Consider this: Cloud computing is growing seven times faster than overall IT spending growth, according to IDC.
“Australia has long been a fast adopter of new technologies and cloud is no different,” according to IDC Vice-President, Trust, Security & Blockchain Research at IDC Asia/Pacific, Simon Piff.
“The Australian public cloud market, for example, stood at US$4.0 billion in 2019 and is forecast to grow to US$8.1 billion by 2024, a 15% compound annual growth rate.”
Hybrid cloud adoption, for its part, is also on a tear, with Gartner estimating $1.3 trillion in IT spending will be affected by the shift to the hybrid cloud by 2022.
In fact, global organisations – and IT leaders – are on a mission to replace legacy systems, modernise the IT environment – and embark on a cloud migration journey to get the job done.
And there’s no shortage of compelling reasons why organisations are turning to the cloud – either public, private, hybrid or multi-cloud scenarios.
From reducing IT costs to accelerating innovation and enabling digital transformation; to increasing business agility and improving security, the list of benefits is growing faster than the wink of an eye.
But despite the rip-roaring numbers – and clear-cut benefits – many IT managers are still struggling to embark on a secure and successful cloud migration journey.
What’s more, common pitfalls and pain points – along with myths, misinformation and ingrained fears and beliefs – continue to wreak havoc across the industry, and stop many IT professionals in their tracks.
So, what can be done to help ease the burden and score some wins on the board with an organisation’s cloud migration journey?
First, let’s consider some of the challenges we’re up against as an industry, and plaguing many IT managers, namely:
- ‘Fear of the unknown’ – which stops many IT managers from ‘pushing ahead’ with a cloud migration plan;
- Inertia setting in as IT managers simply ‘don’t know where to start’;
- Concerns with security implications when moving to the cloud,
- Legacy technologies and associated vulnerabilities complicate cloud migration;
- Organisations fail to recognise crucial benefits of security features like 2FA (two-factor authentication);
- Lack of time/resources to effectively migrate to the cloud securely;
- Public cloud providers muddy the waters and create too much hype/confusion;
- Organisations unclear about the ‘cost/benefits’ with cloud migration;
- Uncertainty about the right cloud strategy – compounded by lack of education around customisation, complexity of the IT environment; and
- Organisations can’t fill the rising IT/security skills gaps.
The skills gap, in particular, is wreaking havoc across the industry. According to the Top Security and Risk Management Trends for 2021, Gartner research shows 80% of organisations reveal they’re having a hard time hiring security professionals, and 72% say it’s impacting their ability to deliver security projects within their organisations.
What these and other pain points highlight is the fact that many organisations – and IT managers – are struggling to take the next step and need guidance when plotting a cloud migration journey, and navigate the complexities.
In fact, it’s a balancing act: IT teams need to cater to the ‘new ways of working’ and rapidly enable systems to be accessed from home, while also protecting a company’s core IT environment and ramp up digitisation efforts (including core applications and services).
So, what are the crucial first steps? Let’s consider some ‘lessons learned’ from the people in the trenches – a trio of IT insiders at the coalface of the cloud market and knee-deep in delivering countless migrations across a host of organisations – both large and small – across different verticals.
Here’s a round-up of their Top Five tips to get you going:
1) Know Your Environment. “Knowing what you have is key, and the essential first step,” according to Somerville Chief Information Security Officer (CISO), Kevin Koelmeyer. Take the guesswork out of the situation and perform a cloud migration discovery and analysis, which involves assessing the entire infrastructure, applications and data.
“So often organisations don’t know the overall IT environment, and certainly don’t know what applications they have, and where the applications reside. Some customers may even think that the applications are hosted in the environment when, in fact, they’re actually outside.”
A big part of the problem is the fact there’s too many cooks in the kitchen, according to Somerville Cloud Services Manager, Aden Axen.
“A lot of times, when we come across the migration state (and get involved and talk to our customers), they’re not well versed on what’s happening. In fact, someone else has had their hands on it before them – it’s been passed through so many different IT managers – so it can be quite confusing,” Axen explained.
“We see all sorts of things like that. It takes a lot of ironing out, education and understanding. It’s very hard to turn it off and see what happens. That’s the biggest problem for us when it comes to migration and repair.”
