What you should know about migrating to the cloud
Have a pleasant journey
Small businesses account for roughly half the UK economy. The technology requirements for a one-man band are wildly different from those of a 250-seat tech support service company, yet both fall under the SME banner.
So what is the general advice that will work for everyone and anyone who is considering moving some IT into the cloud?
Cloud has a lot to offer a small firm, but it is not without risk. Not all data will be at home in the cloud. Indeed, for a small business, some processes are so critical that only a local deployment will work; others might sit very happily off-site, saving a bit of cash with very little impact on the day-to-day running of the business.
Security is probably more of a perceived risk than a real one, but service level agreements (SLAs) and data recovery procedures are more important than you might think.
Apart from these basic principles, advice from those in the business tends to fall into two categories. The first concerns choosing a supplier, and the second deals with the real and perceived risks associated with the migration.
Spot the fakes
Barry Gill, enterprise architect at Mimecast, an email management firm, says step one is to find out as much as you can about who you are going to be dealing with.
There is a lot of cloud-related hype out there, and for smaller organisations without dedicated IT staff sorting the wheat from the chaff can be difficult.
“Really, really check out the vendor,” he warns. “There are companies claiming to be cloud, but really they are only selling web aps, capitalising on the cloud marketing hype.
"A real cloud vendor will have considered things such as security and uptime reliability. The infrastructure will be built to work.”
He offers as an example, Mimecast’s own data centres in South Africa, where there are planned, rolling power cuts and frequent unplanned outages as well. To meet Mimecast’s admittedly ambitious SLA terms takes serious investment and a redundancy that is built in from the ground up.
“We have two data centres for each grid, a minimum of 20 miles apart,” says Gill.
“We have Stanton and Alberton data centres, which means power doesn’t get switched off in both at the same time. Similarly, they are on separate telecommunications infrastructure. And the architecture is such that if we lose one data centre, all the data is in the other one.
“In contrast a web service is a service on a machine with standard uptime and data recovery processes. It is not the same thing at all.”
Make a checklist
Avepoint’s enterprise architect and Microsoft SharePoint MVP Jeremy Thake says that once you have established that you are talking to a legitimate cloud provider, there are three important things to look for in a cloud solution.
- Full fidelity between on-premise and cloud apps: this is especially important with software as a service (SaaS). There are certain things you can do on premise – proof of concept work, any customisation of the platform. This is all very restricted because of the nature of cloud. Do you need to be able to do them in the cloud?
- Data protection: make sure you know what the contracted recovery time objectives and recovery point objectives are. Your cloud provider ought to be able to tell you exactly where your data is and how quickly it will get back to you if it gets lost. There ought to be a clear procedure to follow, perhaps even something you can do online.
- Security is becoming less of a concern but you do need to be aware what legal acts apply to your data, and also to companies to which you are considering giving your data. Make lists of your legal obligations and don’t choose a supplier who can’t meet those requirements.
“In some cases, a cloud service can actually improve security, though,” Thake adds.
“I’m not talking about nice safe data centres, I mean the nature of the software. SharePoint’s extranet capabilities are a good example. They allow a business to open up for collaboration without opening the firewalls.
“The challenge is in the lifecycle of content deployment and approval process – making sure that only approved documents are published over the extranet.
“Whatever you do, your business processes need to be replicated in the cloud. In some ways this is more of an issue for enterprise customers, which will almost certainly have done some customisation, while SMEs may well be working with something that is pretty much as it was off the shelf.”
Play it safe
Security is still a big obstacle to cloud deployment, but according to Zane Freame, Office 365 practise lead at Content and Code, it needn’t be, particularly for smaller firms.
“There is a perception that moving to the cloud puts them at risk. But the truth is that most businesses couldn’t maintain the security and resilience the larger providers can provide,” he says.
But that doesn’t mean you don’t have to consider security issues. Freame says many consumer-grade cloud services want customers to sign in with their Facebook account.
“You might be happy with that in your personal life, but I don’t know how many people would feel comfortable doing that at work,” he says.
“For smaller SMEs – under 100 seats – you really don’t want to have multiple passwords. A single sign-on solution is where the big players can really make their mark.”
Gill also stresses the importance of understanding where your data is and how it is secured. Companies need to know what legislation will affect them, he urges, adding that some vertical sectors have very specific stipulations for how data is handled in transit – whether or not it needs to be encrypted and what counts as in transit.
“Sometimes making a backup counts,” he points out.
And of course some data must be stored in certain places. Make sure your provider won’t be storing your confidential public-sector contracts anywhere you wouldn’t choose.
“There is lots of compliance about where data is stored, so it pays to ask some questions. Can your provider guarantee it will always be stored appropriately? Who will have access to your data? What security accreditation does the provider have?” suggests Freame.
“Businesses don’t have time to audit a SaaS provider, so they need to look at auditing standards like ISO 27001. The bigger providers generally have these.”
The art of packing
Once you have made the decision to move into the cloud and have found a service that fits your needs, don’t fall into the trap of thinking of a migration as a straight A-to-B move, warns Steve Marsh from Metalogix.
“Think about what needs to be moved. Ninety-nine per cent of the time, it will not be everything and there is no point moving it just because you can,” he says.
“Then evaluate your content. Ask what is it, and how is it being used? What will be the impact of moving it elsewhere? You could have Sharepoint on premise and want to move into the online version, but will users adopt the cloud service?
“Businesses don’t move to the cloud to stay the same. They move because the business has changed, evolved or could change, so take some time to plan how your content will be arranged in the new environment.”
Planning is key for Barry Gill, too. He argues that the migration of large quantities of data is fraught with concerns.
“There are risks inherent in moving data around. Data can become corrupted, be lost in transit digitally, or if moving physically the truck it is on could be hijacked or have an accident. Your data is no longer static, secure.”
Marsh takes a more relaxed view. He thinks a good migration, like a good meal, shouldn’t be rushed.
“Migrations really need to be incremental,” he says. “Your business can’t come to a stop because today is the day you’re moving the data.”
He explains that Metalogix works with a client for whom it moves 500GB of data per day – online.
“Obviously, not everyone needs that level of flexibility, but having the ability to transition away from your on-premises offering and into the cloud over a period of time means you can keep your business processes up and running, right up until the switchover,” Marsh says.
Do the Hokey Cokey
He adds that anyone heading into the cloud also needs to keep in mind that they might need to get out again one day.
“It’s important also to be able to move data in and out,” he says. “You might have gone into the cloud and then soon after find that you have bought too much and you need to shrink it, consolidate what you have.
“You hear a lot about how cloud lets you scale up, but the data has to be able to go both ways. It must be flexible.” ®
Sponsored: Becoming a Pragmatic Security Leader