Best Practices for Moving Workloads to the Cloud

With data floating around in the clouds, it is good that you know how to secure it all.

Clouds
allycatastrophe.deviantart.com

The rapid diffusion for the cloud computing paradigm and promised benefits for the adoption of cloud infrastructure are attracting a growing number of businesses and organizations.

Of course, it is essential for organizations to maximize the benefits of migration to cloud architecture by reducing costs and minimizing risks.

Cloud computing represents a fundamental change in how companies use and provide their services. For many small and midsize businesses, it represents a choice to compete in a business environment with powerful competitors.

IT managers are today inundated with countless business proposals. For this reason, I will give you some useful insights for moving workloads to the cloud.

Identify decision makers within the upper management of the enterprise and be sure of their commitment.

Advertisement

The adoption of cloud architecture is a process that requires strong effort for the entire enterprise. Every function, application and data have to be moved to the cloud; for this reason, it is necessary to have a strong commitment from the management.

Top management is responsible for the harmonious growth of the company, and technology represents a key factor for business development today.

Managers have to establish reasonable goals for adopting the cloud computing paradigm. A migration to the cloud requires a team effort to plan, design, and execute all the activities to move the workloads to the new IT infrastructure. The migration process could be managed by three teams with a deep expertise in:

  • Infrastructure
  • Data and application
  • Cyber Security

The divisions have to coordinate their efforts, defining the transition plan and focusing on those activities that need a joint effort.

Public or private cloud, which to choose?

Enterprises have to choose the proper cloud architecture. One of the most important decisions is related to the adoption of a public or private cloud infrastructure.

The choice depends on various factors, including the size of the enterprise and the budget reserved to the IT services of the company. A public cloud is usually offered by specialized companies of large dimensions (e.g. Amazon, Google and Microsoft) which provides cloud infrastructure at low cost, including expenses for ordinary management of the architecture and of the hosted data.

Companies that choose a public cloud have little control of data. Data and applications are shared among numerous business with obvious repercussions on security and privacy.

[ How the cloud is changing the security game ]

In a private cloud, company data and applications are hosted in a remote data center dedicated to a single business, giving more control to the businesses in terms of security, privacy and flexibility. Obviously a private cloud is more expensive than a public one.

A third option is represented by a turnkey cloud: pre-tested and certified software and/or hardware and storage that could be quickly deployed by private companies and cloud providers. Turnkey clouds are especially convenient for organizations that lack IT resources; they allow small enterprises to adopt standard business applications from a big cloud provider through software such as a service (SaaS) model and use a cloud data center for services like email.

Choose the right cloud service provider

The choice of a provider requires the evaluation of a long list of options specifically related to the users’ business. The principal elements to consider for almost every company are:

Service Levels: This characteristic is essential when businesses have strict needs in terms of availability, response time, capacity and support. Cloud Service Level Agreements (SLA) are an important element to choose the right provider and establish a clear contractual relationship between a cloud service customer and a cloud service provider of a cloud service. Particular attention has to be reserved to legal requirements for the protection of the personal data hosted in the cloud service.

Support: The support is a parameter to consider carefully. It could be offered online or through a call center, and in some cases it could be necessary to refer to a dedicated resource with explicit timing constraints.

Security: What is the security level offered by the providers and which mechanisms are in place to preserve our applications and data? These and many other questions have to be formulated to the cloud provider to evaluate this essential feature for the overall architecture.

Compliance: Choose the cloud architecture according to the compliance with the standards for the specific industry. Privacy, security and quality are principal compliance to evaluate in this phase.

Prepare a detailed business plan to move to the cloud

It is necessary for a business plan to define the workflow for the migration to cloud infrastructure. The plan has to detail the resources involved in the process and related efforts. It must include the list of the services to migrate, the timeline of the operations, and the related costs on an annual basis.

In the drafting of the document, it is necessary to consider company business needs and requirements for the cloud provider that we need to choose. The migration impacts on every sector of the company, ranging from IT staff to the legal team that will deal with new types of technology contracts, so it is necessary to prepare the personnel in time.

Map business services to cloud IT services

The cloud computing model could be implemented at different levels. It could be very useful to list all the IT traditional services used/provided by the business and map them on the related cloud services listed below.

  • Infrastructure-as-a-Service (IaaS) is the provisioning model for the outsourcing of the equipment used to support operations of the companies, including storage, hardware, servers and networking components. It is important to determine whether the cloud-based server hardware and operating system (OS) are compatible with the company’s server infrastructure and OS.
  • Platform-as-a-Service (PaaS) Platform software services is the provisioning model for various software, including web application database servers. It is crucial to verify that the PaaS environment chosen will support all features of the application server used by the company.
  • Software-as-a-Service (SaaS) Applications provided as a service. Depending on the type of application to migrate, it is necessary to evaluate the existence of SaaS-based alternatives which have to meet both business and technical needs. Do not underestimate the necessity to migrate pre-existing data to the new application.
  • Data-as-a-Service (DaaS) Data or information delivered from the cloud, either as raw data sets or consumed through an analytics interface.
  • Business Process-as-a-Service (BPaaS) is the delivery of business process outsourcing (BPO) services that are sourced from the cloud.

Assess company applications and workloads

Once traditional IT services are mapped in cloud services, it is necessary to assess applications and workloads singularly. In this phase, IT staff in charge of the migration needs to determine which applications and data can be readily moved to a cloud infrastructure, which service to adopt, and which delivery models (public, private, or hybrid) meets the business needs of the company. It is a good practice to start from the lowest-risk applications, which usually have a minimum impact on the business continuity of the organization.

Adopt a flexible interoperability model

Almost every application migrated to a cloud service has connections with various other applications and systems. It is crucial to preventively evaluate the impact of the migration on these connections and prevent any interruption in data flows.

The communication between applications is typically classified into three categories:

  • Process integration, where an application invokes another in order to execute a specific operation.
  • Data integration, where applications share common data.
  • Presentation integration, where different applications provide computational results at the same time, mainly for the composition of a user’s dashboard.

The migration to a cloud infrastructure must be supported by a careful review of the overall interoperability of the business. Every interaction between systems inside the company and with outside entities has to be assessed and maintained in the new cloud infrastructure.

In many cases, it is not so easy to maintain the integration level and to ensure interoperability; “re-integration” activity of all the components subject to the migration is necessary.

Avoid being locked into a particular cloud service supplier/vendor

One of the greatest concerns for company managers in the migration phase is to avoid being locked to a particular cloud service provider. The problem is particularly concerning at the SaaS and PaaS levels.

For high management and IT staff, it is important to have an alternative strategy defined before the migration process will start.

Implement security and privacy requirements

Security and privacy are probably the most concerning issues for enterprises that decide to adopt a cloud infrastructure. Below are just a few questions that every IT security manager has in mind when he approaches the cloud computing paradigm.

  • Confidential data are securely stored in the cloud?
  • Which are the risks related to the exposure to the cyber threats?
  • Can we trust the cloud service provider’s personnel?
  • Which is the level of security offered in the SLA?
  • Which are the security mechanisms in place?
  • Are we compliant with security standards? Which one?

Privacy is closely related to security. A huge amount of sensitive data and personally identifiable information (PII) are stored by enterprises into cloud architectures, and there is the need to preserve them from intentional cyber attacks and accidental incidents.

Cloud security diagram
Related:
1 2 Page 1
Page 1 of 2
Survey says! Share your insights in our 19th annual State of the CIO study