I heard a cloud readiness assessment is one of the best ways to prepare for a cloud migration. How do such assessments...
work, and what key security points should we focus on in them?
Readiness assessments are excellent tools to employ as part of your cloud migration. They essentially require you and others in your business to clearly define your organization's current state of operations from a business and a technical perspective, identify what you hope to achieve by moving to the cloud, and understand gaps between where you are where you want to be.
The gap analysis is particularly important. Unless you simply want to replicate your on-premises infrastructure in the cloud, you will be migrating to what should be a more efficient, scalable, reliable and/or maintainable infrastructure. Wayne Gretkzy's quip that "A good hockey player plays where the puck is. A great hockey player plays where the puck is going to be" resonates with the opportunities presented by a cloud migration.
To perform a gap analysis, start with business operations: How will they change? Do you expect to increase the number of customers in new markets? Will you be introducing new products that require new types of online support services? Note, you do not need well-defined, certain answers to all of these questions. For example, your customer base might grow by 5% in the first quarter or it might grow by 15% or more. One of the advantages of using the cloud is that you can scale compute and storage resources as needed. The cloud is not a panacea though; you may have component or workflows that create bottlenecks.
This leads to a second key factor of a cloud readiness assessment: your current infrastructure and workflows. Are there manual processes in workflows that will not scale? These present opportunities to automate. Also watch for software license restrictions; can you run a mission-critical application in the cloud? How will be you charged? Be especially careful about licensing models; the cloud is well-suited for pay-for-what-you-use licensing. Enterprise licensing evolved in a different technical environment; watch out for legacy software pricing models that might restrict how many server instances or concurrent users can make use of the software.
A third element of the cloud readiness assessment examines your logical and physical infrastructure. How well do these map to cloud deployments? If you have substantial experience with server virtualization, you may find a relatively smooth transition to the cloud. Remember that security is a shared responsibility between cloud providers and cloud users. Consider how your organization's security practices -- especially access controls, encryption and need for virtual private networks -- will fit with a cloud deployment.
Ask the Expert:
Perplexed about cloud security? Send Dan Sullivan your questions today. (All questions are anonymous.)
Think you're ready for the cloud? Take SearchCIO's quiz to find out
Dig Deeper on Cloud Computing Frameworks and Standards
Related Q&A from Dan Sullivan
Docker's recent upgrade introduced support for hardware signing and in the future, automated security analysis on Docker images. Expert Dan Sullivan ... Continue Reading
Cisco's new project Contiv automates operational policies for containerized applications in the cloud. Expert Dan Sullivan explains the benefits of ... Continue Reading
Dropbox API abused by attackers posing as legitimate users in a huge spear phishing campaign. Expert Dan Sullivan explains how to mitigate the risks ... Continue Reading