Nine key considerations for a successful cloud transition

The following best practices will enable both private and public sector organizations to chart a path to the cloud that will safely navigate the complexities and risks to achieve you organizational goals.

Looking for the cloud to generate “quick fixes” often leads to complexity breeding more complexity – and wastes time, effort and expense. This relates to attempting to replicate existing IT information, application and technology infrastructure within a cloud ecosystem.

Instead, organizations need to consider the entire IT environment and identify areas that present a robust business case for moving to the cloud.

Start by building a business case for the return on investment of a cloud transition strategy.

Define expected business outcomes and how cloud technology can achieve these. This provides an opportunity to rethink — and improve — architecture and workflows. Consider how shifting into a cloud-based platform might accelerate productivity, increase functionality, reduce costs, and improve customer experiences.

Information technology infrastructure is expensive: equipment, systems, labour, maintenance, upgrades – the list goes on – particularly if an organization is repurposing legacy technologies.

Utilizing cloud pro­viders addresses this issue on several levels. First, customers rent rather than buy. Second, contracts with cloud service providers typically include the costs of system upgrades, new hardware and software. These suppliers are also responsible for capacity planning, administration, maintenance, troubleshooting, and backup.

Cloud also offers scalability – customers only pay for what is used. As an organization’s needs change, cloud services and tools can rapidly upscale or downscale.

Like any technology, the costs and benefits of cloud applications, storage and infrastructure should be clearly understood prior to moving forward. For example, since many of the costs for cloud would be categorized as operating expenses, they may be perceived as significantly more expensive than those associated with on-premise systems that would typically be categorized as capital expenditures.

As well, it is important to carefully estimate traffic to and from the cloud because charges for transmission of data/workloads to the cloud can be significant.

Consequently, organizational leaders should view needs on a long-term horizon and carefully profile the business intent, timeframe and proposed uses for applications, storage and infrastructure.

Capture a full inventory of information assets to fully understand the impacts, risks and costs associated with potentially moving each component to the cloud. This requires assessing the dependencies of data assets, supporting applications, users, the potential impact to users and trends in the use of these assets.

After determining the assets that could potentially be migrated, compare the logistics and costs of shifting to the cloud versus retaining these assets on-premises. Gartner’s Three Rings of Information Governance Model can help with categorizing and prioritizing data to improve business outcomes. This assessment will also reveal opportunities for eliminating resources that have limited future value.

With more data moving to the cloud, including intellectual property and personal and mission-critical information, maintaining its integrity is crucial.

Under cloud computing frameworks, data is often processed or stored in multiple jurisdictions – data disperses across servers that may be located anywhere in the world. Privacy and data-hosting laws vary by country and some are stricter than others. Moving data into or allowing access to data from countries with restrictive data sovereignty laws gives rise to risks. This is why cloud providers are opening new data centers worldwide.

Meanwhile, it is important to have clarity regarding where your data is transported and located and the laws to which it is subject. Keep in mind, for example, the US Patriot Act which allows data maintained by any cloud providers that are US companies to be subject to potential search or seizure by the US government.

The bottom line is that security cannot be completely delegated to cloud providers. It is the responsibility of every public and private sector organization to safeguard information assets by establishing secure and regulatory-compliant use of clouds by implementing and enforcing clear policies and controls. This requires adopting a strategic, risk-based approach to the use of cloud.

A cloud governance framework – the policies, standards and processes involved in planning, acquiring, deploying, operating, managing and securing cloud technologies – establishes the groundwork for smooth cloud implementation.

When moving assets to a public cloud, it’s necessary to clearly understand what governance and security the vendor provides and what responsibilities are assumed by the customer.

It’s not the security of the cloud itself, but the policies related to control of the technology, that present cloud security challenges.

Cloud providers have world-class security safeguards they maintain as an operational necessity for their infrastructure. Cloud security is generally far superior to what can be provided for ageing servers, networks and infrastructure. Still, organizations need to ensure that a strong security model is in place to fully protect the confidentiality, integrity and availability of information assets.

This model should encompass people, processes and technology and include the following key components.

• Understand the level of protection needed for each information asset.
• Determine what is at risk and how much risk you are willing to assume.
• Establish appropriate controls.
• Devise relevant metrics.
• Ensure that sufficient backup and recovery safeguards are in place.
• Verify compliance with industry regulations.
• Educate information users about security guidelines.
• Continually assess and address risks.

Data sovereignty and compliance are vital considerations when operating in the cloud. Organizations must comply with all legal and regulatory requirements related to the location and transmission of data.

A cloud provider must be able to meet security and privacy policies and procedures as well as regulatory compliance obligations. This requires thorough due diligence of providers and service agreements to assess capabilities, competency and commitment.

• Where is infrastructure located and how does it work?
• How will data be stored and used? What are the backup and recovery capabilities?
• What are the provider’s governance and compliance policies and practices?
• What is the experience and technical expertise of key personnel?
• What security and privacy awareness training does the provider conduct?
• What are the policies related to adopting new technologies?
• What are the terms of the contract and their implications; e.g. does the contract include downscaling? What would be the cost of exiting?

A cloud implementation strategy must address protection for migrating information assets and deliver successful user adoption. Having a clear plan and roadmap in place enables organizational leaders to identify the decisions that must be made, the areas that require resources and the challenges that must be addressed. Following are key considerations to accomplish this:

1. Capture baseline metrics and establish cloud migration key performance indicators (KPIs). Developing and monitoring KPIs helps to identify problems during migration and to measure success. KPIs such as response times, availability and conversion rates can quantify engagement, performance and user experience.
2. Create a data migration roadmap. To minimize unnecessary costs associated with migrating poor data, begin with a data quality assessment. This involves identifying which data to migrate and determining how and when to move each asset to the cloud, including how to maintain data integrity and operational continuity during migration.  Establish migration timeframes and responsibilities and identify risks that must be mitigated. Some cloud suppliers provide migration services and there are also independent cloud migration service providers that offer support ranging from high-level planning, to training and execution.
3. Implement a change management strategy. The cloud is transformational, and employees must be prepared. This requires educating staff regarding the impact on their work and providing training related to changes in processes and technology.

Let’s talk about the practical ways MNP can help your organization enjoy the unparalleled advantages of the cloud.

Sean Murphy is a Partner with the Digital Practice. As MNP’s National Digital Lead, he oversees the team and project delivery, provides leadership in digital product and service development, and is responsible for client relationship management and satisfaction. Sean brings over 25 years of experience in IT and digital transformation from his roles as business and IT strategist, business transformation architect, senior business analyst, BPR consultant and information architect.