TOP FIVE THINGS TO CONSIDER BEFORE MOVING TO THE CLOUD

Abstract

Information technology is experiencing a fundamental shift toward cloud computing

driven by the desire to reduce cost and complexity, embrace popular technology, and

support remote workers. This paper explores five important things IT management

and staff must consider before embarking on a cloud migration.

Law Floyd

Director of Cloud Services

Telos Corporation

TABLE OF CONTENTS Introduction .................................................................................... 2

Organizations want to save money and reduce complexity. ......... 2

Cloud use is popular. ..................................................................... 2

Remote working has grown rapidly............................................... 2

The Top Five Things to Consider Before Moving to the Cloud .......... 3

Compliance and security ............................................................... 3

Current architecture ..................................................................... 5

Total cost of migration .................................................................. 7

Technical ability of current IT staff ................................................ 8

Migration project timeline ............................................................ 9

Phases of a Typical Cloud Migration .............................................. 11

The Cost Benefit Analysis............................................................... 11

TOP FIVE THINGS TO CONSIDER BEFORE MOVING TO THE CLOUD 2

TOP FIVE THINGS TO CONSIDER BEFORE MOVING TO THE CLOUD

INTRODUCTION Information technology is experiencing a fundamental shift toward cloud computing.

Several factors are driving this unprecedented and accelerating trend in both public and

private sector enterprises.

Organizations want to save money and reduce complexity. Saving money is

important to almost any organization, no matter how successful it may be. There are

many cost-saving benefits to moving to the cloud. Maintaining complex data centers

along with the various physical and logical security controls, as well as environmental

controls, can be complicated and expensive. Reducing that complexity and the

associated cost is one of the major drivers of this move to the cloud.

Cloud use is popular. Can fads really have an impact on buying trends in information

technology? The benefits of cloud computing can certainly be substantial, yet the truth

is that some consider a move to the cloud simply because “everyone is doing it.”

There are countless cases of trendy new technologies

taking hold despite being expensive and limited in

functionality. The first and second generation iPods,

for example, could only be used with specific software

and a single song format, but they were more

successful than alternative technologies that were

cheaper, smaller, and more flexible. The iPod became

very popular, and popularity increased demand.

A similar phenomenon is increasing cloud use. While cloud computing can reduce

computing costs and complexity, it may not be the best answer in all circumstances.

Remote working has grown rapidly. Recent years have seen the rapid acceleration of

work-from-home options, as employees yearn for greater work-life balance and

According to Global

Workplace Analytics,

there was a 173%

increase in remote work

from 2005 to 2018.

TOP FIVE THINGS TO CONSIDER BEFORE MOVING TO THE CLOUD 3

employers compete for skilled workers. According to Global Workplace Analytics, there

was a 173% increase in remote work from 2005 to 20181.

The 2020 pandemic turned this trend into a boom. Many companies that did not

previously offer work-from-home options are now saying that even after the recovery

they will keep a significant portion of their positions remote.

This has been a major factor in the increasing need for organizations to offer the ability

to access information in non-traditional ways. The rapid adoption of cloud services like

AWS Workspaces for virtual desktop infrastructure and Zoom's online meeting platform

has shown the flexibility that cloud computing affords remote workers and has eased

the burden on organizations as they transition a plethora of workers from on-site to

remote practically overnight.

THE TOP FIVE THINGS TO CONSIDER BEFORE MOVING TO THE

CLOUD To help determine whether cloud is the answer for your organization and to develop a

realistic plan for your migration, start by assessing your position on these major issues.

1. Compliance and security

2. Current architecture

3. Migration and maintenance costs

4. Abilities of the IT staff

5. Desired migration timeline

Compliance and security

The very first consideration when planning a cloud migration

should always be compliance and security.

To what security and compliance regimens is the organization

beholden? Examples of required compliance can be GDPR for

data protection for European data, HIPAA for US health care

data, or NIST Special Publication 800-53 for US federal

systems, to name just three of the many different types of compliance requirements

that an organization may need to address.

1 Global Workplace Analytics, “Telecommuting Trend Data,” March 13, 2020 https://globalworkplaceanalytics.com/telecommuting-statistics

TOP FIVE THINGS TO CONSIDER BEFORE MOVING TO THE CLOUD 4

Each of these various compliance regulations or standards dictates a specific set of

security controls that needs to be in place whether the data is processed on premises or

in the cloud. In some cases, compliance becomes exponentially more difficult in the

cloud simply because the regulation has not been updated to account for the way data

is handled in such a new environment. Technical

controls written to address on-premises computing

must be translated to address the way the cloud

operates.

Which cloud option will best enable the enterprise to

comply with the regulations or standards that apply?

Understanding which platforms and services are

approved for which standards and regulations before building the plan can save a lot of

headaches later in the cloud deployment when it’s time to implement security controls.

