Improving Cloud Migration and Security: The Three Best Approaches

Sep 10 2017

This piece originally appeared on CloudTech

Migrating towards a cloud-delivered approach for IT systems is an attractive proposition for many enterprises. With big drivers like cost efficiency and business agility, more CIOs are looking to make the move. And as it stands, most modern companies have either started migrating toward a public cloud or are in the early planning and analysis phases of doing so.

However, making the jump from on-site infrastructure to cloud-hosted platforms is not free of challenges such as regulation, data governance, billing and cost management. One of the CIO’s highest priorities must be to minimize migration risk.

According to a LinkedIn Information Security Community survey, 49 percent of CIOs and CSOs feel that one of the major barriers to cloud adoption is the fear of data loss and leakage, and 59 percent believe that traditional network security tools and appliances worked only somewhat or not at all in the cloud.

So what major risks and concerns do CIOs and CISOs need to address before making the leap to the cloud? Consider the following:

Regulatory requirements: Depending on the industry, companies may be subject to more stringent regulations such as PCI DSS (payment cards), SOX, and HIPAA (health data). While the cloud doesn’t change the process and requirements needed in order to meet those regulatory standards, it often means that an organization will need to leverage new approaches and technology. Some examples include identity and access management (IAM), audit logging and anomaly detection, and incident response and responsible disclosure.

Data governance: A well-informed strategy for data governance and locality can be a great addition, or sometimes a part of, regulatory requirements. As with on-premises, CIOs need to make sure that they have a well-defined data access policy in place to ensure that users can’t access or move data unless they are first approved. Additionally, encryption of sensitive data (both in-transit and at rest) should be implemented, and in the case of HIPAA, it’s required.

Infrastructure and application security: Moving to a software-defined security model instead of a hardware-defined appliance and perimeter-based mode is one of the biggest changes to infrastructure security in the cloud. The same network planning needs to take place up-front, but it should be done with remembering that there is no true perimeter, and that all resources are elastic.

Due to this elastic, programmatic environment, it’s advised to have a continuous change monitoring solution in place so that there are never any configuration “surprises” that can potentially expose critical data or assets. Application security testing should ideally be performed during every new update that is delivered to provide continuous security assurance in addition to infrastructure security.

The top migration approaches

After an IT department has fully addressed these risk factors, they can move on to plan the best cloud migration approach to meet the company’s business objectives and requirements. While there are a number of approaches used in the industry, below are the most broad:

Lift and shift: This approach involves mapping the on-premises hardware and/or VMs to similar resource-sized cloud instances. For example, if a company’s front-end application server has 4 CPUs, 64GB of RAM, and 512GB of local storage, they would use a cloud instance that matches that configuration as closely as possible. It may be challenging though, as on-premise solutions are typically over-provisioned with respect to resources in order to meet peak loads as they lack the elastic, auto-scaling features of cloud. This often results in increased cloud costs, thought that may be fine if it’s a short-term approach.

Refactor and re-architect: To best maximize the features of cloud, such as auto-scaling, migration can be the forcing function to take some time and re-architect the application to be more performant and also keep the costs under control. It may also be the best time to re-evaluate technology choices, as a company may be able to switch some solutions like moving to open-source or cloud-native offerings, and away from more expensive commercial ones.

Shelve and spend: This third approach involves retiring a monolithic on-premises application and moving to a SaaS solution. For example, migrating an HCM (Human Capital Management) application, which is often a disparate set of code bases tied together with a relational database, to an offering such as Workday HCM. This offloads the operational burden of the service and infrastructure to the SaaS provider and allows for the modernization of business logic.

While there may be hurdles and challenges to overcome with cloud migration, these approaches will ensure that CIOs and CSOs take the best route in order to capitalize on the benefits of moving to the cloud, while minimizing risk at the same time.

  • Share: