By now, the business benefits of moving to the cloud aren’t questioned anymore. In fact, the adoption of cloud has followed a similar path than any other new technology. It needed first to be perceived as useful and easy to use. After all, the adoption of any digital technology always elicits change that, in turn, has to do with users’ behaviour and the underlying set of personal and organisational values.
In Luxembourg, cloud transformation isn’t going as fast as it does in some other regions but we are seeing an increasing number of companies engaging with it.
While a minority of them has moved completely to the public cloud, others are adopting an hybrid approach using both private and public cloud solutions. The latter often start the cloud path by learning the basics and building a secure and consistent architecture. Having that as a solid base allows them for a progressive move of their workloads to the cloud.
This article’s goal is to offer a summary guide for cloud transformation that you can use to benchmark your current transformation process or as a guide if you’re yet to get started.
Cloud transformation starts from the inside
Step 1: Assess your business case
Define the triggers or motivations for cloud transformation. Are you looking to save costs or to accelerate digital innovation? Maybe both? Because the first doesn’t exclude the latter by any means. Regardless of the motivation, we recommend you to clearly document your business case, including an analysis of the direct and indirect costs of your existing infrastructure against the cost of the future cloud or hybrid environment.
Step 2: Define a solid cloud strategy
The objective of this step is to prepare the move of your applications to the cloud as seamlessly and securely as possible. Let’s dissect this step.
First, perform an assessment of your existing applications which will help you to choose the most suitable cloud migration model for each of them. This process could be either manual or automatic. You may want to take advantage of the cloud assessment tools in the market. With them, you can get an holistic view of the assets and the relationships between them.
When performing the applications assessment, pay special attention to these aspects:
- Get a clear understanding of the architecture of each application for both the off-the-shelf and the internally developed ones. Also, look into their dependencies with hardware or other applications, interfaces, etc.
- Understand the business criticality of each application. For instance, determine whether it must be up and running 24/7 and what the impact of a downtime would be on your business.
- Analyse the sensitivity of data. You must understand whether the data is classified or contains personal information and if it can reside on a public cloud or be hosted in other regions. Then, define the level of security you must be put in place to protect it.
The ultimate result of this exercise is twofold: making up the list of applications that can be moved to the cloud, and for each of them, have determined a migration strategy. Each application can either be “repurchased” under a SaaS model, “re-platformed” or “re-architected” so that it can fit into a cloud native model.
Companies should be very cautious when storing highly sensitive data in the cloud. Involving the Data Protection Officer (DPO) and the Chief Information Security Officer (CISO) in the assessment of applications that expose such data is always a good idea. A smart way to go about is to store the most sensitive data in a private cloud or keep them on-premise.
Step 3: Define the cloud architecture
Start off by setting up a “landing zone”.
A landing zone should be the starting point of your cloud transformation journey. It is an environment that you prepare and configure to host your future workloads in the cloud. It must be designed according to best practices and follow your organisation’s policies and standards.
See, this parallel example is clarifying. When building a new data center, you need physical access control, networks, dedicated server rooms and surveillance cameras. When building your cloud environment, you will need Identity and Access Management, Role-Based Access Control, virtual networks, subscriptions and accounts for your organisational units, and monitoring and logging. You want to define and implement all these key requirements in your cloud landing zone.
Given that landing zones are implemented using Infrastructure as Code (IaC), this will allow you to build consistent, trusted, rapid and repeatable environments in an automated fashion.
Key considerations of a cloud transformation you should not miss
Like in any other technology adoption endeavor, governance plays a major role. It’s the unavoidable factor to guarantee continuity and long-term success.
The two key aspects of your governance are the control of costs and the mitigation of risks, especially the ones linked to security. Among others, we advise you to put in place clear policies. For instance, you could define budget limits per business unit, enable automatic multi-factor authentication on privileged accounts or limit the use of resources to certain geographies.
Furthermore, you should have a well-architected cloud environment so you can take full advantage of the elasticity and scalability that cloud technologies offer. You can tap into the opportunities of managed services that cloud providers offer, including managed databases.
Based on his experience in the field, Pascal Guérin, Cloud Expert in our firm, recommends not to move workloads from on-premise virtual machines (VM) to cloud VM when a company owns the application source code. Moreover, containerization also simplifies the implementation of a DevSecOps pipeline across the organisation by using portability across cloud providers.
Regarding financial institutions that are subject to CSSF supervision, an approval from the Regulator must be required before executing a cloud migration project. This will actually depend on the materiality of the IT outsourcing. In such cases, you must clearly document your cloud architecture in terms of resiliency, exit strategy, business continuity, confidentiality, access management, monitoring, etc.
The path to a European ecosystem for innovation
Digital sovereignty has become a hot topic across European countries and Luxembourg isn’t the exception. There has been a strong digital dependency from EU companies with US hyper-scale cloud providers in the past. Several industries, as a result, have faced challenges to create value from their sensitive data.
But there is little room for complacency on such an important matter and Europe is acting firmly.
The Pan-European Gaia-X initiative looks very promising. It isn’t about creating a continent-wide cloud provider.
Gaia-X could be very valuable to Industries such as Healthcare, Public Sector and Finance and it could accelerate their cloud transformation.
Each cloud transformation journey is unique. It is essential to understand each situation and how the cloud will help unlock business value. Your strategy will depend on different factors that are inherent to your business—organisational culture, scope, risk appetite, urgency, existing technology stack and available budget. Your strategy should consider cloud computing at the heart of your business and as an intrinsic part of your landscape.
What we think
Don’t fear the cloud. Experiment and learn from your failures. Even if you plan to start small, planning and conducting your cloud transformation is vital to stay ahead of the curve in the era of “digital everything”.