researchHQ’s Key Takeaways:
- The cloud is an opportunity to save costs and increase efficiencies. However, before making the jump, organisations should weigh the pros and cons.
- When migrating their data and applications to the cloud, organisations must assess the potential costs, security risks, and legal implications.
- It is also essential to assess how effectively an organisation’s legacy data and applications are suited to cloud environments.
- An effective cloud strategy will help ensure a smooth transition, enabling organisations to reap the cloud’s full benefits.
- Increasingly, businesses are turning to the cloud to save costs and drive efficiencies.
- Before initiating a cloud migration, organisations should assess and weigh the pros and cons.
- A good cloud strategy should address all business needs and will go a long way towards a successful migration.
As businesses adapt to the changes brought by the COVID-19 pandemic, any area where money can be saved, agility can be adopted and efficiencies can be gained are welcomed by leadership. It is not surprising therefore that cloud technology adoption is predicted to grow by 35 percent in 2021, reaching US$120 billion1
Removing the need to maintain or pay for costly infrastructure is a big benefit of cloud, freeing up personnel and resources for higher value work. But large-scale cloud migrations can be complex and require effort and expertise to get right. A strong cloud migration strategy that holistically addresses business needs however, creates a better chance of a smooth transition.
Before you start a migration therefore, consider the following six questions.
1. Will the cloud save you money?
To understand the cost-benefit of the move, you should conduct an audit of your current costs to compare to cloud provider offerings. Companies running their own servers or data centres should think about the costs of hardware, computer power, storage and networking. On-premises infrastructure runs with extra space and power to account for computing power spikes, growth and hardware failures. Without physical servers, there is no excess cost, no hardware and no need to license software to run it.
Beyond the equipment itself, there’s also real estate, power costs, cooling equipment, fire protection and climate controls. Additionally, some businesses will have a disaster recovery site — potentially doubling costs — and the IT tools to operate and maintain it alongside physical security and access control.
With those calculations in hand, assess the cloud market. There are tools in the market that can help model different migration scenarios: for example, assessing based on servers (workload) and computing, or the optimisation of performance.
2. Where can your data sit?
Do you have a framework for classifying your data and its sensitivity? It’s imperative to know if the data you have at your disposal is fit to reside on shared cloud infrastructure, whether it can reside in countries other than yours and what level of security you are planning to put in place to protect it. For defence, law enforcement and health, for example, privacy and sovereignty controls may not allow data to cross jurisdictional borders or reside in public clouds. (If this is the case for you, there are still ways to utilise cloud infrastructure with colocation options or hybrid and edge models).
Other questions to think about include: Are offshore personnel allowed to access your data? Are you going to follow a 3rd party compliance regime (like SOC2) or an internal security policy framework? Regardless of which, or where your data will be, it is highly recommended to have a policy of some description in place. Familiarising yourself with government cloud security guidelines will provide a sound foundation on all aspects of data policies and guidelines.
3. What are the risks (and how can you mitigate them)?
As with all new technology there are risks associated — cloud is no exception. By assessing the potential risks (a risk management framework can be used to classify risks by likelihood, severity and impact) and having the right people or governance boards in place will ensure the right level of engagement. All frameworks should be followed by a risk mitigation strategy (for example proactive and detective controls that will alert the right teams in case of a potential data security breach) that will allow the organisation to take action on any suspicious or even accidental activity.