For most organizations operating in today’s digital landscape, shifting even their most mission-critical workloads from traditional on-premises or colocation-based data deployments to public cloud platforms is increasingly a matter of how fast they can move and not a matter of if they are ready and willing.
Cloud environments offer greater agility and availability, simple and elastic scalability, and innovation that continues to accelerate digital transformation. Rather than focusing on the undifferentiated burden of infrastructure and platform maintenance, such as replacing end-of-life hardware, IT teams can invest their time in opportunities that differentiate their businesses or missions.
In addition to being superior to on-premises alternatives by these measures, public cloud platforms are also more cost efficient, turning significant capital expenditures into more manageable operational expenses through “pay as you go” methods. There are also strong and capable vendor engagement opportunities to help organizations modernize their IT infrastructure while minimizing new development during transformation.
Moving many – or eventually, all – workloads to a cloud environment has emerged as a leading choice for most companies. The “new IT normal” is to be hybrid and multi-cloud. While migrating and modernizing the data, infrastructure is largely a proven space with a wealth of best practices available, bringing forward the right security where companies need to put extra focus to ensure they are ready for this new world.
The lift-and-shift method has drawbacks and alternatives
Organizations will often take a lift-and-shift approach when migrating some of their workloads to the cloud. This means that data platforms and applications are moved to a cloud environment with minimal proactive redesign or changes in the architecture, database, or data store choices.
In the short-term, this can look like the best strategy: with data center shutdown deadlines looming, it may seem the easiest way, with low associated costs. But it should only be seen as a stop-gap strategy. Some of the risks can be formidable relative to fleeting near-term benefits. The lift-and-shift approach might not afford the critical visibility into data and applications that customers have grown accustomed to, which they cannot assume they will have after they move to the cloud. Wise organizations will get in front of this to fully enjoy the benefits of cloud computing. Otherwise, lift-and-shift could have the effect of increasing companies’ threat surface and leaving them exposed to data breaches and expensive fines.
Fortunately, there are alternatives to this method that ensure visibility, compliancy, and control both during and after the migration process:
- Replatforming: The cost efficiency of this approach makes it an appealing alternative to lift-and-shift. Through this strategy, minor changes can be made to the application codebases and common data stores before it is shifted from one location to another, ensuring sufficiently high performance when it is placed in the new public cloud environment. This approach helps provide backward compatibility that allows developers to preserve and reuse familiar legacy capabilities and resources. However, the cloud can be different enough that such legacy capabilities and resources aren’t always compatible with the new environment, let alone optimal for it.
- Refactoring: A refactoring approach takes re-platforming to the next level, in which IT teams modify much of the application codebase using the cloud provider’s cloud-native features. This ensures those applications take more complete advantage of the new environment. Additionally, it is typically preferred when the application in question is critical to the business and requires the addition of features, scale, or performance. Unfortunately, this does mean meaningful amounts of legacy code could be put aside.
- Repurchasing: When transitioning to a cloud provider, many organizations take advantage of the opportunity to discontinue existing legacy systems and end previous licensing in favor of commercially available software delivered as a service, including those from the same vendor as their legacy systems. This is common when the legacy system in question is completely incompatible with the new target environment. It has the added benefit of reducing the need for a costly development team.
- Retiring: All cloud migration initiatives should begin with an IT portfolio audit to assess migration complexity, cost requirements, and security risks. During this evaluation, IT teams might discover that certain datasets and applications are relatively unused and no longer justify any meaningful impact on resources. As a result, they are retired as the organization moves forward to the new cloud environment.
- Retaining: As an alternative to the retiring strategy, retaining involves keeping some applications on-premises or in a colocation as part of a hybrid cloud strategy. This approach can be chosen for technical, security, compliance, or economic reasons – or, for comfort during such periods of digital transformation, at least for a while.
Once an approach has been selected, new challenges arise. Organizations will likely have applications at different stages of modernization, yet security teams need to monitor them all for suspicious activity that could indicate a breach. While cloud providers offer native security tools, organizations cannot rely on them to standardize and maintain digital defenses. Research shows over 80% of ransomware attacks are caused by misconfiguration of devices and software. Security leaders shouldn’t assume they will be a part of that safe 20% and instead must take proactive steps to protect their cloud migration.
The difference between a successful cloud migration and one that results in costly data breaches and fines is often a lack of security alignment and the need to leverage services that are not available on-premises.
The right project roadmap prioritizes the security of sensitive data while keeping projects on schedule and under budget, assuring workload compliance. This approach ensures all applications and data, no matter what level of modernization they are at, will be protected. This includes:
- Identifying business compliance, risk, and governance requirements
- Assessing and selecting (a) cloud provider(s), service model, and deployment model
- Defining the deployment architecture
- Assessing the security policies and controls to identify potential conflicts or gaps in coverage
- Developing and deploying a cloud migration strategy
- Modifying the deployment as necessary
More and more, security teams are turning to holistic solutions that provide a unified view of enterprise data risks that encompasses both structured and unstructured data management systems. Meaning, wherever applications live – from public cloud platforms to on-premises or colocation-based data deployments – the same security policies can be uniformly implemented across the board. These solutions often extend traditional security approaches with advanced controls and proactive and predictive analytics to enhance compliance, visibility, risk identification, and incident response.
Having a cloud migration strategy selected and roadmap developed will be critical to the solution audit process, ensuring the technology selected is in lockstep with your organization’s needs, budget, and goals.