All posts by mikekail

The top three approaches for improving cloud migration and security

For many enterprises, migrating towards a cloud delivered approach for IT systems is an attractive proposition. Cost efficiency and business agility are big drivers for CIOs to make the move.  Most modern companies have either started migrating toward a public cloud or they are in the early planning and analysis phases of doing so.

At the same time, making the jump from on-site infrastructure to cloud-hosted platforms is not free of challenges such as, regulations, data governance, billing and cost management. One of the CIO’s highest priorities must be to minimise migration risk.

According to a LinkedIn Information Security Community survey, 49 percent of CIOs and CSOs feel that one of the major barriers to cloud adoption is the fear of data loss and leakage and 59 percent believe that traditional network security tools/appliances worked only somewhat or not at all, in the cloud.

Before an organisation makes the leap to the cloud, it’s imperative for CIOs and CSOs to address the following risks and concerns:

Regulatory requirements: Depending upon the industry, a company may be subject to more stringent regulations such as PCI DSS (payment cards), SOX, and HIPAA (health data). While the cloud doesn’t change the process and requirements needed in order to meet those regulatory standards, it often means that an organisation will need to leverage new approaches and technology. Some examples include identity and access management (IAM), audit logging and anomaly detection, and incident response and responsible disclosure. 

Data governance: In addition to, or a part of, regulatory requirements is having a well-formed strategy for data governance and locality. As with on-premises, CIOs need to make sure that they have a well-defined data access policy in place to ensure that users can’t access or move data unless they are first approved. In addition to data access, encryption of sensitive data (both in-transit and at rest) should be implemented, and in the case of HIPAA, it’s required.

Infrastructure and application security: One of the main changes to infrastructure security in the Cloud is the move to a software-defined security model instead of a hardware-defined appliance and perimeter-based model. The same network planning needs to take place up-front, but it should be done with remembering that there is no true perimeter, and that all resources are elastic.

Due to this elastic, programmatic environment, it’s advised to have a continuous change monitoring solution in place so that there are never any configuration “surprises” that can potentially expose critical data or assets. In addition to infrastructure security, application security testing should be ideally performed during every new update that is delivered to provide continuous security assurance.

The best migration approaches 

Once the IT department has fully addressed these risk factors, they can move on to plan the best cloud migration approach to meet the company’s business objectives and requirements. While there are a number of approaches used in the industry, below are the most broad:

Lift and shift: This approach involves mapping the on-premises hardware and/or VMs to similar resource-sized cloud instances. For example, if a company’s front-end application server has 4 CPUs, 64GB of RAM, and 512GB of local storage, they would use a cloud instance that matches that configuration as closely as possible. The challenges with this approach is that on-premise solutions are typically over-provisioned with respect to resources in order to meet peak loads as they lack the elastic, auto-scaling features of cloud. This results in increased cloud costs, which may be fine if this is a short-term approach

Refactor and rearchitect: In order to best maximize the features of cloud, such as auto-scaling, migration can be the forcing function to take some time and re-architect the application to be more performant and also keep the costs under control. It is also a good time to re-evaluate technology choices, as a company may be able to switch some solutions from more expensive commercial ones, to open-source or cloud-native offerings.

Shelve and spend: This third approach involves retiring a monolithic on-premises application and moving to a SaaS solution. An example of this would be an HCM (Human Capital Management) application, which is often times a disparate set of code bases tied together with a relational database, migrating to an offering such as Workday HCM. This allows the modernisation of business logic and offloads the operational burden of the service and infrastructure to the SaaS provider.

While there are a number of hurdles and challenges to overcome when it comes to cloud migration, these approaches can ensure that CIOs and CSOs take the best route in order to capitalize on the benefits of moving to the cloud, while minimising risk at the same time.