For those of us marketing networking technologies, there are some influential trends to watch and be aware of in 2019. We need to be cognizant of these trends as they are shaping the way we do business, the way we buy software, the way we use software, and most importantly, the way we sell software!

We need to be familiar with these trends to effectively communicate the value proposition of networking and cybersecurity products.

Cloud Migration Is Not As Easy As It Seems

According to searchcloudcomputing.com, “cloud migration is the movement of data, applications, or other business elements to a cloud computing environment (searchcloudcomputing.com).” In a previous blog post, we defined cloud computing. 

Other forms of cloud migration include cloud-to-cloud migration. In other words, the movement of data and applications from one cloud service provider (CSP), to another.

Perhaps the most common form of cloud migration is the movement of data from local on-premise servers to the public Cloud.  The move to Cloud is not as easy as it may have seemed. The dash that has been the movement to “the Cloud” may have taken a pause. Cloud is the wave of the future, but companies are struggling with a total move of infrastructure to cloud-based solutions.

Moving corporate email and web infrastructure is relatively straight-forward; the issue is applications and customer data that is regulated and subject to strict privacy regulations

Top Cloud Migration Challenges

1. Lack of a defined strategy and business objectives
2. Cloud vendor lock-in

3.    Security & Privacy

4.    Data volume and velocity

5.    Cost analysis of the entire cloud migration process

Above are just some of the challenges that organizations face when deciding to move to the Cloud. We will explore these and many others in this article.

Cloud Migration Process: 

Below is a list detailing the process of moving data and applications to the Cloud:

• Data and application portability– the ability to transfer data among different application programs, computing environments, or cloud services.  
• Data integrity– ensuring that data is accurate
• Security 
• Business continuity– an organization’s ability to maintain essential functions during, as well as after a disaster has occurred. 
• Interoperability– the ability of computer systems or software to exchange and make use of information. 

The above are moving parts of a cloud migration strategy that CIOs need to orchestrate. Orchestrating all of these different things can be cumbersome. 

Benefits Of Cloud Migration: 

Hosting data in the most effective environment possible. I.e., in the cheapest, most secure, and highest performing environment. 

Cloud Migration Tools And Services 

Cloud service providers offer various services and tools that aid in the cloud migration process. Tools help organizations’ IT teams to migrate their data to the Cloud themselves. However, CSPs also offer services where they move organizations’ data to the Cloud for them.

Examples of data migration tools include: 

• AWS Migration Services– offers tools such as the AWS Database Migration Service, the AWS Server Migration Service, AWS Migration Hub, and the Snow Family of offline data transfer appliances. 
• Azure Migration Tools– Azure migrate, a database migration service, and Databox offline data transfer.

Choosing the right tools and services is an integral part of cloud migration. IT teams need to consider the cost of moving data to the Cloud, what kinds of data they are moving to the Cloud, what type of deployment they plan on using, and how they plan on moving that data. When it comes to cloud migration, organizations must choose between the free tools offered by the public cloud vendors (AWS, Azure, and others), or the more comprehensive, but more expensive tools offered by independent cloud computing companies. 

For example, if an organization’s goals are more focused on disaster recovery, business continuity, or backup needs, then Carbonite Migrate would be a good tool to use. 

However, public cloud providers such as Amazon Web Services (AWS), Microsoft Azure, and Google offer cloud migration services to support private networks for data transfers and offline migrations. 

Therefore, if an organization is looking for private cloud deployment and needs to transfer data from one database to another, then public Cloud might be a good avenue for that organization to pursue. 

Public cloud providers offer tools that help enterprises plan and track the progress of their cloud migration. For example, these tools might collect information about an enterprise’s on-premise environment, such as dependencies.

Reporting on this information can help the company to make more informed migration plans. For more information on cloud migration tools and cloud computing in general, click here.

Cloud Migration Challenges

The push to the Cloud may have paused a variety of reasons. Some of those reasons include:

Security– Not all applications have moved due to the difficulty of moving and managing sensitive data in a cloud environment. Especially since legislation governing data use has become more strict lately and more organizations have been receiving negative PR due to mishandling of data. 

Organizations are worried about security for a variety of reasons. Some of those reasons include: 

Lack of visibility and control– cloud services delivered by third-party providers do not offer the same amount of visibility as on-premise deployments when it comes to administration and management. A lack of visibility can lead to an inability to visualize potential security vulnerabilities. Dzone.com reports that in sectors such as media, cloud adoption is as low as 17% and that visibility is a crucial driver for that low rate of adoption.   

Insecure Interfaces and APIs– as we discussed in a previous blog post, cloud vendors provide their customers with a range of Application Programming Interfaces (APIs), which the customer uses to manage their cloud services. For example, a customer would use an API call to extract information from the cloud database that they are paying Amazon Web Services (AWS) to use.

Unfortunately, APIs are not always secure, even if they were deemed to be initially. Sometimes APIs are found to be insecure at a later stage. A problem that is exacerbated when the client company has built its application layer on top of these APIs, which causes the vulnerability to exist in the customer’s application.

