Over the next few years, the number of organizations navigating to the cloud to advance their business goals is expected to grow exponentially. According to Gartner, more than 70% of enterprises will use cloud platforms to accelerate their business initiatives by 2027. (That’s up from less than 15% in 2023.) Part of this growth will result from public cloud providers’ increasing access to and adoption of innovative technologies, particularly generative artificial intelligence (GenAI).
Looking at these predictions, perhaps you’re feeling it’s time for your organization to initiate its own cloud migration process. Don’t know where to start? It’s okay. You need to learn about your options first before figuring out where you want to go.
In this article, I’ll introduce the concept of migrating to the cloud. I’ll identify key benefits, challenges, and methods of migrating to the cloud so that you can begin to think about what you’d like your cloud migration to look like.
Why you want to migrate to the cloud
To me, migrating to the cloud means hosting your infrastructure in a secure multi-tenant environment, which is managed by the cloud provider. This allows you to focus on application delivery that provides value to your business.
There are several benefits you can achieve by migrating to the cloud. For instance, you can get improved resiliency and higher availability by leveraging the redundancy built into cloud providers’ Infrastructure-as-a-Service (IaaS) offerings. (For comparison, you must invest in this fault tolerance if deploying in an on-premises environment.)
The cloud also offers the ability to move faster. It helps to remove equipment procurement cycles, enabling IT to experiment with solutions and shut down experiments that shouldn’t move forward without long-term commitments to capital investments. Such flexibility helps you to act on your changing business requirements faster than you otherwise could.
Navigating to the cloud comes with security advantages, as well. For instance, all cloud providers offer security settings that have been tested over time. Another advantage is the ability to use tested solutions from the cloud vendors’ marketplaces to eliminate the need to build and maintain these images and applications yourself. This is the main idea behind the CIS Hardened Images; the Center for Internet Security (CIS) has done the secure configurations for your cloud-based operating systems (OSes) for you.
Want a quick overview of how the Hardened Images can help you migrate to the cloud? Check out our video below.
Understanding where you want to go in the cloud
When it comes to planning your cloud migration, there are three common types of cloud storage from which your organization can choose. They are as follows:
1. Blob or object storage
Accessible by HTTPS, blob or object storage is suitable for mass file transfers/migrations. Not only that, but it’s also independent of systems or virtual machines (VMs), and in many cases, you can use it to deliver content to users. The risk of using this type of storage is that it can be made publicly available. As such, you need to be very careful in classifying data to ensure you are not exposing confidential data unintentionally.
2. Block storage
Block storage is attached directly to individual VMs. You can typically use direct attached or Storage Area Network (SAN) storage for block storage in an on-premises data center. You can also provision it for performance, but you’re ultimately responsible for configuring redundancy, fault tolerance, and high availability. It is by default internal to your cloud environment, but you as the customer are typically responsible for enabling encryption and data protection methods.
3. Network attached storage
Network attached storage (NAS) is akin to a “fileserver,” which can be accessed by multiple users/systems simultaneously. You can use this to effectively share data amongst systems internally, reducing the need to keep multiple copies on individual systems and maintaining updates on each system. Here, you are also usually responsible for enabling encryption and data protection methods.
Cloud service models: Your responsibility in the cloud
Beyond cloud storage types, every cloud provider offers varying levels of service models that you can opt to use. This gives you the freedom to pick the service level that is right for your organization, your staff capabilities, and your skill sets. You can choose from bare metal platforms, where you’re responsible for everything above the base hardware and networking level (IaaS), all the way up to fully managed services and applications, where the responsibility for configuring and maintaining the servers, applications, and environments is taken on by the cloud provider (Software-as-a-Service (Saas) or Function-as-a-Service (FaaS)).
Source: Cloud Security and the Shared Responsibility Model
Each level of managed services has pros and cons. The pros of managed services are that you don’t have to focus on the details of systems management and maintenance. Additionally, you can concentrate on applications, which add value to the company.
The cons can be a loss of customization options, access to lower-level resources if needed, and increased cost. For example, hosting a customer-installed database instance on top of VMs provided by a cloud provider enables you to access and configure every aspect of the software. The downside is that you are now responsible for operations, maintenance, patching, upgrading, etc. With a managed database service, you can focus on designing the database schema and queries, thus delegating other operational responsibilities to the cloud provider.
How to migrate to the cloud
If you’re looking to move to the cloud, there are three common ways by which you can go about it.
1. Lift and shift
Lift and shift takes the servers and applications running in the on-premises data center and simply re-hosts them in the cloud. This can be the easiest way to migrate to the cloud, and it is the first step many companies take. The risk here is you need to understand how the cloud is different in security, networking, and server management. Additionally, this method doesn’t help with reducing technical debt, and it is often not a means of cost-effective migration, as you are not right-sizing your infrastructure or taking advantage of the elastic nature of the cloud.
2. Refactoring
Refactoring includes modifying on-premises infrastructure, code, and deployments to take advantage of the elastic nature of the cloud. This method includes the advantage of having web services behind a load balancer and scaling computing resources up and down based on demand instead of building a web farm to support peak load. You may also take advantage of managed services or Platform-as-a-Service (PaaS) offerings such as CDN, database, and data replication services. This method enables you to take advantage of cost savings associated with minimizing resources when demand decreases, paying for what you need vs. always-on resources. The risk with this approach is you are changing multiple variables during the migration process, which makes troubleshooting more complex.
3. Redesigning to be cloud native
This can be a complex migration strategy where the applications’ architecture is redesigned during migration to take full advantage of the benefits of the cloud. This includes utilizing SaaS offerings from the cloud vendor or third-party providers, relying on managed services (PaaS) to minimize operational burdens, introducing technologies such as containers and serverless computing, and embracing an Infrastructure as Code (IAC) philosophy. The pros of this approach is it can be a highly resilient, cost-effective solution that scales to meet demand without over provisioning. The cons are that it adds complexity and risk, as many architecture components are changing at the same time. Additionally, it’s challenging to ensure resiliency and security.
Why cloud migrations fail
As with any IT infrastructure, you must make sure the cloud provider is compliant with all the regulations your industry needs and can provide evidence of successfully passing audits that validate compliance. You also need to govern the security of your applications and data. Your IT and development teams need to have a security-first mindset and configure the infrastructure and apps to align with compliance requirements and security best practices.
Specifically, you need to consider how and where data is transmitted and stored. Is it encrypted everywhere? Is access minimized to only the roles that need it? Is unauthorized duplication of data protected against? This is important to review in both the migration processes and once in the cloud.
Your responsibility in moving to the cloud
Migrating to the cloud should not be seen as a single project but an multi-stage program. You will learn a great deal by starting small and building on the experience. You may not realize cost savings until the application and infrastructure are designed to scale up and down such that you can take advantage of the elastic capabilities and pay-per-use philosophy of the cloud.
Moving to the cloud does not make you automatically secure, however. You are always responsible for securing applications, OS images, networks, access rules, and data in the cloud. Cloud vendors provide security of the computing assets, not the data placed on their assets. You will need to establish a relationship with your cloud provider to understand where security responsibilities lie and test the security.
In the next blog post, I’ll discuss how you can use CIS resources to meet your security responsibilities when migrating to the cloud.
Want a sneak peek of what I’ll be discussing? Explore CIS Cloud Security Guidance