White Paper

Cloud Adoption Frameworks and Best Practices

Cloud computing offers many advantages, including reduced IT costs, scalability, business continuity and disaster recovery and many other benefits. Like any major change however, moving from on-premise to cloud based technology must be done carefully, with consideration for your particular workflow, security requirements and a clear understanding of the economics of cloud adoption. Many companies who rush into moving systems into the cloud without proper preparation, find themselves mired in cost overruns, poor business processes and security issues. 

Advantages of Cloud Based Computing

Cloud based computing offers companies of all sizes many advantages, leading to a surge that places up to 91% of companies on a public cloud system, and 71% utilizing a private cloud. A public cloud system like AWS, refers to a subscription service, where companies pay a monthly or yearly subscription fee for the cloud provider to provide software, platform or infrastructure as a service. A private cloud system on the other hand, is hosted by an individual company for its own personal use. 

Cloud based computing offers several advantages, including the following:

  1. Reduced IT Costs-Public cloud systems like AWS shift the responsibility for upgrades, maintenance, staffing, etc.to the provider.
  2. Scalability-Cloud based computing offers the ability to scale up or down quickly, based on need. 
  3. Business Continuity-The distributed nature of cloud-based computing means that it is very difficult to produce extensive, system wide disruptions. Data is also backed up across more than 1 center, providing a measure of fault tolerance. 
  4. Collaboration-Cloud based services make collaboration easier. 
  5. Automatic updates-The cloud provider is responsible for providing hardware and software updates and maintenance.
  6. Security-Many companies view cloud-based technology with trepidation, because it means relinquishing security concerns to a 3rd party. In fact, 20% of companies using an on-premise data center report security breaches, while only 9% of cloud customers report breaches. 

Potential Pitfalls of Cloud Adoption

Although cloud adoption offers several clear advantages, it is not without risk. These risks must be carefully considered in order to avoid a poor cloud adoption experience.

  1. Not every application should be migrated to the cloud-Some applications are not built for the cloud and should remain on premise or utilize a hybrid form of cloud based and on-premise technology.
  2. Security-Many companies fail in their cloud migration by not fully understanding security precautions, especially when they try to establish a private corporate cloud. Public cloud systems like AWS are often a better, more secure option, because they utilize security measures specifically designed for the cloud and they ensure they are up to date to protect all of their clients. Special care must be taken however, for niche applications like healthcare, where special security requirements are necessitated by law. 
  3. Not planning for downtime-As the 2016 Netflix and AWS outage demonstrates, cloud-based technology is not infallible. Companies using a public cloud service should plan for operations and disaster recovery if the cloud provider experiences issues that impact the ability of customers to operate. 

Cloud Adoption Framework

A Cloud Adoption Framework provides a set of tools and guidance to help organizations move their applications into the cloud. An adoption framework not only provides guidance on the technological aspects of cloud adoption, but also the people, processes and business aspects as well. The purpose is to align business strategies with the culture, business and technical goals to achieve the desired outcome.

All of the major public cloud providers such as Amazon and Microsoft provide their own cloud adoption framework, based on their product and experience with cloud adoption. To take advantage of the benefits of the cloud, while avoiding the pitfalls, an adoption framework can assist your organization through the process of removing obstacles, creating a plan and then executing that plan in iterative waves to improve and learn from the process. 

Amazon Web Services (AWS) Cloud Adoption Framework.

The AWS cloud adoption framework breaks the cloud adoption process into 6 perspectives, divided between broad categories; Business Capabilities and Technical Capabilities. 

Business Capabilities

  1. Business-This aspect is designed to ensure that cloud migration is aligned with business needs. To resolve this perspective, you must involve all of the relevant stakeholders early in the process to form a common strategy and prioritize migration into the cloud. 
  2. People-This aspect focuses on employees and deals with training and personnel development focused on the cloud. For this aspect, organizations must focus on how to assemble suitable teams for cloud migration and what training and skills will be required. 
  3. Governance-This aspect involves portfolio management as well as project and program management. 
    1. Portfolio management-Focuses on what is driving cloud adoption and what portfolio features can be developed to support cloud adoption.
    2. Program and Project Management-Because the cloud requires rapid development, organizations should rethink their development processes towards a more agile methodology.  

Technical Capabilities

  1. Platform-To work in the cloud, many aspects of the existing architecture, network, storage and database features may need to be revamped. Organizations should also strive to create templates to automate and replicate the same process over and over again to move individual applications into the cloud. 
  2. Security-In cloud migration, organizations must be aware that there are 2 spheres of responsibility for security; the vendors area of responsibility and the customers own area of responsibility. The area of responsibility may differ, depending on the type of cloud service, SaaS, IaaS or PaaS. The following aspects of security must be considered.
    1. Identity and Access Management
    2. Detection and monitoring
    3. Infrastructure Security
    4. Data Protection
    5. Incidence Response
  3. Operations-This aspect considers the current status of operations and defines the steps necessary to make operations cloud ready. This will include the following areas:
    1. Service monitoring
    2. Application performance monitoring
    3. Resource inventory management
    4. Change and release management
    5. Reporting and Analytics
    6. Business Continuity/Disaster recovery.
  1.  
  1.  