The vulnerable application could be internal, or it could be public and expose private data, which is a common cause of cloud database breaches.

Compliance Complexity– Compliance is tangentially related to security, as data breaches often result in compliance issues. Achieving compliance in sectors such as finance and healthcare are laden with legislative regulations. Therefore, it is much more challenging to achieve full compliance while using public cloud offerings. Dzone reports that 51% of organizations in the USA solely rely on a statement of compliance from their cloud vendor as confirmation that their organization complies with all legislative regulations. 

Again, this goes back to a lack of transparency and the disproportionate amount of control that cloud vendors have over their subscribers. 

Perhaps Congress could pass some legislation (if they have not already) that prevents cloud vendors from either using or gaining so much leverage over their subscribers. Alternatively, Congress could pass legislation stating that part of the onus is on cloud vendors if legislative regulations are not met due to mishandling of regulated data.  

HIPPA – Hospitals are being pressured to move to the Cloud. However, they are incredibly wary of putting even a portion of HIPPA protected data in the hands of third-party cloud providers. According to Aruba Networks, healthcare companies are enthusiastic about IoT, 60% of healthcare organizations use IoT. For example, medical devices using IoT offer real-time data, but that data is not easy to protect. 

Healthcare companies mostly have two options when it comes to protecting data in the Cloud. Healthcare organizations can use HIPPA business agreements when contracting with cloud vendors or HIPAA risk assessments. IT teams can use HIPAA risk assessments to weigh the risks to patient data security against potential actions. 

GDPR -The EU has implemented GDPR as a uniform plan for data protection among the countries in the EU. As more healthcare organizations move toward the Cloud, an additional measure could be availing themselves of hybrid-cloud deployments. Hybrid-cloud deployments could be a solution for GDPR compliance too (more on this later).  

Other Security Concerns

Man In The Middle Attacks – where a third party somehow becomes a relay of data between a source and a destination. The “man in the middle” then has the ability to alter the data being transmitted. 

Distributed Denial of Service Attacks – or a DDoS attack is where an attacker attempts to knock a resource offline by flooding it with too much traffic and then taking advantage of the resource while it is offline and vulnerable.

Account Service Traffic Hijacking – when an individual or organization’s cloud account is stolen or hijacked by an attacker. The cloud account hijacker uses stolen information to conduct malicious or unauthorized activity. Cloud hijackers usually compromised email accounts or similar credentials to impersonate the account owner. These kinds of breaches occur when attackers steal security credentials. Attackers then use those credentials to manipulate data, insert false information, and redirect clients to illegitimate sites. 

Cloud account hijacking is particularly devastating at the enterprise level. Corporation’s reputations can be destroyed, and sensitive data can be leaked. These security concerns circle back to healthcare and financial services organizations and why they are hesitant to move to the Cloud, which is understandable.

Organizations should remain hyper-vigilant when choosing a cloud service provider. Organizations must carefully review potential contracts, compare cloud security and data integrity systems of different cloud providers. Before selecting a cloud service provider, organizations should take into account the number of data loss or interference incidents they have experienced during their existence.

Other Cloud Migration Concerns:

Vendor Lock-In– organizations that rely heavily on public and hybrid-cloud vendors are often in danger of being forced to remain with the same vendor despite unfavorable contracts. Organizations are often forced to stay with the same vendor to maintain operational capacity.  

Therefore, third-party providers are left with enough leverage to force their subscribers into unfavorable contracts. According to Dzone.com, Logicworks performed a survey that found that 78% of IT decision-makers blame the fear of vendor lock-in as a primary reason for their organization failing to gain maximum value from cloud computing.  

Cost– assessing the cost of migrating to the Cloud is another factor that often prevents IT teams from making the migration. Direct costsare easy to calculate; these are the costs that directly influence your balance sheet. Direct costs include things like hardware, software, physical servers, software licenses, maintenance contracts, warranties, supplies, and other costs. 

However, there are certain variable costs that organizations also must take into account when moving example; operational costsmay include, costs of labor for maintenance of servers, costs to connect to the internet, other kinds of fees to take into account are administrative costs necessary for maintaining your IT department. 

Administrative costs may include costs from other departments such as finance or HR. The last kind of cost to consider are indirect costs, which are mainly the loss of productivity suffered by employees and customers when IT infrastructure goes down. For a more in-depth analysis of the cost of cloud migration read this article.

Cost is a big reason why organizations drag their feet when it comes to moving to the Cloud, as there are many hidden costs that are not necessarily obvious without performing financial analysis. There are also many cloud pricing calculatorsthat make this easier. 

Conclusion

While the Cloud is undoubtedly the way of the future, the proliferation of cloud migration has undoubtedly slowed due to the numerous challenges that accompany cloud migration. A public or private cloud strategy is somewhat of a necessity currently and may continue to be in the future. However, due to the security and compliance issues explored in this post, hybrid-cloud solutions are more likely to be the most common cloud deployment in the coming years. 

Keep an eye out for a future post about hybrid-cloud deployments, multiple cloud deployments, SD-WAN, and a deep dive into the security and compliance benefits and challenges of each.