top five things to consider before moving to the cloud
TRANSCRIPT
TOP FIVE THINGS TO CONSIDER BEFORE MOVING TO THE CLOUD
Abstract
Information technology is experiencing a fundamental shift toward cloud computing
driven by the desire to reduce cost and complexity, embrace popular technology, and
support remote workers. This paper explores five important things IT management
and staff must consider before embarking on a cloud migration.
Law Floyd
Director of Cloud Services
Telos Corporation
TABLE OF CONTENTS Introduction .................................................................................... 2
Organizations want to save money and reduce complexity. ......... 2
Cloud use is popular. ..................................................................... 2
Remote working has grown rapidly............................................... 2
The Top Five Things to Consider Before Moving to the Cloud .......... 3
Compliance and security ............................................................... 3
Current architecture ..................................................................... 5
Total cost of migration .................................................................. 7
Technical ability of current IT staff ................................................ 8
Migration project timeline ............................................................ 9
Phases of a Typical Cloud Migration .............................................. 11
The Cost Benefit Analysis............................................................... 11
TOP FIVE THINGS TO CONSIDER BEFORE MOVING TO THE CLOUD 2
TOP FIVE THINGS TO CONSIDER BEFORE MOVING TO THE CLOUD
INTRODUCTION Information technology is experiencing a fundamental shift toward cloud computing.
Several factors are driving this unprecedented and accelerating trend in both public and
private sector enterprises.
Organizations want to save money and reduce complexity. Saving money is
important to almost any organization, no matter how successful it may be. There are
many cost-saving benefits to moving to the cloud. Maintaining complex data centers
along with the various physical and logical security controls, as well as environmental
controls, can be complicated and expensive. Reducing that complexity and the
associated cost is one of the major drivers of this move to the cloud.
Cloud use is popular. Can fads really have an impact on buying trends in information
technology? The benefits of cloud computing can certainly be substantial, yet the truth
is that some consider a move to the cloud simply because “everyone is doing it.”
There are countless cases of trendy new technologies
taking hold despite being expensive and limited in
functionality. The first and second generation iPods,
for example, could only be used with specific software
and a single song format, but they were more
successful than alternative technologies that were
cheaper, smaller, and more flexible. The iPod became
very popular, and popularity increased demand.
A similar phenomenon is increasing cloud use. While cloud computing can reduce
computing costs and complexity, it may not be the best answer in all circumstances.
Remote working has grown rapidly. Recent years have seen the rapid acceleration of
work-from-home options, as employees yearn for greater work-life balance and
According to Global
Workplace Analytics,
there was a 173%
increase in remote work
from 2005 to 2018.
TOP FIVE THINGS TO CONSIDER BEFORE MOVING TO THE CLOUD 3
employers compete for skilled workers. According to Global Workplace Analytics, there
was a 173% increase in remote work from 2005 to 20181.
The 2020 pandemic turned this trend into a boom. Many companies that did not
previously offer work-from-home options are now saying that even after the recovery
they will keep a significant portion of their positions remote.
This has been a major factor in the increasing need for organizations to offer the ability
to access information in non-traditional ways. The rapid adoption of cloud services like
AWS Workspaces for virtual desktop infrastructure and Zoom's online meeting platform
has shown the flexibility that cloud computing affords remote workers and has eased
the burden on organizations as they transition a plethora of workers from on-site to
remote practically overnight.
THE TOP FIVE THINGS TO CONSIDER BEFORE MOVING TO THE
CLOUD To help determine whether cloud is the answer for your organization and to develop a
realistic plan for your migration, start by assessing your position on these major issues.
1. Compliance and security
2. Current architecture
3. Migration and maintenance costs
4. Abilities of the IT staff
5. Desired migration timeline
Compliance and security
The very first consideration when planning a cloud migration
should always be compliance and security.
