Organizations face key challenges, such as business impact on current functionalities, operational risks, external regulations, technical assessment and organization capabilities before making cloud migration call
In the current ecosystem, heterogeneous technology landscapes are becoming more and more prevalent due to partial movement of individual applications to cloud to achieve quick success and due to buzz around cloud as a concept.
With applications hosted both on cloud and on-premise, organizations often get into situations where they start struggling with:
- Flexibility, scalability, reliability and inter-operability of the technology landscape
- Distributed infrastructure (multiple cloud vendors and on-premise deployment for different applications) which in turn increase failure points
- Impact speed-to-market for new processes in perceived complex landscape
Since digital is taking the driver seat in crafting new business models, organizations are looking to focus on innovation instead on infrastructure maintenance. This results in the start of new paradigm to consolidate the infrastructure into data center preferably with a single cloud service provider. But this call is not very straight forward and need thorough consideration and debate on multiple factors to achieve desired results.
Organizations shall consider critical factors before taking cloud migration call. These factors include:
What are the key challenges in full-scale landscape migration to cloud?
- E.g., integrations, compatibility, business continuity, timelines, budget, etc.
What are the critical parameters to choose a cloud partner?
- E.g., maturity, experience, service, resource availability, etc.
What are the best practices while migrating applications to cloud?
- E.g., methodology, timelines, security, etc.
- What will be the impact on timelines and business expectations of ongoing projects?
Typical key challenges organizations face before making cloud migration call are:
Business Impact on current functionalities and any long-term benefits. These concerns/factors can be mitigated by:
- Review of business-critical IT functionalities (Like uptime, latency, etc.) and determine viability of cloud provider dependency
- Choosing right approach for each application (Retain, Retire, Rehost, Replatform, Refactor, Rearchitect)
- Ensuring cloud supplier SLAs include safety margins for performance and security
- Ensuring that back out plan is in place
Operational Risks (Business and IT) also need to be carefully identified and require actions like:
- Sourcing additional capacity with vendors (will increase costs) during transition phase and align resource requirement with business
- Planning with flexibility to prevent peaks in resources required
- Considering shared responsibility model with a cloud service provider
External Regulations regarding data security, privacy, data movement and access require minute details to be considered during evaluation phase itself like:
- Strong data protection architecture and policies by a cloud service provider
- Review of data sensitivity with the business and determine viability of cloud for sensitive data and ascertain need of involving a regulatory authority
- Ensuring that auditing is included in contract
Technical Assessment is the next important challenge that can make or break the objective of the migration decision and require detailed evaluation and validation of the architecture. It includes:
- Architecture validation in line with enterprise architecture and integration viability with other applications
- Security architecture validation as per an organization’s security policies
- Detailed business continuity assurance from cloud service providers
- Clearly defined cloud integration strategy to safeguard issues with rigid applications, if any
- Ensure control of access and identity management remain within an organization’s control
Organization Capabilities is one area that need focus much earlier than moving into daily operations mode and need to be built to support end-state architecture which may have single/multiple cloud platforms or a hybrid architecture with some applications residing on-premise:
- Plan staffing and trainings for target architecture including new skillsets
- Plan availability of right tools to steer individual vendor performance across the IT value chain
- Migrate gradually to the cloud and allow time for building capabilities
Once the decision is made to move to cloud as a long-term strategy for supporting business growth, cloud selection of the right cloud partner becomes most critical. Below are the critical parameters which need:
Cautious evaluation to help select a right cloud partner:
Technical Capabilities including PaaS offerings
- Out-of-the-Box PaaS services
- DevOps readiness including automation and monitoring
- API features and maturity
- Local DC roadmap for public cloud
- Local/On-site support
- Commitment to shape/support local regulations
Security and Business Resilience
- Security certifications
- Compliance controls
- Data encryption
Cloud Adoption Support
- Support and commitment during adoption
- Planning and implementation support
- Availability and transfer of Knowledge assets
- Open Architecture
- Integration capability and support with other COTS vendors and cloud providers
- Strategic alignment and access to cloud roadmap
- Initial investment and cost projections
- Long-term commitment/exclusivity requirements
- Right level of indemnity ensuring SLAs like uptime, availability, etc.
Data and analytics capabilities
- Data analytics foundations
- Data operations and Data warehouse
- Advanced capabilities like big data and machine learning
Once a cloud partner is selected, organizations shall structurally plan technical, functional and operational needs to ensure seamless migration to the cloud. Below are few best practices that can be followed:
- Pre-migration checks: Ensure pre-requisites are met and assures compatibilities for cloud journey
- End-state architecture: Overall end-state ecosystem definition involving load balancers, firewalls, multiple web-heads, physical and cloud servers, destination server environment covering business, technical, risk and regulatory criteria
- Security: Security architecture validation from respective application vendors, CISO, internal risk and regulatory agencies
- Licensing: Review current licenses for optimum usage in new deployment in cloud
- Cloud governance model: Proactively define operation and support model. Eg. Who will have access to what? How will you grant that access?
- Capability building: Build the capability augmentation/build plan (in-house/managed service)
- Post migration business continuity: Detailed planning around sustainability and change management post migration
- Prioritization of applications: Create a phased migration approach based on application suitability, criticality and priority.
- Implementation partner: Identify the right partner with expertise, experience, development and project management experience and best-in-class methodologies
- Availability and resilience: Identify critical business processes and address critical points of failures.
- Architecture revamp: Evaluate this opportunity to re-architect applications instead of lift and shift.
- Network management: Carefully plan and implement network design to avoid post migration hassles.
- Phased approach: Start small and simple to put quick wins on the board.
- Managed services: Leverage fully managed services wherever possible and free up your team to focus on innovations.
- Access management: Create a detailed application specific authentication and authorization including cloud and on-premise access segregation.
- Monitoring: Prepare a comprehensive monitoring strategy to cover minute aspects of the architecture and business continuity.
- Support: Use an appropriate support model during initial phase post migration to ensure stability and business continuity.
Cloud computing is a disruptive technology that is changing IT system’s deployment globally because of its perceived cheap, simple and scalable nature. It could further potentially eliminate many support-related issues since there would be no physical infrastructure to maintain. Despite these advantages, organizations shall be ready themselves for socio-technical and legal challenges with well-thought bespoke evaluation of their ecosystem and plan a detailed roadmap.
The authors are NEXT100 Winner 2011, Feroz Khan, Partner & AD, The Boston Consulting Group and NEXT100 Winner 2019, Vineet Mehta, Project Leader, The Boston Consulting Group