For many organizations, a migration to public cloud is seen as a technical challenge with a set of tasks that need to be completed. In reality, it is far more than that, with areas outside of technology that need to be considered.
This blog post will touch on some of the more pertinent areas of your business that should be considered in your migration to the public cloud.
Cloud as Business Enabler
Engage with an accredited partner early, to help form a strong business case for the migration, taking the time to review and make sure your business and IT strategy are firmly aligned. A move to public cloud often brings a budgeting change, moving from a familiar capital expenditure, to an operational- or consumption-based pricing model. Could you make use of a charge-back model? In public cloud, you will be able to track consumption with far greater accuracy and detail, making it easier to associate costs with results.
Work with your technology partner to ensure you explore all of the relevant migration funding options available. There are various programs available ranging from Proof of Concept (PoC) funding to enterprise discount programs, providing potentially significant discounts for a demonstrated level of future usage.
Technology is a business enabler. Public cloud offers efficiencies that allow your IT team to move away from simply ensuring that critical business applications stay healthy and operational and towards enabling teams to focus on strategic initiatives and business alignment. This alignment isn’t an overnight process and will take time, requiring new skills and processes between IT and the various business areas.
With public cloud, assessing TCO and analyzing ROI can be made easier by directly linking services with specific business processes. Measuring the value of investments becomes clearer as they can be directly linked to business outcomes.
- Create a business case and share it with the broader team to build consensus and buy-in.
- Engage AWS Cloud Economics.
- Create a communications plan.
- Get budget allocation for the first year of migration – understand there may be some dual-run costs.
To ensure that your organization maximizes the business value of the investment and minimizes business risks, new skills and processes are needed. There are three key capability areas:
- Portfolio management: How does your organization manage and prioritize technology investments, projects and programs that are in line with your business goals? Creating a focal point for lifecycle management of apps and services is an important step for determining migration eligibility for workloads and serves to assign a priority to each one.
- Program and project management: How does your organization manage multiple related projects? Traditional waterfall methods are not suited to cloud adoption as they aren’t able to keep up with the pace of change required. Instead, teams need to develop new skills in agile project management to ensure projects are completed on time and on budget.
- Business performance management: How does your organization measure and optimize processes in support of your business goals? A major benefit of AWS Cloud is the speed and ease to create new services and experiment with new methods for automation and optimization. New KPIs should be defined to ensure cloud consumption is accurately mapped to desired business outcomes.
- Adopt agile project management over more traditional methods.
- Create new KPIs to analyze performance and success.
- Create Migration Scope Scoring & Targets for Optimization.
Developing Cloud Careers for Staff
The people perspective of a cloud migration is often overlooked, as organizations focus on the technical delivery of the project, but it is an important aspect in ensuring success. New skills, processes and general ways of working will change, so you should carry out an analysis of requirements and any gaps to identify the training and staffing needed to build an agile team, ready for an efficient and effective cloud migration.
Ensure that you have the right resources within your organization; this may mean that you need to hire new team members. A move to AWS Cloud can be daunting for existing technical staff, with feelings of uncertainty around their skills or future roles. Organizations should incentivize workers, ensuring they receive competitive compensation for the value they provide as they re-skill and expand their technical capability.
Communication channels should be established to ensure the planned personal achievements and career opportunities are mapped and achievable. Cloud adoption often introduces changes to a career path, so organizations should ensure team members understand their new roles and career options. While many people in the industry self-study, you need to ensure training is provided to employees so that they have the required skills and knowledge to perform their new roles – in line with the new policies and requirements that you have worked to define.
- Map future roles and training plans.
- Establish a Cloud Center of Excellence.
- Perform a role versus resource/skills availability, review and document any risks or gaps/action plans.
Know Your Cloud Platform
To ensure that any adoption of AWS Cloud is successful, it is imperative that the platform is structured and well-architected. A key benefit of AWS Cloud is the ease of creating new services quickly. However, if done incorrectly this leads to security compromises or uncontrolled and unmetered cost increases. As part of the planning process for cloud adoption, you will already have the TCO for the required consumption and, as part of the provisioning of the compute resources, it is key that this information is used. New EC2 instances should be provisioned using the required specification – from information gathered in a cloud readiness assessment – ensuring that the platform aligns to the budget allocated.
As with many other aspects in cloud, the provisioning of new services is very different from the physical and on-premises infrastructure with Infrastructure as Code (IaC) available to control deployments. Like on-premises infrastructure, the network is key to efficient communication and security of the platform. AWS provides many native services to simplify management and configuration.
These run the gamut from Security Groups providing virtual firewalls at an Instance Level to AWS Transit Gateway for scalable and secure provisioning, eliminating the need for complex peering relationships. What are the requirements for AWS, on-premises connectivity? Site-to-site VPN connections can be configured quickly but are subject to the public internet. Conversely, a direct connection will establish dedicated connectivity but is subject to a longer implementation time by your communications provider.