Don’t wait for the security assessment to find out the right security controls have not

been implemented or have been implemented incorrectly. In a worst-case scenario, an

enterprise using the wrong resource may be forced to completely re-migrate. This may

even require refactoring or even architecting, which would be very time-consuming and

costly.

The three big cloud providers make available data on the standards for which their

offerings are approved.

Amazon Web Services (AWS) lists its services in the scope of their compliance

efforts based on the expected use case, feedback and demand

Microsoft Azure offers a compliance documentation web page

Google Cloud Platform (GCP) has its compliance resource center

What security controls are currently in place on premises? Create a list of security

controls already in place that will need to be implemented in the cloud environment.

Consider what is being protected, how it is being protected, and why it is being

protected. The answers to these questions will help with planning how to implement

security controls in the cloud and how to comply with those controls when workloads

are moved to the cloud.

Will on-premises controls translate appropriately to cloud architecture? Understanding

how on-premises security controls will apply in the cloud is extremely important to a

successful migration. The list of current controls must be detailed to ensure they can be

translated as accurately as possible to reduce complexity. If controls are defined

differently than they were on premises, individuals responsible for managing them may

no longer have access or know how to implement them.

If compliance requirements

prohibit [a move to the

cloud], none of the other

considerations matter.

TOP FIVE THINGS TO CONSIDER BEFORE MOVING TO THE CLOUD 5

Consider this example of translating an on-premises control for application in the cloud.

If moving to AWS, an on-premises access control list would become a network access

control list (NACL) and security groups; in Azure, it would translate to Network Security

Groups; and in GCP it becomes VPC firewall rules. This is just one example of the ways

that things from on-premises can translate to existing services in the cloud.

It is worth reiterating that security and compliance should be the first consideration. If

compliance requirements prohibit such a move, none of the other considerations

matter.

Current architecture

The architecture of the current on-premises network directly

affects the level of effort required for migration. Asking

these questions to carefully document the existing

infrastructure will lay the groundwork for building the new

cloud-based structure.

What is the current network architecture? A current

architecture review will help determine what type of migration can be supported. There

may be certain aspects of the current architecture that can be addressed by refactoring

and using serverless resources. This will help reduce the complexity and cost of the

cloud environment. In the event of a lift-and-shift migration, the current architecture

can help determine what the cloud architecture should look like.

What are the organization's applications? The organization's current applications are

important for several reasons. They dictate what type of cloud architecture is needed –

virtual machine (VM) sizes, bandwidth

requirements and so on. For example, when an

Azure VM or AWS Elastic Cloud is employed, you

have to think about how much RAM is needed,

how many virtual CPUs are required for the

current application needs, and similar factors.

Another thing to consider is legacy applications.

Are there applications that depend on specific types of hardware? Can that hardware be

virtualized? If not, it may be time to retire the application and replace it with a better

and newer way to operate.

The interdependencies among applications must be clearly understood before

beginning a migration. Create an application dependency tree showing what

applications are dependent on others so that it’s clear which applications must be

moved together. If considering a hybrid model, an implementation that allows an on-

…it may be time to retire the

[legacy] application and

replace it with a better and

newer way to operate.

TOP FIVE THINGS TO CONSIDER BEFORE MOVING TO THE CLOUD 6

premises application to communicate with a cloud application may be required. It would

certainly be an ugly and expensive surprise to discover a critical application no longer

has access to the systems on which it depends.

What types of databases are being used? Database types may dictate which cloud

resources can be used. Consider what type of database is needed, such as SQL or

NoSQL. The application list and required architecture should show database

requirements per application as well as other services necessary to support that

database, such as how much space is required and input/output speed. Too little and

the application doesn’t work; too much and the organization is overspending.

How data is being handled? In the current architecture, what type of storage is being

used, such as solid state drives (SSDs) or standard hard drives (HDs)? Is there tape

storage for data archiving? This information will be necessary to determine which cloud

services are best for the circumstances, and it will have direct impact on cost.

What's the data lifecycle policy? Is data being archived? If so, how often? Understanding

such requirements will make for a smoother transition.

How much data is being stored? This too will have a dramatic impact on cost. Employing

object storage rather than file storage can reduce costs. Understand the scope of

storage requirements, both quantity and type.

How is logging data being handled? Consider where logs are stored, how they're stored,

the current security posture of logging data, and whether this structure will translate

correctly to the cloud. These questions are very important to getting a good handle on

what needs to be moved and to where.

What is the available bandwidth – in total and under a

typical workload? Bandwidth is particularly important in

a cloud environment because everything is moving. If

there’s not enough bandwidth to access cloud data,

that will be a major issue during the migration, but

even more so after the migration. Not being able to

access the applications the organization needs will be a huge setback, causing

interruptions in daily operations and possibly even loss of customers.

