Running in Cloud:
Insight from Tech Leaders

Post • 6 min read

Migrating to the cloud can feel like running a marathon. There’s gold waiting at the finish line, but unfortunately sometimes also a few bumps in the road, painful mistakes and long, tough times when you get tired and want to give up.

But cloud migrations don’t have to feel like this.

  • What if the race was shorter? 
  • What if you were fitter, faster and had the right support every step of the way? 
  • And what if you didn’t just win the race, but continued getting stronger and healthier into the future?

It's why we spoke with C-level tech leaders about cloud migrations. Here are the key takeaways for anyone looking to streamline the race to cloud – and avoid hurdles along the way.

Getting a fast start with cloud

We started by looking at best practices and pitfalls around the start of cloud journeys. Here’s a common situation that came up – an IT leader comes into the office and notices that someone, somewhere has put something in public cloud. Another day, there are a few more workloads elsewhere in the organisation. Thus begins a trickle of uncoordinated, cloud-based activity.

This is a potentially risky and costly situation because it leads to security and governance issues as well as spiralling costs. Before letting people do their own thing in public cloud, you need to think strategically about the organisation’s cloud journey – and establish the right foundation.

Start with a managed cloud foundation

So you want to structure the start of your cloud journey. One of the biggest mistakes we see organisations make here is launching into cloud without having a landing zone. That way lies disaster. This cloud foundation is essential because it gives you:

  • Defined rules and responsibilities that deliver the right security, governance and compliance
  • Ready-made tools and automation, so you’re not wasting time and money reinventing the wheel
  • More internal resource to develop on cloud – instead of bogging people down with unnecessary IT management

Building a fully secure landing zone is expensive and time-consuming. There’s no point doing this when you can leverage existing, proven solutions and have your partner manage/monitor the most critical elements.

Taking the inside track to speed up value from cloud

During the discussion, our panellists discussed 3 common migration pitfalls based on the hundreds of projects they’ve been involved in:

  • No one in the organisation truly understands the systems and applications – this can be down to lack of documentation or the fact that key people and vendors are long gone. When you don’t know what you’re working with, it’s hard to understand what the cloud journey should look like or what should be prioritised
  • People focus on the tech rather than the strategy – this ties into that lack of understanding. When you don’t have visibility of your infrastructure, application and data estate, it can seem easier to approach cloud like you would any other tech deployment. However, what seems like a quick fix can leave you with big operational costs; and if you try and refactor too much, you won’t deliver value fast enough for the business
  • Not defining security requirements until migration has already started – or until the manage phase. Don’t wait that long to consider why and how you’re controlling access or managing vulnerabilities introduced by third-party solutions that will sit in cloud

To avoid these pitfalls, you need to start with an effective assessment. This doesn’t need to be a long, expensive consultancy exercise. In our experience, the best approach is a tool-driven assessment of your infrastructure and application estate.

  • The technical discovery provides an accurate view of your existing requirements and performance, so you can determine what cloud capacity you’ll need post-migration. It also forms the basis of your business case
  • The application assessment analyses elements such as source code, software quality, dependencies, lifecycles, security and maintenance. This process can also include important data considerations, because these can be major hidden costs of running legacy applications

Based on the assessment, you can then use a rules engine to decide the best migration and modernisation approach for each application (i.e., rehost, replatform, refactor). This involves cloud-native tooling that combines technical and application data and uses customised parameters specific to your needs. These then form the basis of a migration roadmap.

Staying strong with robust security

The goals of security operations are the same in cloud vs on-prem, but the approach is completely different.

  • Responsibility – you have total control over your on-prem security. You might outsource this, but you’re still responsible. In cloud, there’s shared responsibility across you, your partner and your cloud vendor. For example, you’re responsible for managing identities, applications and data (leveraging established tools like Azure Active Director and Azure RBAC), whereas your partner is responsible for securing the cloud infrastructure (landing zone) and the applications and services deployed on it
  • Scalability and flexibility – cloud isn’t a static situation line on-prem, so you need a more dynamic approach to security
  • Incident response planning – needs alignment between your teams, your partner and your cloud vendor – and should be discussed early in the assessment phase. Think of it this way: if you have 4 workloads with 4 different owners, you need those 4 stakeholder groups to be prepared 
  • Data protection – public cloud has a great deal of in-built data protection-related compliance. However, the mechanisms are handled differently than they are with on-prem, so you need to plan in advance regarding response measures

There are 3 types of cost associated with securing cloud:

  • Tooling
  • Security Operations Centre (SOC)
  • Security development

To give you a benchmark, Azure security tooling, on average, makes up about 6% of security costs. The overwhelming majority of costs come from the SOC and security development. Under-securing your environment comes with obvious risks, but over-securing it will be unnecessarily expensive.

Our panellists’ top tip was to use an experienced partner to help set up your security operations, processes and tooling. That way, you end up with the right level of security at the right cost.

To sum up: the assessment phase is key

When have the visibility over your infrastructure, applications and data, you can work strategically, balancing quick wins and sustainable value. Start off blind, and you risk ending up with an unwieldy cloud estate, security vulnerabilities and big capacity bills.

But remember – go for an assessment that’s:

  • Tool-driven – and therefore fast
  • Comprehensive – so you get a true picture of your environments and therefore a more accurate business case
  • Low cost – so you get a faster time to value

Learn more about how it works in this story of Sponda’s experience:

Need help getting things right?

From a quick lift-and-shift to refactoring, our experts are ready to help you migrate and modernise in a way that balances quick wins and sustainable value. So, whether you need to migrate new workloads to the cloud or boost stalling migration projects, we're here to help. Get in touch using the form below or find out more about our migration services here.

Get in Touch.

Let’s discuss how we can help with your cloud journey. Our experts are standing by to talk about your migration, modernisation, development and skills challenges.

Ilja Summala
Ilja Summala LinkedIn
CTO
Ilja’s passion and tech knowledge help customers transform how they manage infrastructure and develop apps in cloud.