A Cloud First Strategy means that as an organization brings new applications or services online, it tries to explore the viability of a cloud deployment prior to deploying within a more traditional architecture. Many organizations today are considering a Cloud First Strategy as the means to get out of the infrastructure business and move their full complement of business services and data into the cloud. By leveraging the economies of scale for both compute and storage now available in the cloud, organizations can significantly reduce the expense and complexity of storing and managing ever-increasing amounts of unstructured data.
But before an organization can shift its virtual workloads and data to the cloud, it needs to consider the requirements of such a move. It will also need a solution that can facilitate migrating data and workloads to the cloud while maintaining control and governance over data migration, as well as meeting data security, data protection and disaster recovery (DR) requirements.
Basic Requirements for Cloud First Strategy
An organization considering a Cloud First Strategy needs to consider a number of factors in order to come up with a comprehensive plan to migrate applications, services and data to the cloud securely as well as insuring proper data protection strategies are also in place.
Some of the more important requirements to consider are:
- Data Security – Determine data security, governance and compliance requirements. Organizations need to carefully examine the security protocols and services available from a potential cloud provider to insure they meet the organization’s security requirements. Things such as chain-of-custody, where and when to encrypt data sent to the cloud and who controls the encryption keys are very important. Encryption keys should be controlled exclusively by the organization. The cloud provider should not have access to them.
- Identify and evaluate current workloads and data sets for potential migration – Organizations need to carefully examine all of their existing workloads and datasets to determine which would be good candidates for migration to the cloud. Very large organizations may find that a wholesale migration may not be viable. In such cases, they would need options that allow them to easily bridge and automate their migration based on existing workloads as they extend the scope of their operations across multiple clouds (both private and public), storage fabrics, data locations, use cases, user roles and applications.
- Examine cloud cost factors for compute, data storage and data movement – Moving operations and data to the cloud without proper expense controls can result in excessive waste of expensive resources. Organizations should keep future costs in mind when planning the move to the cloud. Things like ordering more compute power than they need or failing to program software shutdowns during off hours, failing to use monitoring tools to detect wasted computing cycles or failing to consider costs associated with moving data to different regions or back from the cloud for e-discovery or data mining purposes can result in unexpectedly high costs.
- Insure appropriate data protection and DR services are in place – While data stored in the cloud is protected to a degree with object storage erasure coding and cloud provider backups of their environment, it does not insure that you can meet specific Recovery Point Objective / Recovery Time Objective (RPO / RTO) requirements in the event of some type of hardware failure in the cloud provider’s environment or in the case of someone deliberately destroying data.
- Organizations should also make sure that data protection and DR strategy provides for copies of their data to be stored off-site and preferably offline. Simply replicating copies of the data and backups to other cloud provider locations may technically be considered off-site but that is not the same as offline. Data that is on-line, regardless of location, is still susceptible to hacking attacks.
Managing the Migration Process and Data
A cloud migration project is a complex process that requires a comprehensive solution or set of tools that enables an organization to control all aspects of a data migration project, as well as the cost effective management and protection of all data regardless of its location. An ideal solution would also provide for auditable compliance, legal and business analytics, control and governance of the data migration process as well as data protection and DR requirements. Additionally, it should also provide robust search capabilities along with the means for other applications to seamlessly access the data it protects and manages without compromising security in any way.
Such a solution would significantly enhance ROI and an organization’s ability to securely and cost effectively manage its data.