To what security and compliance regimens is the organization
beholden? Examples of required compliance can be GDPR for
data protection for European data, HIPAA for US health care
data, or NIST Special Publication 800-53 for US federal
systems, to name just three of the many different types of compliance requirements
that an organization may need to address.
1 Global Workplace Analytics, “Telecommuting Trend Data,” March 13, 2020 https://globalworkplaceanalytics.com/telecommuting-statistics
TOP FIVE THINGS TO CONSIDER BEFORE MOVING TO THE CLOUD 4
Each of these various compliance regulations or standards dictates a specific set of
security controls that needs to be in place whether the data is processed on premises or
in the cloud. In some cases, compliance becomes exponentially more difficult in the
cloud simply because the regulation has not been updated to account for the way data
is handled in such a new environment. Technical
controls written to address on-premises computing
must be translated to address the way the cloud
operates.
Which cloud option will best enable the enterprise to
comply with the regulations or standards that apply?
Understanding which platforms and services are
approved for which standards and regulations before building the plan can save a lot of
headaches later in the cloud deployment when it’s time to implement security controls.
Don’t wait for the security assessment to find out the right security controls have not
been implemented or have been implemented incorrectly. In a worst-case scenario, an
enterprise using the wrong resource may be forced to completely re-migrate. This may
even require refactoring or even architecting, which would be very time-consuming and
costly.
The three big cloud providers make available data on the standards for which their
offerings are approved.
Amazon Web Services (AWS) lists its services in the scope of their compliance
efforts based on the expected use case, feedback and demand
Microsoft Azure offers a compliance documentation web page
Google Cloud Platform (GCP) has its compliance resource center
What security controls are currently in place on premises? Create a list of security
controls already in place that will need to be implemented in the cloud environment.
Consider what is being protected, how it is being protected, and why it is being
protected. The answers to these questions will help with planning how to implement
security controls in the cloud and how to comply with those controls when workloads
are moved to the cloud.
Will on-premises controls translate appropriately to cloud architecture? Understanding
how on-premises security controls will apply in the cloud is extremely important to a
successful migration. The list of current controls must be detailed to ensure they can be
translated as accurately as possible to reduce complexity. If controls are defined
differently than they were on premises, individuals responsible for managing them may
no longer have access or know how to implement them.
If compliance requirements
prohibit [a move to the
cloud], none of the other
considerations matter.
TOP FIVE THINGS TO CONSIDER BEFORE MOVING TO THE CLOUD 5
Consider this example of translating an on-premises control for application in the cloud.
If moving to AWS, an on-premises access control list would become a network access
control list (NACL) and security groups; in Azure, it would translate to Network Security
Groups; and in GCP it becomes VPC firewall rules. This is just one example of the ways
that things from on-premises can translate to existing services in the cloud.
It is worth reiterating that security and compliance should be the first consideration. If
compliance requirements prohibit such a move, none of the other considerations
matter.
Current architecture
The architecture of the current on-premises network directly
affects the level of effort required for migration. Asking
these questions to carefully document the existing
infrastructure will lay the groundwork for building the new
cloud-based structure.
What is the current network architecture? A current
architecture review will help determine what type of migration can be supported. There
may be certain aspects of the current architecture that can be addressed by refactoring
and using serverless resources. This will help reduce the complexity and cost of the
cloud environment. In the event of a lift-and-shift migration, the current architecture
can help determine what the cloud architecture should look like.
What are the organization's applications? The organization's current applications are
important for several reasons. They dictate what type of cloud architecture is needed –
virtual machine (VM) sizes, bandwidth
requirements and so on. For example, when an
Azure VM or AWS Elastic Cloud is employed, you
have to think about how much RAM is needed,
how many virtual CPUs are required for the
current application needs, and similar factors.
Another thing to consider is legacy applications.
Are there applications that depend on specific types of hardware? Can that hardware be
virtualized? If not, it may be time to retire the application and replace it with a better
and newer way to operate.
