It seems nearly impossible to avoid the cloud as a business these days, and for many companies, the benefits cloud computing offers are just too great to ignore for much longer. Because of these you’ve already taken the first step and made the decision – you want to migrate to the cloud. But now what?
Luckily, with the plethora of tools created by both cloud providers and those built by software vendors, kicking off your migration to the cloud has never been easier – whether you’re looking to move onsite workloads or build cloud-native solutions from the start.
As cloud experts with experience advising, migrating, architecting, managing and optimising workloads in the cloud, we understand the nitty gritties of what you need to consider before you take the plunge.
Although the right partner on this journey definitely makes your move to the cloud much more streamlined, there are multiple steps in the process. Over the next couple weeks, this migration focused series will unpack these steps and the processes you need to run through to ensure you ultimately deploy a secure, compliant, cost-effective and resilient environment.
Two of the most important aspects to consider from the start are security and compliance because they often help establish whether your initial migration plan is viable or not, and if so, in which direction.
Understanding your security goals and how you should be handling data will create a good foundation for you to know what services to use when architecting your environment.
Jaco Venter, head of BBD’s managed cloud services team (MServ), says that security should always be top of mind when planning your migration. “There is the ‘How do I keep my customer’s information secure’ and the ‘How do I ensure my applications do not get compromised’ conversations. These are both important to unpack with your cloud solution partner.”
Both these topics can be addressed by planning for and implementing an architecture that includes best practices. BBD has done Well-Architected Reviews on customer environments and often find that the “basics” are covered, and that’s a great start, but when looking at security, just the basics won’t do. Especially if it could lead to your environment being compromised.
As an example, AWS have created an “Architecture Center” on their website that provides reference architecture diagrams, vetted architecture solutions, Well-Architected best practices, patterns, icons, and more. This easily accessible guidance was contributed to by AWS cloud architecture experts, including Solutions Architects, Professional Services Consultants, and Partners.
For AWS migrations, Venter explains that there is a shared responsibility model that pretty much goes like this: AWS is responsible for the security of the cloud. AWS will look after all things physical, from the security guards standing in front of their various data centres’ doors, all the way through to the security and management of the infrastructure your services will be running on. You (or your cloud enablement partner) on the other hand, will be responsible for security in the cloud. This means you will still have to ensure your data is being protected and backed up.
There are however some services that are managed by AWS, such as RDS (Relational Database Service), where they will manage the majority of the security for you… but this doesn’t mean you don’t have to do anything. You still need to make sure you architect it in such a way that nothing is exposed externally while things like patching and backups will be looked after for you.
Understanding the compliance frameworks your organisation has to comply with is a recommended starting point as it will influence a lot of the architecture you’ll need to devise before your cloud migration. An example of this would be when the customers you service are in a country with data residency restrictions / laws (such as GDPR, POPIA, PCI, ISO etc.). Here you need to plan for how you will handle and process those customers’ data versus the data of your customers in other countries without those restrictions / laws.
“When looking at data residency again as an example, AWS has a couple of tools, such as Control Tower, that allow you to manage how data is transferred between regions or if it even can be transferred to another region.”
On the whole, compliance will often ‘dictate’ where you can or cannot deploy your workloads, and which services you can or cannot use. “The great thing about AWS having obtained various compliance framework certifications for their infrastructure is that it makes it so much easier for you to be compliant” says Venter, “but think about this in the same way as the shared responsibility model, AWS will make sure the infrastructure is compliant – you will need to make sure your applications also meet the compliance framework requirements”.
Ultimately, it’s worth understanding that the services you plan to leverage as part of your architecture can sometimes make it a bit easier to comply to the relevant compliance frameworks.
What else needs to be considered before finalising a cloud migration strategy?
It is always best to look at what migration tools the cloud provider you are migrating too has made available to you – often at no additional charge.
Venter explains that this is exactly the case when looking at the tools made available by AWS. “AWS has made more than six tools available at no cost, and some of these tools are perfect for the planning phase, while others make the migration of your servers, applications, and databases just so much easier.”
One such example of such a tool is the AWS Server Migration Service which is an agentless service applicable when migrating virtual-only workloads from on-premises infrastructure, or from Microsoft Azure to AWS. It allows you to automate, schedule and track incremental replications of live server volumes – making it easier to co-ordinate large-scale server migrations.
There is a long list of other considerations you’ll need to consider before kicking off your migration, some that’s more important than others, but each could have an impact on your final architecture and how you manage that environment on the long run. These will be discussed in more detail as this series unfolds.
We have helped various clients reach their security and compliance goals in preparation for their coming migration to the cloud, and understand the importance of tool selection to aid in an efficient migration to the cloud.
If you’ve made the decision and are looking for a cloud enablement partner to guide your through devising a relevant strategy, implementing the migration and optimising as your business grows – reach out to us.