Creating a Cloud Strategy

Creating a Cloud Strategy

Without proper planning, rushed migration processes can bring increased risk, cost and complexity.

Pandemic-triggered workforce changes led businesses worldwide to accelerate their cloud migration plans by an average of six years, according to a recent Lawless Research study. While the cloud addressed many immediate remote work requirements, hasty migrations have also exposed many organizations to increased risk, costs and complexity.

Gartner analysts say almost 70 percent of organizations increased their cloud spending in 2020 to address operational challenges. However, many migrated applications, data and workloads without first developing a clear cloud strategy. As a result, a third say they have not captured all the cloud benefits they were expecting.

“A cloud strategy is critical for every organization and should be a concise point of view on cloud and its role in the organization,” said Raj Bala, senior research director at Gartner. “Moving to cloud without a cloud strategy results in ad hoc adoption patterns, resulting in higher costs, disjointed management, security vulnerabilities and overall dissatisfaction with cloud outcomes.”

Inadvertent Risk
Security is a prime concern. In the rush to the cloud, organizations greatly expand their potential attack surface, and IT teams are left with too many cloud instances with too many interfaces to adequately govern. Administrators are often shocked at how little visibility they have into their cloud workloads. Hackers have been eager to exploit these gaps. Remote attacks on cloud services increased by 630 percent during the first few months of the pandemic, according to McAfee security analysts.

Malicious actors are particularly quick to exploit configuration errors that result from hasty cloud migrations. Overly broad identity and access management permissions are among the most significant such errors. When attackers steal or otherwise compromise over-permissioned identities, they can gain access to business-critical resources and confidential data that should be tightly restricted. Most instances of unauthorized access to cloud-based storage, databases and virtual servers result from configuration errors.

Network integration issues, connectivity requirements, software licensing models and unexpected application requirements are among other issues that can disrupt cloud operations. Legacy applications frequently present special migration challenges because they are based on older operating systems and hardware and require re-engineering. According to a recent HIS Markit report, up to three-quarters of companies report that they’ve had move a migrated application back to their own infrastructure due to performance issues.

Building a Plan
Such issues underscore the importance of developing a clear migration strategy that addresses security, privacy and compliance concerns, establishes expected benefits, explores which cloud model (public, private, hybrid or multicloud) best suits business requirements, and ensures the company network supports cloud requirements. Following are a few key elements that should be included in any cloud migration plan:

Assess the Current Environment. Compute, network, data center, power and storage resources must be properly aligned to support cloud resources. A network assessment will help organizations understand workload demands on infrastructure and where there may be potential bottlenecks. Once network readiness is established, organizations should thoroughly assess all applications and workloads across multiple characteristics, including cloud objectives, technical feasibility and risk. The assessment also should establish a clear business case, identifying specifically for each app why migration will deliver value and competitive advantages.

Explore the Options. Cloud providers typically offer the framework, tools and services to simplify migration, but organizations must decide which migration approach makes the most sense. Re-hosting is a fairly simple migration plan in which the application and its components are migrated with few or no changes. Refactoring takes advantage of services such as cloud-managed databases rather than migrating existing databases to the cloud and continuing to manage them internally. Rebuilding an app in a cloud environment using modern frameworks can improve resilience. Replacing legacy apps with a commodity SaaS offering can eliminate complexity and deliver improved functionality.

Keep Everyone in the Loop. Cloud sprawl has become an issue during the pandemic as organizations and individual users experiment with multiple cloud services. Uncontrolled adoption cloud services can easily waste resources, increase costs and create management complexity. Minimize these challenges by creating a detailed plan describing how cloud resources should be acquired and deployed.

Understand Shared Responsibility. Cloud providers operate on a shared responsibility model. Simply speaking, that means providers are responsible for the security of their cloud infrastructure, but customers are responsible for securing any data they put in the cloud. Organizations that lose data as the result of accidental or malicious deletion, overwritten data, misconfigured APIs or migration errors may be shocked to learn their provider can’t restore their data.

Start Slow. When prioritizing migrations, avoid the temptation to start with your most important workloads. Some may require significant code or architecture changes. Instead, begin with some nonessential applications that can be moved with few alterations. That gives IT teams a chance to become more familiar with the migration process before tackling more complex jobs.
The cloud delivers undeniable business benefits, but it also presents significant business and technological challenges. To avoid such pitfalls, organizations should develop an overarching strategy that guides decision-making and ensures all cloud solutions align with business requirements and the IT infrastructure.