change orders follow. I have seen projects where the change order total exceeded the original contract value - not because of bad faith, but because neither party truly understood what they were signing up for.

Second, the wrong architecture gets chosen. Certified partners often default to reference architectures that earned them their certifications. Those architectures might be perfect for greenfield development. They might be ideal for startups with no legacy constraints. But your situation is not greenfield. Your constraints are specific. And a solution optimized for a different problem will require expensive modifications to fit your actual needs. ThoughtWorks has documented this pattern repeatedly in their technology radar. Generic solutions applied to specific problems create technical debt from day one.

Third, knowledge transfer fails. Vendors who lack deep understanding of your system cannot effectively transfer knowledge back to your team. They complete the migration. They hand over documentation. And your engineers still cannot maintain what was built because the documentation describes what was done, not why. The reasoning behind decisions - the part that matters when something breaks at 2 AM - remains locked in the heads of consultants who have already moved to the next engagement.

Cloud-Ready Architecture Is Not a Destination

Part of the problem is linguistic. We talk about cloud-ready architecture modernization as if "cloud-ready" were a fixed state. It is not. Cloud platforms evolve constantly. What was best practice three years ago might be deprecated today. What seems cutting-edge now might be considered legacy by 2030.

Modernization is not a project with an end date. It is a capability you build. The goal is not to achieve cloud-readiness and then stop. The goal is to create systems and teams that can continue adapting as requirements change and platforms evolve. A vendor who promises to make you cloud-ready is selling you a milestone. What you actually need is a trajectory.

This distinction matters for how you evaluate partners. A certification measures a point-in-time competence. Your need is for ongoing adaptability. The right partner helps you build internal capability alongside the technical migration. They train your people. They document decisions in ways that support future modification. They design for change rather than for a fixed target architecture. InfoQ has published numerous articles on evolutionary architecture precisely because the industry has learned, painfully, that static targets lead to static systems.

Ask vendors how they build your team's capability to continue evolving the system after the engagement ends. If they cannot articulate a clear approach, they are selling a project, not a partnership. Projects end. Systems do not.

Where AI Helps with Modernization - And Where It Does Not

The conversation about legacy modernization now inevitably includes AI. Tools that analyze legacy codebases. Platforms that suggest refactoring strategies. Assistants that help translate between languages and frameworks. The marketing is aggressive. The results are mixed.

AI excels at pattern recognition in code, but struggles with pattern recognition in intent. It can identify that a particular function is called three thousand times across your codebase. It cannot tell you why that function exists, what business rule it implements, or what will break if you change it. The syntax is visible. The semantics are often invisible.

Where AI genuinely helps is in the discovery phase. Automated analysis can map dependencies faster than humans. It can identify dead code with high confidence. It can flag inconsistencies in coding patterns that suggest undocumented technical debt. These capabilities accelerate the early stages of modernization planning significantly. A process that once took months of manual code archaeology can now happen in weeks.

Where AI falls short is in decision-making under uncertainty. When your system contains business logic that contradicts itself - because two departments asked for conflicting features ten years ago and both got what they wanted - no AI can tell you which version is correct. That requires human judgment, business context, and often difficult conversations with stakeholders who may not remember why things are the way they are.

The honest assessment is that AI-powered legacy code modernization tools are powerful accelerants, not replacements. They reduce the labor involved in certain tasks. They do not eliminate the need for expertise. Vendors who claim otherwise are overselling. Vendors who dismiss AI entirely are behind the curve. The truth is in the middle, and it shifts constantly as the tools improve.

A Better Way to Evaluate Modernization Partners

If you take away one practical change from this article, let it be this: shift your evaluation from credentials to conversations.

Before you look at a vendor's certifications, have a working session where they examine a small portion of your actual codebase. Not a sanitized sample. A real piece, with real complexity. Watch how they react. Do they ask questions that reveal genuine curiosity? Do they identify issues you already knew about, proving their analysis is sound? Do they find something you did not know, demonstrating they can add value beyond your internal understanding?

The quality of questions a vendor asks tells you more than any certification ever could. A partner who interrogates your architecture with specificity has done this before. A partner who offers generic solutions to problems they have not yet understood will deliver generic results.

Also evaluate how they talk about timeline and risk. Experienced modernization teams speak probabilistically. They offer ranges, not fixed numbers. They identify assumptions explicitly and explain what happens if those assumptions prove wrong. They are comfortable saying "we do not know yet" because they understand that certainty early in a project is usually false confidence.

Finally, check references differently. Do not just ask whether past clients were satisfied. Ask what went wrong and how it was handled. Every significant engagement has friction. The measure of a partner is not the absence of problems but the quality of response when problems arise.

The Vendor You Need Might Not Have the Most Badges

Here is an uncomfortable truth. The vendors with the most certifications are often the largest vendors. Large vendors have dedicated teams whose sole job is to achieve and maintain certifications. They have marketing budgets to announce each new credential. They have sales processes optimized to present those credentials persuasively.

Smaller, more specialized firms often cannot afford the investment that certifications require. They are too busy doing the actual work. Their expertise is demonstrated in delivery, not in badges. This creates a selection bias where the most visible vendors are not necessarily the most capable for your specific situation.

I am not arguing that you should prefer small vendors. Size has its own advantages - capacity, stability, breadth of experience. I am arguing that certification count is a poor proxy for fit. A boutique firm with deep expertise in your particular technology stack and industry might dramatically outperform a global consultancy with dozens of certifications but no specific experience with your constraints.

The evaluation process should surface this. If you are only considering vendors who meet a certification threshold, you have already narrowed your options in a way that may not serve your interests. Consider what you are actually selecting for. Credentials prove that someone passed a test. Delivery history proves they can solve problems like yours.