Modernization at enterprise scale. Evidence at every step.
Engineering leaders running estates of thousands of AWS workloads need more than a sample assessment and a spreadsheet. saasups assesses your entire estate, scores every workload against the 7 R's, and delivers a prioritized roadmap your team can interrogate — not trust blindly.
Three architectural commitments for engineering leaders.
Enterprise modernization programs fail for three predictable reasons: incomplete coverage, unacceptable security posture, and unowned decisions. saasups addresses each at the structural level.
Full-estate coverage
saasups assesses 100% of the workloads in scope — not a representative sample. Every resource is scored, every dependency is traced, every migration candidate is ranked. There is no sampling bias in the verdict.
Read-only, by design
saasups operates through a scoped, read-only IAM role. Your running infrastructure is structurally unreachable from the analysis plane. A bring-your-own-AWS-account deployment model is on the roadmap for organizations requiring VPC-private analysis.
Scored verdict. Your decision.
saasups produces the evidence-backed, scored recommendation. Your team approves the call. That accountability boundary is deliberate — decision support without decision displacement.
Four capabilities that change the math on large-estate migration.
Repeatable measurement. Economics at the center. Accountability across the full programme lifecycle. And evidence your architects can audit.
Measurable and repeatable
Every workload receives a 0–100 migration readiness score derived from dependency depth, utilization signals, and 7 R's strategy alignment. Scores are reproducible — rerun the assessment after remediation and see the delta. You are not relying on one consultant's judgment.
Cost-aware by default
saasups incorporates FinOps and TCO modeling into the assessment output. Every migration candidate surfaces an estimated cost delta: what the workload costs today on-premises versus the projected AWS target-state cost. Migration sequencing accounts for economics, not just technical risk.
End-to-end accountability
The assessment does not end at a recommended strategy. saasups tracks evidence through post-migration validation — so the assumption you made at assessment time can be checked against the outcome after cutover. That traceability is rare; we treat it as a structural requirement.
Clarity over guesswork
Every scored workload links back to the raw estate data that produced it: configuration snapshots, dependency relationships, utilization records. Your architects can inspect the evidence, challenge assumptions, and re-score. Conclusions are not black-box — they are auditable.
Security and trust posture
saasups is read-only by architecture. Here is where the program stands today and what is on the near-term roadmap.
In place today
- Read-only architecture
No write, delete, or mutate permissions are requested. Your running systems are structurally unreachable from the analysis plane.
- Scoped IAM role
We request the minimum permissions needed: AWS Config, Migration Hub, and optionally CloudWatch. You review and deploy the role — we never request changes unilaterally.
- Encryption in transit and at rest
All data in motion uses TLS 1.3. Ingested estate data is encrypted at rest with AES-256, per-tenant keys rotated on a 90-day cycle.
- Data minimization
We ingest resource configuration, dependency relationships, and utilization signals. No source code, database contents, secrets, PII, or application traffic.
- Audit trail
All assessment activity — connections, ingestion events, analysis runs, output deliveries — is logged and available to your security team on request.
On the roadmap
- Bring-your-own-AWS deployment
Run the full saasups analysis pipeline inside your own VPC. No estate data leaves your AWS account boundary.
- SOC 2 Type II
Security, availability, and confidentiality trust service criteria. Audit cycle initiated — report expected Q3 2026 (illustrative; not yet completed).
- ISO 27001
Information security management system certification. Pre-assessment underway (illustrative; not yet certified).
Items described as 'in progress' or 'illustrative' have not completed a formal audit or certification. Contact your account team for current attestations and available artefacts. No audit has been passed unless explicitly stated.
See a scored estate before you commit.
Connect a read-only source, and saasups returns a fully scored assessment of your AWS estate in approximately two weeks. No agents installed. No production systems modified. Your team reviews the evidence and decides what comes next.