A thorough network assessment will alleviate later strain. Assessing available bandwidth

can be accomplished by a variety of network tools, such as the Solar Winds Network

Bandwidth Analyzer pack. These tools can be used to determine current bandwidth and

actual throughput. It is important to consider actual throughput while under a full load

with everyone at the organization working. If the analysis is done at night, the

throughput assessment is going to be wrong, which will lead to poor decisions.

Bandwidth is particularly

important in a cloud

environment because

everything is moving.

TOP FIVE THINGS TO CONSIDER BEFORE MOVING TO THE CLOUD 7

It’s also important to ensure enough bandwidth for the actual migration, although there

are alternatives such as shipping hard drives. These are important considerations for

determining how much bandwidth will be required both during and after the migration.

Total cost of migration

Cost, of course, is a critically important consideration in any

major undertaking, and a cloud migration is no exception.

Consider these questions to ensure a migration is the right

move and to determine the best migration method.

What kind of migration will the budget allow? A small budget

might require an expedited migration with little fallback,

which increases the risk. Running the same workload in both the cloud and on premises

during a transition period can be costly, but leaves more room for error and decreases

risk. A more substantial budget will allow for better testing and other activities to

remove some of the difficulty in the migration.

Was cost savings a major driver of the cloud move? If the opportunity for long-term cost

savings is the primary reason for a cloud migration, the success of the effort requires

careful documentation of cloud efficiencies that can be demonstrated to management.

Be sure to include:

Reduced management and operational complexity of IT resources

Reduced operational space

Reduced maintenance for on-premises servers and networking equipment

Reduced need for physical security – round-the-clock security guards, twenty-four-

hour video surveillance, etc.

Reduced compliance effort, as many of the required controls will now be inherited

from the cloud provider

Another extremely important cost consideration for many organizations is moving much

of the IT budget from capital expenditure to operational expense.

Once all of these anticipated efficiencies are compiled, take a step back to consider the

overall savings in your particular situation. Are you likely to realize the benefit

anticipated when you embarked on this project? The answer is likely a resounding yes,

but not all environments are the same, and you must consider whether the migration is

right for your enterprise.

Have training costs been considered? If operation and maintenance will be provided by

internal staff, proper training must be planned and budgeted. Operating in the cloud for

TOP FIVE THINGS TO CONSIDER BEFORE MOVING TO THE CLOUD 8

professionals who have only worked on premises can be a bit daunting. Be sure to

budget the required training to ensure their success.

Have professional services been budgeted? The use of professional services ensures that

well-trained and experienced individuals handle the planning and execution of the

migration. Some organizations will also want to

consider outside professional services for ongoing

operation and maintenance of the cloud

environment. Using professional services reduces

the risk involved in the migration.

If the professional services budget is tight, it is

important to assess the strengths and weaknesses

of the in-house team's ability before deciding where help is most needed.

Many enterprises discover that professional services to support each new phase of the

migration process are more expensive than the last. Operation and maintenance is

typically more expensive than migration, and migration is more expensive than

planning. This is not always the case, but anticipate it to avoid being caught off guard.

Does the budget allow for hiring cloud professionals? An alternative to hiring professional

services is to beef up the existing IT staff with trained and experienced cloud

professionals. These decisions should be made after a careful evaluation of the skills and

experience of the current IT team.

Technical ability of current IT staff

The ability of your in-house IT group is important when

migrating. Take the time to evaluate the training, skill level,

and experience of each team member, as they relate to the

major portions of the project.

Is staff able to assess and migrate security? IT security is critical

to every organization and requires a specific skillset. Adding

the complexity of security in the cloud requires a unique combination of skills.

Understanding the capabilities of the current team to not only assess the current

security controls but to be able to translate them into cloud security controls and

implement them is very important.

Is staff able to assess and migrate architecture? It's likely, of course, that the current

team can properly assess the existing architecture. But can they translate that

architecture into cloud services and then migrate the entire network, along with

applications?

…professional services to

support each new phase of

the migration process are

more expensive than the last.

TOP FIVE THINGS TO CONSIDER BEFORE MOVING TO THE CLOUD 9

Is staff able to migrate data? The complexity of data migration increases with each

additional data type. If complex data lifecycle policies exist, the translation to cloud data

storage solutions becomes even more difficult. It is important that the ability to manage

this transition exists, as this can have a

large effect on savings, ease of later

operations, and even the success of the

migration itself.

Is staff able to maintain cloud operations?

Understanding the skills necessary to

maintain cloud operations and whether

that exists among the current staff is

key. The most carefully planned and

executed migration can fall flat without proper maintenance of the newly operational

cloud environment.

Should outsourced professional services be assessed and procured? With a thorough

assessment of the existing IT staff, management will be well positioned to determine

when to hire professional services and for which activities.

