Select Page

When it comes to cloud migration, you’ve likely come across endless articles and blogs showcasing dozens of tips and tricks on establishing an effective cloud migration strategy. In this blog, we’ve done the heavy lifting and distilled the list down to the top three myths to avoid falling victim to and top three best practices to adopt in your cloud migration journey.

[Related Reading: AWS Cloud Migration Best Practices]

Identifying and Debunking Myths of Cloud Migration

Myth #1: Cloud migration means less responsibility

Migrating to the cloud does not mean less responsibility. To simplify it: the cloud is just another person’s computer. You’re essentially having someone else host your programs for you (such as a public cloud provider).

There is an assumption that problems will go away when you move to the cloud because it’s quicker, easier, and cheaper. However, your responsibilities aren’t going away. Assets, applications, and servers previously on-prem still need to be managed and secured, albeit in a different environment.

What changes is your focus. For example, you’re now adding new architecture concepts that have to be understood, and you’ll be accountable for your portion of the shared responsibility model. In some cases, you’ll be able to shift the focus of your resources to business priorities that may not have been previously possible because of resource constraints.

Myth #2: There is only one right vendor for your organization

Depending on who you talk to, you’ll hear “Azure is best” or “AWS is best” in terms of public cloud providers. When it comes to cloud adoption, best is relative and unique to every organization.

When researching or selecting a vendor, you’ll want to consider several factors — everything from existing technical expertise to business processes. Ask yourself:

  • What technology is your team/organization most familiar with?
  • Which vendor best aligns with your existing (or desired) billing requirements?
  • What additional training is required, and are the necessary resources available?

In most cases, there isn’t a one-size-fits-all option when it comes to defining your cloud migration strategy. Let’s assume you come from a Microsoft background or are used to dealing with Microsoft servers and systems. When you move to the cloud, many of the common principles will stay the same. There is a high likelihood you’ll be better equipped to understand Azure, or at minimum, reduce the learning curve of moving to the cloud.

Myth #3: Cloud is secure

This myth is a dangerous one, rooted in the assumption that being in the cloud means implied security. The reality is, if you have a vulnerable application on-prem, it will be equally or potentially more vulnerable in the cloud. You’re simply shifting problems elsewhere.

It’s easy to get trapped in this myth because vendors have made it easy to configure and get set up in the cloud. While getting configured may be a breeze, it doesn’t mean it’s secure. You must be vigilant with security best practices as you move to the cloud and build out your cloud migration strategy.

Integrating Best Practices into Your Cloud Migration Strategy

Now that you’re aware of the myths, what best practices should you adopt? Below are three that every organization should incorporate in their cloud migration strategy.

Best Practice #1: Security

Organizations often fail to make this their top priority. There are two key security considerations that must be addressed:

  • Make sure security best practices are being followed. The role of security is to identify potential problems of cloud migration early on, like identifying vulnerable servers and ensuring they don’t get migrated until secured. From the start, it’s critical to understand that there are new risks and identify how they could impact your cloud journey.
  • Maintain a secure development perspective. Understanding architecture and business requirements helps guide the project team and stakeholders to complete the migration securely. This task often falls on the shoulders of data privacy, infosec, and compliance teams, all of which have historically focused on securing on-prem networks. As you move to cloud (regardless of the migration strategy you pick), you are completely changing the playing field. Those teams are now responsible for securing a new environment that they may not be familiar with. This poses a new set of challenges for those security teams, as they work through the learning curve. Make sure the secure development focus doesn’t get lost along the way.

Best Practice #2: Visibility

Visibility is critical when moving to the cloud, and the best part about cloud migration is that you gain access to a wealth of analytical data that helps you understand what is going on across your environment (e.g. billing, compute power, utilization costs). Regardless of migration strategy (e.g. rehosting, refactoring, rearchitecting), make sure to pause and analyze the stats and data — understand what it’s telling you, as that will provide insight into whether or not a chance of course is needed.

As an example, let’s assume you’ve moved your infrastructure into IaaS, which is hosted in the cloud. You’ll want visibility into the areas where you could be utilizing services more efficiently and consolidate them where appropriate. This level of visibility can highlight opportunities for improvement or bring light to positive use cases that could be showcased across your organization.

Best Practice #3: Compliance

Although there is a tendency to start with compliance as a checklist item, it’s often an outcome of good security and visibility. Regulatory requirements are achieved when the basic, foundational security elements are put in place at the onset of your project. Compliance tends to be cyclical, and your compliance posture may change over time.

In many organizations, agile project management demands compliance checks on a regular cadence, so don’t wait until the checks are required before getting everything in order. Staying ahead ensures you’ll be able to achieve and maintain compliance quickly.

To learn more about developing a safe and secure cloud migration strategy, watch the on-demand webinar Selecting the Right Cloud Migration Strategy for Your Business.

Edward Merrett
About the Author
Edward Merrett
Edward Merrett is a Senior Cyber Security Professional specializing in Security Operations, Cyber Threat Intelligence, and Incident Response. He’s currently the Cyber Security Operations and Incident Response Manager at McArthurGlen, building out the digital security and incident response functions alongside MSSPs, as well as promoting good security practices across the business and ensuring security awareness is adopted for all. Edward is the founder and researcher at HackableYou, a dedicated Cyber Security Podcast aiming to inform, educate and inspire all levels of interest in the industry.

Related Post

Ready to protect your company with Alert Logic MDR?