Skip to main content

Blog

3 Key Risks You Need to Plan for When Migrating to The Cloud

March 15, 2019       Cris Daniluk               Comments  0

Many organizations have moved to the cloud, with the need to capitalize on the speed and flexibility of the cloud being a significant factor. Sophisticated CIOs know it isn’t reasonable to project what their technology needs will be in five years and what solutions will be available to meet those future requirements. Committing to a data center and capital, risks your company being left behind with an outdated solution that no longer fits your needs. AWS, Microsoft Azure, and Google Cloud Platform are flexible, scalable service options that will allow you to meet those changing needs without capital investment. The cloud ensures the decisions of today don’t become the lock-in of tomorrow.

Or does it? While the cloud presents enormous opportunities, there are key risks you’re taking on when migrating to the public cloud.

Key Risk Factors:

The public cloud has different risks than traditional approaches, and you must mitigate them to ensure your move to the cloud is successful. The seldom-discussed truth is that the public cloud provides an entirely new risk model that is not appreciated by most executives. Let’s examine the three main areas of risk you must evaluate as you find your way into the cloud.

Risk 1: Downtime Risk and Data Loss

Public cloud providers do not have an inherent advantage over private cloud and data center solutions when it comes to downtime. There are countless high-profile examples of public cloud outages over the years, taking down hundreds of companies — many of which are household names — without mercy.

In a traditional data center, the objective is to make infrastructure as reliable as possible. In the public cloud, the objective is to use platform services to achieve high levels of reliability on top of unreliable infrastructure. Case in point, Amazon and Netflix — one of AWS’ largest customers — rarely go down when AWS has issues, as both companies are/utilize/invest heavily in well-architected cloud-native infrastructure. They have evolved past attempting to make traditional approaches work in the cloud.

Simply put, the cloud is NOT a more reliable place to run your apps. But it provides you the tools and services to make your apps more reliable by following the provider’s design recommendations, such as the AWS Well-Architected Framework principles. You must think through each application and ensure its availability and data loss targets are properly met in the cloud.

Many cloud providers advocate for a “lift and shift, then optimize” migration path, but this can leave you at unacceptable risk for both downtime and data loss, all while overspending on an inefficient design. Why don’t the providers warn against these risks? Simply put, they are perfectly fine with the exorbitant spending necessary to run your workload inefficiently in their cloud.

Risk 2: Security Risk

Traditional systems live within the equivalent of a fortified castle, protected by a well-defined perimeter and centralized security systems in which you have invested hundreds of thousands of dollars and thousands of hours. The cloud flips this on its head, pushing systems outside of the perimeter. Virtually all systems are built on the premise of trusted networks, making the lack of trust in the cloud one of its biggest challenges and greatest risks.

Given these realities of the public cloud, you must adopt a “zero trust” mindset for your systems, assuming that each system, application and component is not only outside of the castle, but is sitting on the public square, free for anyone to poke and prod. As a result, each needs to be properly equipped to defend itself and to accurately identify and authorize its fellow peers.

Your confidence in your systems to be resistant to this level of exposure should guide your decisions about the level of sensitive data to put in the cloud. Even Capital One, which has invested hundreds of millions in AWS cloud security, still does its core banking operations within its own data centers. This does not mean you need to avoid putting sensitive data in the cloud, but you must be guarded and prepared for worst-case scenarios that can cripple your business.

Risk 3:  Financial Risk

Many technologists prefer the term “utility computing” to “public cloud.” When you purchase cloud computing capacity from a public provider, it is similar to purchasing electricity from a power company, making it exceedingly difficult to project usage. As the myriad number of services grows – AWS has over 150 services today – the pennies per unit start to stack up rapidly.

It is not just unsophisticated firms that struggle with their projected technology usage. Many smart technology executives have found that the public cloud has been a budget buster.

A number of companies have cropped up that specialize in nothing but helping you optimize your cloud spend. However, their potential effectiveness has limitations, as they can only help you effectively manage the cost of the infrastructure you select. They won’t fix inefficient design, and what was cost-effective in the data center is often a money pit in the cloud. You need to optimize budget impact both through taking advantage of cost-saving opportunities for your current design and identifying opportunities for new design that will save money.

The good but perhaps unintuitive news is that this sort of opportunistic redesign often will improve reliability and security while also providing savings, which frequently can be significant. The cost of the cloud tends to be higher when trying to run things the “old-fashioned” way instead of the more efficient — and effective — cloud native way.

Iterative, Step-by-Step Approach Beats “All-In”

We recommend clients looking to leverage the public cloud take an iterative approach rather than an “all-in” mindset. Identify quick wins to develop experience and guiding principles. Utilize solutions like a hybrid cloud to allow you to migrate applications that still may depend on a legacy or high-cost system. Adjust your security and infrastructure operations toolsets to manage the cloud. Sometimes this means adopting new tooling; sometimes it means extending what you already have.

Most importantly, invest in a Managed Services Provider that has an education-oriented mindset. Great providers will manage your risks, helping you avoid downtime, security issues, and financial setbacks while promoting the growth and development of your team.

Leave a Reply