Cloud migration strategy: The secret to conquering security and cloud spend
Un-clouding is a thing. While you might never have heard the term, the action is relatively common among companies moving applications to the cloud. As you might expect, to un-cloud (or de-cloud) means moving applications out of the cloud that you’d previously moved into the cloud. Why has this become a thing?
According to an IDG/Datalink survey from 2016, almost 40 percent of organizations have migrated systems back from the cloud, with 55 percent citing security and 52 percent citing cost as the drivers. A 2018 survey from RightScale indicates these two areas remain the top inhibitors for cloud adoption today.
So, what’s the secret to conquering security and cloud spend so you can avoid becoming an un-clouder? In short, three things: planning, education, and experience. They may seem obvious, but since these two challenges continue to plague cloud migration efforts, it warrants another whack or two at that dead horse.
The tools exist. Tools for planning and estimating cloud costs before going to the cloud, tools for managing costs once your workloads are in the cloud, and tools for security are plentiful and mature. Let’s look at some of them and how they can help.
Addressing pre-cloud migration costs
My colleague Carl Ramkarran wrote an excellent post about rightsizing your cloud resources BEFORE migrating them to the cloud.
Understanding your costs before moving to the cloud and, as Carl points out, consuming the resources smartly, is key to keeping your workloads in the cloud. This post largely applies to a lift-and-shift approach but can certainly be extended to refactoring your applications as you move them to the cloud.
Knowing what to expect from a cost perspective, and presumably putting it into a business case and/or TCO is one of the key components to not un-clouding.
Ongoing cloud cost management
Addressing costs isn’t a one-and-done, pre-migration exercise. Cost management is an ongoing effort. Governance and account hygiene require vigilance to keep the costs where you planned them to be.
Governance includes monitoring instances to make sure they’re right-sized, shutting down unused instances, shutting down instances based on schedule, and tagging instances to make sure the costs are apportioned appropriately.
Account hygiene includes terminating unused resources, terminating orphaned resources, and terminating rogue resources (i.e., those that aren’t properly tagged). If these efforts aren’t enforced, your cloud infrastructure costs will creep beyond where you forecasted them.
Staying secure in the cloud
The cloud presents your security team with some of the same challenges they encounter in your on-prem environment, but security in the cloud is also different, and therefore requires different, or at least additional, tools and procedures.
Every enterprise has implemented perimeter/network defenses in the form of firewalls, proxies, intrusion prevention systems, DMZs, VPNs, routers, etc. Additional security measures like hardened or semi-hardened operating systems for all of the above PLUS your servers and VMs are also commonplace.
All of these apply in the cloud.
The tools are all there, but you need to take advantage of them. That said, your cloud security team needs to take additional items into consideration.
Even with the best perimeter defenses, users can cause all sorts of vulnerabilities if not properly managed. Shared snapshots, S3 buckets, or machine images not only need to be managed from a permissions standpoint, but also need alerts and remediation.
The good news is, there are tools available to address these and other security challenges unique to the cloud. Additionally, if you’re bringing your own machine images, you need to make sure your users can’t launch using provider images. If you’re using provider images, you need to lock those down as you would your on-prem images.
Process, procedures, and planning
Another area that tools can’t help, but education can, is process and procedures. How — and if — you enable certain services in the cloud is as important as having tools that will alert and remediate, for example. Other examples include how images are developed and consumed, how and when to encrypt data, and the list goes on and on.
A great planning tool to leverage is what AWS calls a Well Architected Framework review. While the name and framework are unique to AWS, the principles apply regardless of what cloud you’re migrating to. The Well Architected Framework Review looks at your workloads with the intent of making sure they’re leveraging best practices against five areas:
- Operational Excellence
- Performance Efficiency
- Cost Optimization
The review can be performed against workloads already in the cloud AND as a planning tool as you’re readying workloads for migration to the cloud.
How to avoid un-clouding
The key to a successful cloud migration strategy starts with planning. Plan on how you’re going to manage costs, governance, and security. Next, educate your teams on all of the above so they can make the right choices to protect your enterprise. Finally, choose the right tools to enable your teams’ success, and therefore your success in moving to the cloud.
If you’ve already started your move to the cloud, it isn’t too late. You can get back on track by implementing the same success plan.
Contact your SHI Account Executive or email us at firstname.lastname@example.org to learn more about how we can help you manage costs and security so you never have to become an un-clouder!