A valuable way to assess the abilities of the current team is to create a capabilities

matrix by outlining the overall requirements of the migration and having each member

fill out what they feel their capabilities are in reference to the project. Encourage an

honest and accurate assessment by each staff member. Everyone involved has a vested

interest in the veracity of this assessment, which will highlight the areas where

additional resources are needed and identify the right staff members to take on certain

aspects of the project. No one benefits form a failed migration, and no one wants

budget spent unnecessarily on professional services.

Migration project timeline

As with any complex project, managing expectations is critical

to success. Such a large undertaking will have a lot of

stakeholders, including senior management, IT management,

and IT staff, as well as users throughout the enterprise who

depend upon the applications. The dates agreed upon early in

the process are not always realistic. Managing the

stakeholders' expectations is very important in increasing the likelihood of success of

the migration.

Everyone involved has a vested interest

in the veracity of [a capabilities matrix],

which will highlight the areas where

additional resources are needed and

identify the right staff members to take

on certain aspects of the project.

TOP FIVE THINGS TO CONSIDER BEFORE MOVING TO THE CLOUD 10

What is the expected versus likely start date for the migration? An ill planned migration is

much more likely to fail and cost the organization exponentially more in the long run

than if it had invested a little extra time and money during the planning phase.

It takes time to properly plan a cloud migration, and that planning must be done before

implementation begins. Reset expectations early, as the true complexity of the project

becomes clear.

What is the desired versus likely completion date? Each phase of the migration is rife

with opportunity for delay. Making sure to update the stakeholders and ensure they

understand the reason for any changes is

important to ongoing support for the migration

project.

Is there enough time allotted for each phase of

the migration? Not having enough time allotted

for each phase is a common mistake. There is

always the temptation to anticipate smooth

sailing. Expect the unexpected and allow enough time in each phase to make up for

difficulties discovered along the way. It’s much easier to report a project acceleration

than a project delay.

Yet, beware the opposite tendency as well. Don’t allot unnecessarily long periods of

time. Extra lengthy time allotments can cause loss of interest leading to loss of support

for the project, not to mention increased cost.

Does the timeline align with the budget? There is a budget impact to dedicating enough

resources to move quickly. Yet moving more slowly and deliberately can also impact the

budget. It is important that the budget properly fund each phase of the project, whether

that means professional services to accelerate the move or redundant resources to

ensure proper time for thorough testing. Surprise costs will likely cause waning support

from financial stakeholders. Making sure each portion of the timeline also makes sense

from the budgeting perspective will alleviate later complications.

Does the timeline align with IT staff ability? If the IT staff isn't fully versed in cloud

migration, has time been allotted for research, training, and proper testing? A team

spending all night researching to try and keep up with the timeline will burn out quickly.

Burned-out teams make mistakes and mistakes can cost time and money.

Managing the stakeholders'

expectations is very important

in increasing the likelihood of

success of the migration.

TOP FIVE THINGS TO CONSIDER BEFORE MOVING TO THE CLOUD 11

PHASES OF A TYPICAL CLOUD MIGRATION Each cloud migration project is, of course, unique to the organization. But an

understanding of standard phases of a typical migration will provide a valuable starting

point for planning and a context in which to address each of the considerations we’ve

discussed. Compliance and security can greatly influence the complexity of each

migration phase. Architecture can increase the complexity of a phase or completely

negate the need for a specific phase. A small budget may increase the time required for

each phase because of the inability to allot adequate professionals to the project. Staff

ability is a key factor, as the lack of necessary skill to complete a phase can not only

increase the length, but possibly even cause a flawed or failed migration. A timeline that

is too tight will put a strain on the migration team. In the inverse, a timeline that is too

loose may cause scope creep or even overall loss of interest in the project.

THE COST BENEFIT ANALYSIS This paper is designed to help IT professionals and management determine the best

course forward for their particular enterprise. Cloud computing can have dramatic value

for an organization – cutting costs, decreasing complexity, increasing flexibility and

responsiveness. Yet, it is not for every organization, at least not yet.

TOP FIVE THINGS TO CONSIDER BEFORE MOVING TO THE CLOUD 12

For example, if the organization has data that cannot be housed offsite because of

compliance with a specific regulation and a lot of applications work with that data, it

may not make sense to move to the cloud at that point. Another example is an

organization dependent upon a legacy application that requires hardware that cannot

be virtualized in the cloud. Perhaps a manufacturing process that uses older hardware

with built-in software. In these cases, staying on premises for the time being is the only

option.

But the trend is clear, and even in these extreme cases the future likely holds

reengineered solutions and processes that will more easily and economically live in a

cloud environment.

To learn more and to discuss how Telos Corporation’s cloud services team can help

realize the benefits of the cloud for your organization, please visit www.telos.com/cloud-

services or contact Telos at 703.724.3800.

Version 1.0

December 2020

©Copyright 2021 Telos Corporation. All rights reserved.