While adopting cloud-based systems can address issues of privacy, security, visibility and costs, migrating legacy information databases can seem like a daunting task with so many different components and ways of interacting. There are challenging decisions about consolidation, standardization and regulations.
The following best practices will enable both private and public sector organizations to chart a path to the cloud that will safely navigate the complexities and risks to achieve you organizational goals.
Looking for the cloud to generate “quick fixes” often leads to complexity breeding more complexity – and wastes time, effort and expense. This relates to attempting to replicate existing IT information, application and technology infrastructure within a cloud ecosystem.
Instead, organizations need to consider the entire IT environment and identify areas that present a robust business case for moving to the cloud.
Start by building a business case for the return on investment of a cloud transition strategy.
Define expected business outcomes and how cloud technology can achieve these. This provides an opportunity to rethink — and improve — architecture and workflows. Consider how shifting into a cloud-based platform might accelerate productivity, increase functionality, reduce costs, and improve customer experiences.
Information technology infrastructure is expensive: equipment, systems, labour, maintenance, upgrades – the list goes on – particularly if an organization is repurposing legacy technologies.
Utilizing cloud providers addresses this issue on several levels. First, customers rent rather than buy. Second, contracts with cloud service providers typically include the costs of system upgrades, new hardware and software. These suppliers are also responsible for capacity planning, administration, maintenance, troubleshooting, and backup.
Cloud also offers scalability – customers only pay for what is used. As an organization’s needs change, cloud services and tools can rapidly upscale or downscale.
Like any technology, the costs and benefits of cloud applications, storage and infrastructure should be clearly understood prior to moving forward. For example, since many of the costs for cloud would be categorized as operating expenses, they may be perceived as significantly more expensive than those associated with on-premise systems that would typically be categorized as capital expenditures.
As well, it is important to carefully estimate traffic to and from the cloud because charges for transmission of data/workloads to the cloud can be significant.
Consequently, organizational leaders should view needs on a long-term horizon and carefully profile the business intent, timeframe and proposed uses for applications, storage and infrastructure.
Capture a full inventory of information assets to fully understand the impacts, risks and costs associated with potentially moving each component to the cloud. This requires assessing the dependencies of data assets, supporting applications, users, the potential impact to users and trends in the use of these assets.
After determining the assets that could potentially be migrated, compare the logistics and costs of shifting to the cloud versus retaining these assets on-premises. Gartner’s Three Rings of Information Governance Model can help with categorizing and prioritizing data to improve business outcomes. This assessment will also reveal opportunities for eliminating resources that have limited future value.
With more data moving to the cloud, including intellectual property and personal and mission-critical information, maintaining its integrity is crucial.
Under cloud computing frameworks, data is often processed or stored in multiple jurisdictions – data disperses across servers that may be located anywhere in the world. Privacy and data-hosting laws vary by country and some are stricter than others. Moving data into or allowing access to data from countries with restrictive data sovereignty laws gives rise to risks. This is why cloud providers are opening new data centers worldwide.
Meanwhile, it is important to have clarity regarding where your data is transported and located and the laws to which it is subject. Keep in mind, for example, the US Patriot Act which allows data maintained by any cloud providers that are US companies to be subject to potential search or seizure by the US government.
The bottom line is that security cannot be completely delegated to cloud providers. It is the responsibility of every public and private sector organization to safeguard information assets by establishing secure and regulatory-compliant use of clouds by implementing and enforcing clear policies and controls. This requires adopting a strategic, risk-based approach to the use of cloud.
A cloud governance framework – the policies, standards and processes involved in planning, acquiring, deploying, operating, managing and securing cloud technologies – establishes the groundwork for smooth cloud implementation.
When moving assets to a public cloud, it’s necessary to clearly understand what governance and security the vendor provides and what responsibilities are assumed by the customer.
It’s not the security of the cloud itself, but the policies related to control of the technology, that present cloud security challenges.
Cloud providers have world-class security safeguards they maintain as an operational necessity for their infrastructure. Cloud security is generally far superior to what can be provided for ageing servers, networks and infrastructure. Still, organizations need to ensure that a strong security model is in place to fully protect the confidentiality, integrity and availability of information assets.
This model should encompass people, processes and technology and include the following key components.
Data sovereignty and compliance are vital considerations when operating in the cloud. Organizations must comply with all legal and regulatory requirements related to the location and transmission of data.
A cloud provider must be able to meet security and privacy policies and procedures as well as regulatory compliance obligations. This requires thorough due diligence of providers and service agreements to assess capabilities, competency and commitment.
A cloud implementation strategy must address protection for migrating information assets and deliver successful user adoption. Having a clear plan and roadmap in place enables organizational leaders to identify the decisions that must be made, the areas that require resources and the challenges that must be addressed. Following are key considerations to accomplish this:
Let’s talk about the practical ways MNP can help your organization enjoy the unparalleled advantages of the cloud.
Sean Murphy is a Partner with the Digital Practice. As MNP’s National Digital Lead, he oversees the team and project delivery, provides leadership in digital product and service development, and is responsible for client relationship management and satisfaction. Sean brings over 25 years of experience in IT and digital transformation from his roles as business and IT strategist, business transformation architect, senior business analyst, BPR consultant and information architect.