There are many storage options within AWS, all with varying use cases. It is key that the right service is chosen for the right data from both a performance and cost perspective. Options range from storing long-term archived data in low cost Amazon S3 Glacier Deep Archive to user session state in Amazon DynamoDB database tables. As part of your cloud adoption, consider your options around the various databases that can be provisioned within AWS. A simple option is to migrate the virtual machine and continue to run the database on EC2. However, perhaps that database could be migrated to one of the many fully managed database services such as AWS RDS for improved performance and lower administrative overhead.
There are many design options available for the configuration of AWS Organizations, master account and sub accounts. A well-architected account structure is key to both the management of the platform as well as any isolation requirements. The use of a multi-account strategy and an effective tagging policy is essential for accurate cost monitoring and association to business goals and services.
- Fully understand on-premises environment and how it maps to AWS Cloud.
- Establish compute, storage, network and database requirements.
- Align design decisions with the AWS Well Architected Framework.
Security for the Cloud
Security is key within AWS and there are many services available to implement a range of security controls that meet your organization’s requirements. AWS has a Shared Responsibility Model with regards to security, meaning it determines the aspects that are managed and controlled for you (physical security, global infrastructure) and the aspects that you are responsible for (customer data, network traffic protection). Simply put, AWS is responsible for security “of” the cloud, you are responsible for security “in” the cloud.
Within your AWS account, Identity and Access Management enables you to configure multiple access control mechanisms. Permissions should be assigned on the principle of least privilege, ensuring accounts are limited to perform only the role they are allocated to. Ensure your environment has as little exposure to the internet as possible. And where this is required, consider the use of AWS Web Application Firewall to provide protection against web attacks and improved traffic visibility. Infrastructure can be protected by the tight control of Security Groups and Network Access Control Lists. If misconfigured, they can expose your organization’s resources. So existing traffic patterns should be assessed to establish clear traffic dependencies, ensuring only the required ports are open.
Encryption is a critical component in your organization’s security policy. When used correctly, it can provide an additional layer of protection above basic access control. AWS provides simple methods to encrypt data in transit and at rest that work both on and off the cloud. Your organization should have a full incident response plan in the event of a security incident in order to respond, manage, reduce harm and restore services quickly. Define the roles and responsibilities, response mechanisms, and actions and document them in runbooks. Most importantly, simulate various incidents to ensure that the processes are familiar, robust and functioning as they need to.
- Define security strategy.
- Centralize monitoring and logging.
- Enable encryption by default.
- Establish incident response process and runbook.
Managing Cloud Operations
Each organization will already have an operations group within the business and the change that comes with cloud adoption must support them in defining how the business is run. In terms of technology operations, there should be a focus on how you enable, operate and recover workloads to the level agreed within the business.
How will you monitor services? A typical approach to answering this question would be to examine the existing method of monitoring your on-premises infrastructure – if you employ a hybrid approach, can that toolset be extended into AWS Cloud? The same can be applied to your applications. With AWS you can monitor and right-size services to meet performance requirements. Accurate monitoring will ensure that your infrastructure is scaled correctly and is, therefore, able to meet the demands placed upon it.
Traditional release management is complex, slow and can be difficult to roll back. This can be accelerated by leveraging CI/CD techniques within AWS Cloud. There may be a need for team members to learn challenging new skills and processes, but you will gain greater efficiency and control.
Business continuity/disaster recovery is significantly different within AWS Cloud, with multiple ways to achieve it. Organizations should clearly define the required Recovery Point Objective (RPO) and Recovery Time Objective (RTO) for each service and application. This information can then be used to design a method to protect the workload, ensuring it meets the agreed SLAs. Through the use of load balancers, auto-scaling groups, availability groups and regions, workloads can be made highly available relatively simply.
AWS Service Catalog is available as a control mechanism for the deployment of services within AWS, and this is done by defining compliance standards. This allows you to manage commonly deployed technology services to achieve constant governance in ways that may not have been possible using on-premises infrastructure.
- Consider refining OLA’s and SLA’s for the cloud (provisioning will be much faster).
- Engage AWS to share DevOps practices and leverage AWS best practices around code pipelines CI/CD and general DevOps practices to further improve team capability.
- Establish cloud BCP/DR practices.
- Ensure constant utilization monitoring for right-sizing and cost reduction.
Understanding the changes that a cloud adoption will drive within your business allows you to realize the many benefits that AWS Cloud can provide. A cloud adoption project should not be seen as a simple data center migration, but more as a complete shift for how your organization delivers services both to your users and your customers.