The interdependencies among applications must be clearly understood before
beginning a migration. Create an application dependency tree showing what
applications are dependent on others so that it’s clear which applications must be
moved together. If considering a hybrid model, an implementation that allows an on-
…it may be time to retire the
[legacy] application and
replace it with a better and
newer way to operate.
TOP FIVE THINGS TO CONSIDER BEFORE MOVING TO THE CLOUD 6
premises application to communicate with a cloud application may be required. It would
certainly be an ugly and expensive surprise to discover a critical application no longer
has access to the systems on which it depends.
What types of databases are being used? Database types may dictate which cloud
resources can be used. Consider what type of database is needed, such as SQL or
NoSQL. The application list and required architecture should show database
requirements per application as well as other services necessary to support that
database, such as how much space is required and input/output speed. Too little and
the application doesn’t work; too much and the organization is overspending.
How data is being handled? In the current architecture, what type of storage is being
used, such as solid state drives (SSDs) or standard hard drives (HDs)? Is there tape
storage for data archiving? This information will be necessary to determine which cloud
services are best for the circumstances, and it will have direct impact on cost.
What's the data lifecycle policy? Is data being archived? If so, how often? Understanding
such requirements will make for a smoother transition.
How much data is being stored? This too will have a dramatic impact on cost. Employing
object storage rather than file storage can reduce costs. Understand the scope of
storage requirements, both quantity and type.
How is logging data being handled? Consider where logs are stored, how they're stored,
the current security posture of logging data, and whether this structure will translate
correctly to the cloud. These questions are very important to getting a good handle on
what needs to be moved and to where.
What is the available bandwidth – in total and under a
typical workload? Bandwidth is particularly important in
a cloud environment because everything is moving. If
there’s not enough bandwidth to access cloud data,
that will be a major issue during the migration, but
even more so after the migration. Not being able to
access the applications the organization needs will be a huge setback, causing
interruptions in daily operations and possibly even loss of customers.
A thorough network assessment will alleviate later strain. Assessing available bandwidth
can be accomplished by a variety of network tools, such as the Solar Winds Network
Bandwidth Analyzer pack. These tools can be used to determine current bandwidth and
actual throughput. It is important to consider actual throughput while under a full load
with everyone at the organization working. If the analysis is done at night, the
throughput assessment is going to be wrong, which will lead to poor decisions.
Bandwidth is particularly
important in a cloud
environment because
everything is moving.
TOP FIVE THINGS TO CONSIDER BEFORE MOVING TO THE CLOUD 7
It’s also important to ensure enough bandwidth for the actual migration, although there
are alternatives such as shipping hard drives. These are important considerations for
determining how much bandwidth will be required both during and after the migration.
Total cost of migration
Cost, of course, is a critically important consideration in any
major undertaking, and a cloud migration is no exception.
Consider these questions to ensure a migration is the right
move and to determine the best migration method.
What kind of migration will the budget allow? A small budget
might require an expedited migration with little fallback,
which increases the risk. Running the same workload in both the cloud and on premises
during a transition period can be costly, but leaves more room for error and decreases
risk. A more substantial budget will allow for better testing and other activities to
remove some of the difficulty in the migration.
Was cost savings a major driver of the cloud move? If the opportunity for long-term cost
savings is the primary reason for a cloud migration, the success of the effort requires
careful documentation of cloud efficiencies that can be demonstrated to management.
Be sure to include:
Reduced management and operational complexity of IT resources
Reduced operational space
Reduced maintenance for on-premises servers and networking equipment
Reduced need for physical security – round-the-clock security guards, twenty-four-
hour video surveillance, etc.
Reduced compliance effort, as many of the required controls will now be inherited
from the cloud provider
Another extremely important cost consideration for many organizations is moving much
of the IT budget from capital expenditure to operational expense.