Microsoft Azure Cloud Adoption Framework

Azure’s Cloud Adoption Framework consists of an 8 step process

  1. Strategy-Based on input from all stakeholders, determine the business and financial justifications as well as the expected outcomes for moving into the cloud. 
  2. Plan-Based on the justifications and expected outcomes established in the strategic round, develop a plan that fulfills that strategy. During this phase you will also perform a complete inventory and analyze your assets qualitatively and quantitatively to determine which assets can be moved into the cloud.  You will also assign people to technical and governance tasks, based on capabilities. 
  3. Ready-During this phase, you will prepare to move into the cloud. Processes, people and the IT environment will be adapted to prepare them for residence in the cloud. 
  4. Migrate-In an iterative manner, workloads will be migrated into the cloud. Organizations will typically choose simple systems to move first and then move to more complex systems, learning as they go. During the migration phase, you will use Azure tools and best practices to move successfully into the cloud.
  5. Innovate-Although some systems can be moved “as is” into the cloud, other systems will need to be adapted to function properly. Some systems will have to be migrated in a hybridized form into the cloud. Many legacy systems for example will remain on premise and communicate with cloud based systems through a MPLS circuit. 
  6. Adopt-During the adoption phase, implementation into the cloud begins. During this phase you will start to see the outcomes set forth during the strategy phase come to life.
  7. Govern-During this phase, you will develop a governance plan based on the goals produced during the strategy phase, as well as industry standards, state, local and federal regulations. 
  8. Manage-During the manage phase, you will manage, monitor and optimize your cloud environment.

Google Cloud Adoption Framework

The Google Cloud Adoption Framework is built around four themes and 3 phases.

Themes: The 4 themes serve to define the foundation of cloud readiness.

  1. Learn-This theme reflects the state of your organizations knowledge and skill to move into the cloud. Depending on your state of readiness, you may need to engage experienced partners or consultants to bridge the knowledge and experience gaps.
  2. Lead-To be successful in migrating to the cloud, teams should have full support from leadership and the teams should also be cross-functional, self motivated and working collaboratively. 
  3. Scale-This theme reflects the extent to which you already use cloud native services. 
  4. Secure-This theme addresses your ability to protect your services from intrusion. This theme also depends on the maturity of the other three themes. What security controls do you have in place, what security technology is being used and what is your overall security strategy.

Phases-The phases dictate a level of readiness in each one of the themes

  1. Tactical-There are individual systems in place to be migrated to the cloud, but no consistent overall strategy for building out into the future. At this level of readiness, your organization is focused only on reducing the cost of individual systems by moving them to the cloud with as little disruption as possible.
  2. Strategic-Organizations at this phase have a broader strategy governing multiple systems and are focused on future needs and scale. Your company embraces change and IT teams are effective and efficient.
  3. Transformational-Organizations at this level already have smoothly functioning cloud operations. They are now focused on integrating the data and tactics learned from working in the cloud. The organization is utilizing predictive and prescriptive analytics to transform technological and procedural changes in the cloud. 

In the Google Cloud Adoption Model you will evaluate each of the themes (Learning, Lead, Scale, Secure) in terms of the 3 phases (Tactical, Strategic, Transformational) to determine your cloud maturity level. 

Security in Cloud Migration

The most important factor in migrating to the cloud, is ensuring that your data is secure. Although cloud providers take measures to ensure the security of their clients data, no system is perfect and steps should be taken to prevent and detect breaches. 

  1. Baseline security prior to migrating into the cloud-Many organizations have their on-premise security built around a siloed model, with separate, isolated security devices, decentralized security management and a lack of consistency in the application of security policies. Prior to moving into the cloud, you should start by accessing your overall security posture and imposing a centralized security strategy. 
  2. Plan for new Bandwidth Requirements-Operating out of the cloud will change the way data flows and bandwidth requirements. As a result, it is necessary to ensure that your security solutions can handle the increased bandwidth requirements, especially applications that are sensitive to latency and will need to access the cloud over VPN. 
  3. Understand Compliance Issues-Consult with your legal department to ensure that your new cloud model meets the compliance standards for your industry as well as state, local and federal requirements. 
  4. Plan for Availability and Disaster Recovery-You need to plan for continuous operations in the event the cloud provider experiences issues that impact your ability to operate.
  5. Apply Security Measures at the Right Places-Security for cloud-based applications is different than on-premise systems. A next generation firewall (NGFW) is a common security tool for cloud based systems as well as web application firewalls, IPS/IDS and a cloud access security broker. 
  6. Establish a Lifecycle Management Framework-To ensure consistency in security and policy enforcement, security tools must be chosen for the ability to operate not only in the cloud, but with hybridized systems as well.

Conclusion

Successful cloud migration requires a deep understanding of your applications and careful coordination among stakeholders. It also requires a consistent implementation plan repeated over and over again. A strong Cloud Adoption Framework is vital to ensuring a consistent and efficient migration program leading ultimately to a successful cloud migration.