Mark Pidgeon, vice president of technical services and customer success at Sumo Logic, explores the steps to a successful cloud migration.

What cloud migration steps should an organisation follow?

“He that will not apply new remedies must expect new evils; for time is the greatest innovator.”

Those words are almost 400 years old, but Francis Bacon’s warning on the nature of time remains starkly relevant for CIOs facing an increasingly digital-first, cloud-native business world.

The benefits of change to your organisation can be significant, but the journey there can be difficult.

Cloud migration can reduce capital expenditure and provide more predictable operation costs for these new changes; at the same time, the limitless elasticity and scalability of cloud computing promises to help any organisation remain competitive in this century’s highly aggressive business world.

It’s therefore not surprising that we are seeing companies attempting vast digital transformations involving cloud migration, the adoption of new architectures based on containerisation, micro-services and, where implementation is relevant, serverless.

However, it’s also not surprising that research regularly indicates that many cloud migrations aren’t as successful as companies expect them to be.

Let’s run through five reasons why a cloud migration doesn’t always deliver, so you can avoid them entirely.

1. Digital transformation is people

Cloud migration is part of a journey to becoming a cloud-first business where digital technology is integrated into all areas of an organisation.

Some companies fail to realise that this is a massive cultural as well as technological change.

You will need to prepare your teams for the change as any initiative will involve more cross-functional departments working together, reshaping workgroups and discarding some long-standing business practices.

The latter, in particular, will mean that some employees will actively resist the change.

Whether you succeed in this area will largely come down to leadership.

First, you should establish clear lines of support as your people face the challenges of technological disruption.

Secondly, provide your team with the resources they need to be successful.

This is a way to empower your teams to work together.

Rather than encouraging silos of expertise, it will democratise access to valuable insights throughout your business.

For instance, integrating data analytics into your transformation has to be accompanied by sufficient employee training on how to use that data every day.

This preparation will enable your teams to leverage analytics across the many areas of your organisation, such as operations, business and security.

2. Let your teams find the right paths

Punching through and transforming a key part of your legacy infrastructure with a ‘spear tip’ DevOps team is an effective approach.

However, this will only work if the team is empowered to innovate and, importantly, make mistakes and learn lessons as they work.

This team can then become a proof-of-concept for the rest of the company.

Rather than expecting a massive structural change to occur overnight, it’s important not to forget that large scale migrations often take time when done properly.

For example, Pitney Bowes has expanded into global e-commerce in recent years and reinvented itself using SaaS (Software as a Service) and a cloud-based business portfolio.

Back in 2015, it reviewed its ageing server and network infrastructure and decided to completely overhaul a vital component, its Transportation Hub.

This project involved a high-profile cloud migration of its Omaha data centre to AWS.

Since then it has taken a three-phased cloud migration strategy global.

Early on in the process, Pitney Bowes recognised that it needed to establish a dedicated, highly skilled Commerce Cloud team for the project.

Phase one involved a ‘lift and shift’ to AWS and the closure of several data centres across the world.

Phase two was focused on standardisation, dumping standalone solutions and developing best practices around key requirements, such as human readability.

JSON became the de facto logging standard across the organisation, and this standardisation paved the way for the adoption of micro-services and the emergence of a continuous integration (CI) lifecycle that has made it possible for Pitney Bowes to integrate new code early and often.

In 2019, four years on, it’s focused on optimising and expanding its Pitney Bowes Commerce Cloud into areas such as location intelligence and has deep, immediate insights into its more than 70 applications.

3. Do you know DevSecOps?

Cloud security is another clear area to keep top of mind during any successful cloud migration effort.

With cloud, responsibility is shared across your organisation and your cloud provider.

While the underlying infrastructure is the responsibility of the public cloud operator, everything on top – from operating systems, application components, software, firewalls, and other security-oriented technologies – should be viewed as under your organisation’s care.

For 2019, security remained among the top five challenges, according to RightScale.

This matched last year’s result at 81% of 786 technical professionals and indicates that without solid planning, security can create great uncertainty.

This is where DevSecOps comes in.

As the term itself suggests, DevSecOps essentially involves integrating security practices within the DevOps process from beginning to end.

When planning for cloud migration, security protocols need to be baked into the development process, which involves having a more flexible collaborative culture between release engineers and security teams within an agile framework.

In DevSecOps, the goals of increased speed of delivery and secure code flow together to create a process that sees security testing occur in iterations while not impeding delivery cycles.

DevSecOps sees ‘security as code.’

What this means in practice is that code is delivered in small chunks, so vulnerabilities can be spotted quickly and anyone can submit changes.

It’s a more proactive approach that also sees compliance monitoring baked in from the outset.

With this in place, your organisation is effectively in a constant state of audit readiness.

Threat investigation is ongoing to stamp on any emerging threats and vulnerabilities are identified with code analysis while the process of responding and patching is assessed as well.

Finally, both software and IT engineers should be encouraged to keep themselves at the forefront of their skills, benefiting themselves as well as the company.

Some exponents of DevSecOps have compared the method to a martial art and you can understand why, but it’s an effective way of securing a company running modern applications and infrastructure.

4. Migrating needs more data

To quote another voice of searing clarity, Thomas Carlyle: “Nothing is more terrible than activity without insight.”

The same applies to cloud migration: you can’t assess what isn’t being measured.

Establishing a data-driven baseline before a cloud migration takes place is a vital way to evaluate the current on-premise configuration and compare it to the performance of your configuration after migration.

A data analytics platform that’s deployed at the start of the project will pinpoint potential vulnerabilities in those petabytes of raw data before and after cloud migration, and it will help you establish good policies and procedures for safeguarding your environment before and after any move.

More importantly, getting this information in a timely way can help everyone work more efficiently.

A man opens his emails on a laptop in the foreground of a meeting with three people sitting at the table with coffees

Bringing together information from your infrastructure – otherwise known as machine data – you can analyse what results you are seeing alongside the performance of your IT services to deliver those results.

By measuring results over time – and in real time – you can plan ahead on where improvements can be achieved.

5. Hybrid is not a compromise

Over time, the mix of IT will move from on-premise to hybrid cloud and public cloud deployments, and those deployments will become more complex.

For example, Sumo Logic’s own research has found that the number of companies running multi-cloud has doubled in the past twelve months from 2017 to 2018.

Over time, your implementation strategy may change, moving from a mix of different platforms to hybrid or multi-cloud deployments.

Whatever changes take place, it’s important to keep up a level of insight that looks across all these components equally and makes that information understandable.

Looking across on-premises IT and new cloud-native application deployments should help you see where more work is needed to meet security goals and where more value can be generated for the business.

Digital transformations are complex and the process of evolving from legacy systems and top-down command and control strategies to one that is cloud-based, agile and team-driven will be a challenging one.

However, using the data from your own infrastructure, you can make more of these projects and deliver more value back to the organisation.

While Bacon was right that time can be a great innovator, working with data in real time can help you get ahead of your competition.

Original Article via Information Age