Once all of these anticipated efficiencies are compiled, take a step back to consider the
overall savings in your particular situation. Are you likely to realize the benefit
anticipated when you embarked on this project? The answer is likely a resounding yes,
but not all environments are the same, and you must consider whether the migration is
right for your enterprise.
Have training costs been considered? If operation and maintenance will be provided by
internal staff, proper training must be planned and budgeted. Operating in the cloud for
TOP FIVE THINGS TO CONSIDER BEFORE MOVING TO THE CLOUD 8
professionals who have only worked on premises can be a bit daunting. Be sure to
budget the required training to ensure their success.
Have professional services been budgeted? The use of professional services ensures that
well-trained and experienced individuals handle the planning and execution of the
migration. Some organizations will also want to
consider outside professional services for ongoing
operation and maintenance of the cloud
environment. Using professional services reduces
the risk involved in the migration.
If the professional services budget is tight, it is
important to assess the strengths and weaknesses
of the in-house team's ability before deciding where help is most needed.
Many enterprises discover that professional services to support each new phase of the
migration process are more expensive than the last. Operation and maintenance is
typically more expensive than migration, and migration is more expensive than
planning. This is not always the case, but anticipate it to avoid being caught off guard.
Does the budget allow for hiring cloud professionals? An alternative to hiring professional
services is to beef up the existing IT staff with trained and experienced cloud
professionals. These decisions should be made after a careful evaluation of the skills and
experience of the current IT team.
Technical ability of current IT staff
The ability of your in-house IT group is important when
migrating. Take the time to evaluate the training, skill level,
and experience of each team member, as they relate to the
major portions of the project.
Is staff able to assess and migrate security? IT security is critical
to every organization and requires a specific skillset. Adding
the complexity of security in the cloud requires a unique combination of skills.
Understanding the capabilities of the current team to not only assess the current
security controls but to be able to translate them into cloud security controls and
implement them is very important.
Is staff able to assess and migrate architecture? It's likely, of course, that the current
team can properly assess the existing architecture. But can they translate that
architecture into cloud services and then migrate the entire network, along with
applications?
…professional services to
support each new phase of
the migration process are
more expensive than the last.
TOP FIVE THINGS TO CONSIDER BEFORE MOVING TO THE CLOUD 9
Is staff able to migrate data? The complexity of data migration increases with each
additional data type. If complex data lifecycle policies exist, the translation to cloud data
storage solutions becomes even more difficult. It is important that the ability to manage
this transition exists, as this can have a
large effect on savings, ease of later
operations, and even the success of the
migration itself.
Is staff able to maintain cloud operations?
Understanding the skills necessary to
maintain cloud operations and whether
that exists among the current staff is
key. The most carefully planned and
executed migration can fall flat without proper maintenance of the newly operational
cloud environment.
Should outsourced professional services be assessed and procured? With a thorough
assessment of the existing IT staff, management will be well positioned to determine
when to hire professional services and for which activities.
A valuable way to assess the abilities of the current team is to create a capabilities
matrix by outlining the overall requirements of the migration and having each member
fill out what they feel their capabilities are in reference to the project. Encourage an
honest and accurate assessment by each staff member. Everyone involved has a vested
interest in the veracity of this assessment, which will highlight the areas where
additional resources are needed and identify the right staff members to take on certain
aspects of the project. No one benefits form a failed migration, and no one wants
budget spent unnecessarily on professional services.
Migration project timeline
As with any complex project, managing expectations is critical
to success. Such a large undertaking will have a lot of
stakeholders, including senior management, IT management,
and IT staff, as well as users throughout the enterprise who
depend upon the applications. The dates agreed upon early in
the process are not always realistic. Managing the
stakeholders' expectations is very important in increasing the likelihood of success of
the migration.
Everyone involved has a vested interest
in the veracity of [a capabilities matrix],
which will highlight the areas where
additional resources are needed and
identify the right staff members to take
on certain aspects of the project.
