It is crucial to understand that the migration process itself could expose company data to cyber threats and cause incidents. That is why the IT staff has to consider how to secure data and applications during the transition.
Manage the migration as a project
The migration to cloud architecture must be formalized by IT staff and shared with managers of different departments inside the company. Every activity must be defined, planned and executed, and the transition itself must be managed as an articulated project. As described in a previous point, it is necessary to define a formal project plan accepted by upper management. Every activity must be tracked and related costs and risks must be monitored during the migration.
It could be useful to prepare a sort of Statement of Objectives (SOO), which describes the goals that every department expects to achieve with regard to the migration of its services and application to the cloud.
A similar document, ordinarily used in government environments, has the primary goal to prepare personnel for moving its activities to the cloud infrastructure.
The SOO could include information regarding the following activities:
- Conducting an inventory of every asset and service of the company.
- Defining metrics to evaluate the evolution of activities during the migration to the cloud.
- Application Mapping
- Identifying appropriate service models (e.g. SaaS, IaaS) and deployment models (e.g. private, public)
- Developing the business case to quantify cost and benefits
- Migration planning
Once the migration is complete, it is necessary to verify the efficiency of procedures/services in the new environment according to the metric defined in the SOO document. The test phase has to be conducted, limiting the impact of the strategic functions of the company and if possible, using non-critical data.
I always suggest pay particular attention to privacy and security issues due to the rapid evolution of the security industry, which requires a dynamic approach.
Security and risk assessments must be continuously conducted in compliance with international standards.
Sign up for CIO Asia eNewsletters.