As businesses adapt to the changes brought by the COVID-19 pandemic, any area where money can be saved, agility can be adopted and efficiencies can be gained are welcomed by leadership. It is not surprising therefore that cloud technology adoption is predicted to grow by 35 percent in 2021, reaching US$120 billion.1
Removing the need to maintain or pay for costly infrastructure is a big benefit of cloud, freeing up personnel and resources for higher value work. But large-scale cloud migrations can be complex and require effort and expertise to get right. A strong cloud migration strategy that holistically addresses business needs however, creates a better chance of a smooth transition.
Before you start a migration therefore, consider the following six questions.
To understand the cost-benefit of the move, you should conduct an audit of your current costs to compare to cloud provider offerings. Companies running their own servers or data centres should think about the costs of hardware, computer power, storage and networking. On-premises infrastructure runs with extra space and power to account for computing power spikes, growth and hardware failures. Without physical servers, there is no excess cost, no hardware and no need to license software to run it.
Beyond the equipment itself, there’s also real estate, power costs, cooling equipment, fire protection and climate controls. Additionally, some businesses will have a disaster recovery site — potentially doubling costs — and the IT tools to operate and maintain it alongside physical security and access control.
With those calculations in hand, assess the cloud market. There are tools in the market that can help model different migration scenarios: for example, assessing based on servers (workload) and computing, or the optimisation of performance.
Do you have a framework for classifying your data and its sensitivity? It’s imperative to know if the data you have at your disposal is fit to reside on shared cloud infrastructure, whether it can reside in countries other than yours and what level of security you are planning to put in place to protect it. For defence, law enforcement and health, for example, privacy and sovereignty controls may not allow data to cross jurisdictional borders or reside in public clouds. (If this is the case for you, there are still ways to utilise cloud infrastructure with colocation options or hybrid and edge models).
Other questions to think about include: Are offshore personnel allowed to access your data? Are you going to follow a 3rd party compliance regime (like SOC2) or an internal security policy framework? Regardless of which, or where your data will be, it is highly recommended to have a policy of some description in place. Familiarising yourself with government cloud security guidelines will provide a sound foundation on all aspects of data policies and guidelines.
As with all new technology there are risks associated — cloud is no exception. By assessing the potential risks (a risk management framework can be used to classify risks by likelihood, severity and impact) and having the right people or governance boards in place will ensure the right level of engagement. All frameworks should be followed by a risk mitigation strategy (for example proactive and detective controls that will alert the right teams in case of a potential data security breach) that will allow the organisation to take action on any suspicious or even accidental activity. While a security incident might not be avoidable, it can be contained if actioned on time.
Along with risk management, it’s a good idea to consider the legal implications of a cloud migration. Depending on your organisation, you could assess the business as a whole, or you may need to look at specific software applications to understand any legal implications. Things to consider include: Where will software applications be used? Will they be used in one country, or many? Are there contractual obligations that might prevent an application from moving to the cloud? Legal restrictions may need to be put in place to remain compliant. This is a complicated topic which we often see addressed as an afterthought instead of (very) early in the journey. A good practice to ensure the right contracts are in place and that non-technical items have been considered thoroughly is to create a cadence (for example weekly check-ins) between the IT and the legal teams.
Depending on the maturity level of off-the-shelf applications, you might find that a vendor may not be able to support an application (virtual desktops, databases, identity services etc) in a cloud environment. Although this is becoming rarer, it needs to be considered upfront. The last thing you want is to find out that you have breached a vendor support contract in the middle of an outage and have to move the application back to on-premises infrastructure to resolve your issues. Lengthy downtime shortly after a cloud migration can also raise questions regarding the stability (and credibility) of cloud environments and open strategy to second-guessing — something that all IT execs want to avoid.
Before you start a migration, you need to ensure that you have built a secure environment in the cloud to host your applications and data. A few components (among many) that make up a secure environment can be: firewalls, encryption at transit, encryption at rest, VPN tunnels and multi-factor authentication. If you don’t have these, it’s time to invest in core cloud infrastructure. Usually, a secure cloud environment will be one that is connected to the physical office via dedicated and network links, along with redundancies. These will need to have enough bandwidth to adequately connect users with applications in the cloud without performance degradation.
The cloud is a great option for businesses wanting to reduce overheads and tighten up productivity, but migration can be daunting. However, with the right assessment done beforehand, and the appropriate level of due diligence and governance, it can be a great strategic option. Once connected, automation tools that natively integrate can help teams be more efficient and keep your IT and ops teams interested and engaged. At the end of the day, with the number of businesses taking up cloud services and realising its benefits, your migration could be a key part of keeping up with industry and retaining that all powerful competitive edge.
© 2017 - 2024 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details. Liability limited by a scheme approved under Professional Standards Legislation.