TOP FIVE THINGS TO CONSIDER BEFORE MOVING TO THE CLOUD 10
What is the expected versus likely start date for the migration? An ill planned migration is
much more likely to fail and cost the organization exponentially more in the long run
than if it had invested a little extra time and money during the planning phase.
It takes time to properly plan a cloud migration, and that planning must be done before
implementation begins. Reset expectations early, as the true complexity of the project
becomes clear.
What is the desired versus likely completion date? Each phase of the migration is rife
with opportunity for delay. Making sure to update the stakeholders and ensure they
understand the reason for any changes is
important to ongoing support for the migration
project.
Is there enough time allotted for each phase of
the migration? Not having enough time allotted
for each phase is a common mistake. There is
always the temptation to anticipate smooth
sailing. Expect the unexpected and allow enough time in each phase to make up for
difficulties discovered along the way. It’s much easier to report a project acceleration
than a project delay.
Yet, beware the opposite tendency as well. Don’t allot unnecessarily long periods of
time. Extra lengthy time allotments can cause loss of interest leading to loss of support
for the project, not to mention increased cost.
Does the timeline align with the budget? There is a budget impact to dedicating enough
resources to move quickly. Yet moving more slowly and deliberately can also impact the
budget. It is important that the budget properly fund each phase of the project, whether
that means professional services to accelerate the move or redundant resources to
ensure proper time for thorough testing. Surprise costs will likely cause waning support
from financial stakeholders. Making sure each portion of the timeline also makes sense
from the budgeting perspective will alleviate later complications.
Does the timeline align with IT staff ability? If the IT staff isn't fully versed in cloud
migration, has time been allotted for research, training, and proper testing? A team
spending all night researching to try and keep up with the timeline will burn out quickly.
Burned-out teams make mistakes and mistakes can cost time and money.
Managing the stakeholders'
expectations is very important
in increasing the likelihood of
success of the migration.
TOP FIVE THINGS TO CONSIDER BEFORE MOVING TO THE CLOUD 11
PHASES OF A TYPICAL CLOUD MIGRATION Each cloud migration project is, of course, unique to the organization. But an
understanding of standard phases of a typical migration will provide a valuable starting
point for planning and a context in which to address each of the considerations we’ve
discussed. Compliance and security can greatly influence the complexity of each
migration phase. Architecture can increase the complexity of a phase or completely
negate the need for a specific phase. A small budget may increase the time required for
each phase because of the inability to allot adequate professionals to the project. Staff
ability is a key factor, as the lack of necessary skill to complete a phase can not only
increase the length, but possibly even cause a flawed or failed migration. A timeline that
is too tight will put a strain on the migration team. In the inverse, a timeline that is too
loose may cause scope creep or even overall loss of interest in the project.
THE COST BENEFIT ANALYSIS This paper is designed to help IT professionals and management determine the best
course forward for their particular enterprise. Cloud computing can have dramatic value
for an organization – cutting costs, decreasing complexity, increasing flexibility and
responsiveness. Yet, it is not for every organization, at least not yet.
TOP FIVE THINGS TO CONSIDER BEFORE MOVING TO THE CLOUD 12
For example, if the organization has data that cannot be housed offsite because of
compliance with a specific regulation and a lot of applications work with that data, it
may not make sense to move to the cloud at that point. Another example is an
organization dependent upon a legacy application that requires hardware that cannot
be virtualized in the cloud. Perhaps a manufacturing process that uses older hardware
with built-in software. In these cases, staying on premises for the time being is the only
option.
But the trend is clear, and even in these extreme cases the future likely holds
reengineered solutions and processes that will more easily and economically live in a
cloud environment.
To learn more and to discuss how Telos Corporation’s cloud services team can help
realize the benefits of the cloud for your organization, please visit www.telos.com/cloud-
services or contact Telos at 703.724.3800.
Version 1.0
December 2020
©Copyright 2021 Telos Corporation. All rights reserved.