Enterprises face many challenges when migrating to the Cloud. Ultimately, these challenges are not simply technical. Cloud Migration involves fundamental changes in the way teams deliver technology and the operational processes within the Enterprise. I have worked at two Financial Enterprises which migrated to the Cloud, here are my thoughts and reflections:

We have all heard the pitches on how the migrating to the Cloud lowers costs, unleashes unlimited computing power, and delivers content faster than ever before – just like the genie in the lamp. Generally speaking, that’s mostly true. 

However, Cloud practitioners typically do not talk about the necessary steps needed to achieve this computing nirvana. Migrating to the Cloud requires significant investments in development and operation teams, as well as in new processes for releasing software, and supporting their customers.

Benefits of Moving to the Cloud

There is no doubt in my mind that moving to the Cloud, except for a few specific businesses, is critical for enterprises to compete. Given the appropriate tools and processes, companies can release new software in minutes, handle usage spikes, while only using minimal resources. Without the Cloud, companies would have to massively over-provision for anticipated growth and any usage spikes that may occur.

When I was at FINRA, one of the executives liked to tout about how well the infrastructure scaled up during very heavy trading days. In fact, the systems scaled so seamlessly that they didn’t realize how much the systems scaled until after the event.

Cloud providers have metrics for all the resources being used: compute, network and storage. Those metrics can be built into a unified dashboard where the Enterprise can see the rate of growth and potentially take steps to save money, e.g., moving some data to cheaper storage, using cheaper compute for certain applications, etc. 

Without the Cloud, companies would have to massively over-provision for anticipated growth and any usage spikes that may occur.

Step #1: Manage Skills Gap

Every Enterprise understands there is a skills gap when moving to the Cloud. There are no magic bullets here: it will take time and resources for people to adapt to this new environment. Unfortunately, some people will not, or cannot, make this transition and the Enterprise may need to make some hard personnel decisions.

Start with a Few Projects, Share the Knowledge

An Enterprise could have hundreds of applications utilizing many different technologies. Pick one or two applications which align with well-known Cloud patterns, e.g., Web application or non-critical database, to migrate first.

These small steps will generate a lot of knowledge: how to onboard to the Cloud, learning new Cloud services, as well as overcoming the initial fear. Make sure all lessons learned are shared with teams tackling similar types of applications, to ease their transition.

Over time, the pool of knowledge will grow within the Enterprise. Make sure there are events, such as brown bag lunches, seminars, etc., to help share that knowledge.

Get Expert Advice

When migrating to the Cloud, there are a few critical decisions: how will the Enterprise Network connect to the Cloud? Should we use the Enterprise Identity Store, or a new one for applications in the Cloud?

These are hard questions and it’s important to come up with suitable approaches for your Enterprise. Once these decisions are made, it is possible to change them, but it will affect all applications which have previously migrated to the Cloud.

Getting expert advice on these key questions could help avoid an expensive re-do in the future.

Training

This one is obvious, so I won’t elaborate too much except to say there are excellent online resources that provide tremendous value. Make sure some of the key team members also attend industry conferences.

Step #2: Define Network Boundaries and Identity Stores

While the development teams are busy working away on learning about Cloud service offerings, its important the network and identity management teams also begin their journey.

Network Boundaries

Network teams that have not migrated to the Cloud consider traffic as either “internal” or “external”. However, the Cloud creates a third network category, “friendly”, which is neither internal nor external. Even with direct network connectivity from your network to the Cloud, you should still encrypt all traffic. Do not underestimate how long it can take to integrate network services like DNS, routing, etc., to seamlessly integrate with your on-prem network.

Identity Stores

An Enterprise will have at least two identity stores: one for internal staff and the second for customers. As an Enterprise, there must be a decision as to whether or not the Identity Stores stay on-prem or migrate to the Cloud. Migrating to the Cloud typically makes integrating with other Cloud services easier, since you don’t need to federate identities between on-prem and Cloud. However, Enterprises are reticent to move their Identity Store to the Cloud early in their journey.

The Cloud creates a third network category, “friendly”, which is neither internal nor external.

As you can see, there are no simple answers here. The best counsel I can give is to start with a basic set of principles such as “all network traffic should be encrypted”, with the flexibility to adapt if necessary. Find experienced technologists who can analyze your requirements and advise on the risk-reward of different approaches.

Step #3: Evolve Cloud Security

Simple tactics like making sure you encrypt all network traffic, encrypt all stored data, etc., will go a long way in securing your environment. Assuming you chose fairly standard use-cases for your initial migration, research should yield some good guidance for your applications.

As your Cloud footprint grows, you will undoubtedly run into issues which will need to be solved at an Enterprise level. Questions such as: Should all data be encrypted with the same key, or should each application have their own key?

For an Enterprise beginning their Cloud journey, these questions may be overwhelming. However, as the Enterprise becomes proficient in Cloud technologies, it will be easier to define standards.

Ultimately, you may need a small group which specializes in this field, but most enterprises don’t have a skilled Cloud Security team when initially they begin their journey.

Step #4: Develop Operational Support

At the beginning of the journey, it may be acceptable to begin with tooling provided by the Cloud provider. Over the last few years, native tooling provided by Cloud providers has gotten a lot better. Generally speaking, the Cloud-native tooling may be sufficient for a small footprint.

Over time, you will find the need for new tooling to manage the more complex network environment and resource consumption. Today, there are many vendors who have operational management dashboards, a.k.a. Single Pane of Glass, for your Cloud operations.

Similar to the Cloud Security, Operational Support will need to evolve over time. There should be some proactive focus on whether the current Operational tools are serving the needs of the Enterprise.

Step #5: Leverage Automated Deployments and Monitoring

All the claims of instant scalability, universal redundancy and high uptime all require the appropriate automation and monitoring. Push button deployments don’t happen in a vacuum, they take weeks of engineering effort.

For the initial deployments, simply being able to do a push button deployment of one Cloud deployment is essentially replicating your on-prem capabilities. 

The ability to scale on demand and automatically failover to other regions is a capability that requires more effort. Development teams must generate the metrics and establish trigger events for auto-scaling and failover.

The simple truth is this: an application which wants to use the full capabilities of the Cloud will need to spend a significant portion of their maintenance budget in Cloud automation and monitoring.

An application will need to spend a significant portion of their maintenance budget on automation and monitoring.

Conclusion

The goal of this article is not to dissuade Enterprises to move to the Cloud. My goal here is to answer the inevitable management question: “Why is this taking so long?”. Hopefully, by elaborating the hurdles the Enterprise will be more prepared to begin the journey.

My best advice is to begin the journey with a few simple applications and make sure that knowledge is shared within the Enterprise. Take the time to make sure Operations, Security and other aspects of the Enterprise are also aligned. Once the first few applications have migrated, rinse and repeat.