2) Know Your Backups. Today, a massive security vulnerability comes on the backup front. “The bad actors are going after the backups to encrypt them, destroy them, and encrypt the infrastructure,” Koelmeyer said.
“So, make sure you know your backup regime. What do you want to do with your backups? If you want to migrate to the cloud, what’s your backup regime? Where do you want to back up the information?
“Customers moving to Office 365 don’t realise they need to back it up – they think Microsoft will back it up. But Microsoft won’t back it up,” Koelmeyer advised. “So, understand the backup environment, along with your role and responsibilities.”
3) Know Your Security. Security is one of the biggest areas of confusion and ongoing challenge for today’s IT leaders – particularly during any type of cloud migration.
“You need to always think of security when you’re moving from one incarnation of your environment to another,” Koelmeyer said. “If it’s secure in one space, then you need to see how secure it will be once it’s in another, like in the hybrid environment, for example, or once it’s in the public cloud.”
Certainly, make sure you have a robust security framework and understand the cloud security posture, Axen added. For starters, ensure visibility and management across the entire IT environment, including endpoints, access points, and networks to keep them secure.
4) Know Your Data. Data is the lifeblood of any organisation – so take an inventory of the data and applications, and create a data migration plan, Koelmeyer said. Determine how much data needs to be moved, how quickly it needs to be done, and how to migrate that data – and understand the issue of data sovereignty as it relates to your organisation.
“So many organisations don’t realise you shouldn’t store your data in other countries,” Koelmeyer explained. “The sovereignty issue of where your data is, and what happens to that data when it goes to other countries needs to be considered. Companies need to be made aware of that.”
Axen also advised firms to understand the shared responsibility model when it comes to a cloud migration – this includes knowing the configuration models and knowing what data is moving in and out, and whether it’s safe.
“With a lot of the migrations, companies are moving away from the legacy systems to new systems, so they need to understand certain considerations to ensure the integration of the data is maintained – and they’re using the right application for the right purpose,” Axen said.
5) Know your Costs. A cost versus value discussion is always top of mind, Koelmeyer said, explaining all organisations need to know the true cost/benefits of a cloud migration journey, along with the hidden costs. Perform a cost control – monitor the environment – and get the answers.
“What’s happening to the performance? Where are my costs going? Is this running too hot and costing me too much money? What’s consuming the private cloud and public cloud environments? Monitor what’s going on. Having a deep understanding of all of those elements is critical to be successful. If you don’t have those things in place, you won’t be successful in migrating.”
But the list doesn’t stop there. The tech insiders threw in a few additional pointers to help organisations modernise the IT environment and safeguard the fort.
Ensuring the IT team has total buy-in from the senior management team, and full agreement on the cloud migration plan, is yet another critical step.
“You’d be surprised how many times we ask an IT manager, ‘What are the expectations of leadership on data retention?’ and they simply can’t tell you,” Koelmeyer said. “That’s when it can go off the rails – when there’s not enough senior management buy-in.”
And don’t forget about the critical steps related to performance, according to Somerville Connectivity Services, WAN and ISP Manager, Oshadha Ranaweera.
Ranaweera said organisations need a ‘deep dive’ around performance to ascertain the right levels and ensure a smooth and successful cloud migration.
“You might have the right volume of data, and you might have it in the right locations, but the performance capability factor also needs to be considered to get the best outcome and best experience,” Ranaweera said.
“When it comes to performance (either for private or public cloud), the security and connectivity has to be taken into account given those components add to the overall experience.”
At the same time, Andrew Milroy, cybersecurity analyst, Adjunct Professor, Principal Advisor of Ecosystm, and Founder of research and consulting house, Veqtor8, also weighed into the discussion.
Milroy revealed his 4-point checklist for a successful cloud migration:
- Go cloud native wherever possible;
- Ensure security policies are applied in the cloud (this can be an afterthought for many companies);
- Ensure visibility across all cloud assets; and
- Get board level buy-in.
Undoubtedly, all of these measures require “time, effort and planning. You don’t want bits of your system not working as you’re mitigating,” Milroy said. Seek guidance and third-party support when and as needed to ensure a secure and successful cloud migration.