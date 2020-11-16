The ease of provisioning cloud services, while undoubtedly appealing, can also be a double-edged sword. One of the frequent mistakes we see companies make is to move to the cloud without first implementing adequate governance, says Cassie Shum, technical director, Thoughtworks North America.

“You’ll find all of their developers have spun up multiple cloud instances in non-production environments to test something and without proper checks, they leave them running and the CFO wonders why costs are spiraling,” she says.

As a result, it’s becoming common to see organizations, having rushed to migrate to the cloud, rapidly back-peddling.

One of the reasons that this happens is because the organization is locked into traditional ways of thinking about IT purchasing, says Shaw. Companies conflate the idea of moving to the cloud with having to choose a single vendor and sign a big enterprise agreement with that single provider. “In fact, cloud is different; you need to think differently about how you approach it,” he adds.

Cloud beyond cost

One tactic that can avoid cloud despondency is to plan for more than just cost benefits at the outset, says Alexandre Goedert, head of technology at Thoughtworks Chile. So while cloud can definitely deliver cost savings, there are wider benefits such as improved agility and the ability to rapidly respond to changes — in a world that’s lived through the 2020 pandemic, those are traits not to be underestimated.

One of the primary ways cloud benefits the enterprise is elasticity, that is the ability to scale up computing resources in times of peak demand or to scale them down in quiet periods. This linkage between the computing resources you need and what you pay for has a strong financial resonance but it’s easier to achieve if your estate is optimized to run in the cloud, says Goedert.

The ease with which cloud applications can scale has benefits beyond dynamic provisioning. As Shum explains, one financial services company she’s worked with has been forced to migrate away from its mainframe because with its planned growth, it simply couldn’t cope with the growth in transactions volumes they were predicting. “That’s a pretty powerful incentive to migrate to the cloud but it’s also a challenging one. If you’re expecting this to happen overnight you’re probably going to run into some bumps in the road.”

Innovation can also be a powerful driver for cloud migrations, says Shaw. Cloud is the ideal environment for testing out digital products because you can give your development teams a lot of autonomy to build small scale environments they need quickly and cheaply. “If this experiment is successful then they're able to just grow and scale out what they built,” he adds.

Shared security in the cloud

When cloud first emerged over a decade ago, many business leaders were wary over the security implications: they understood the locked-down, perimeter model of security that operated for their data centers and were skeptical that a third party could provide such robust protection.

As it turns out, migrating workloads to the cloud can increase security, argues Shaw.

The key to operating securely in the cloud is understanding the shared responsibility model, says Shaw: the delineation of where the responsibilities lie between you and your cloud providers. “This can be a painstaking process — especially in highly regulated industries. And it can slow down your cloud migration. But when you have your applications built in a cloud-native way, you’re going to see the benefits.”

These include:

Offloading some responsibility . While you still maintain significant responsibilities for securing access to services in the cloud, your provider will be responsible for securing the compute, network, database and storage services you’ll consume.

. While you still maintain significant responsibilities for securing access to services in the cloud, your provider will be responsible for securing the compute, network, database and storage services you’ll consume. High levels of automation . Cloud providers have a wealth of security scanning tools that can ensure your instances and containers follow defined patterns. These automated vulnerability checks enable you to stay up-to-date with the emerging threat landscape.

. Cloud providers have a wealth of security scanning tools that can ensure your instances and containers follow defined patterns. These automated vulnerability checks enable you to stay up-to-date with the emerging threat landscape. Rapid patching . Because of the high degree of automation, cloud gives you the ability to quickly roll out patches for newly discovered vulnerabilities. That can significantly reduce your risks of attack — traditional patch management could be a laborious and time consuming process.

. Because of the high degree of automation, cloud gives you the ability to quickly roll out patches for newly discovered vulnerabilities. That can significantly reduce your risks of attack — traditional patch management could be a laborious and time consuming process. Ease of rebuilding. Cloud gives you a managed environment, where you’ll have defined states for everything that’s running. These environments are designed to be destroyed and rebuilt regularly, without you losing anything important — so in the event of a malware breach, you can quickly return your environment to a safe state.

Patterns of cloud migration

Because cloud requires a different mindset, many companies are only able to make that shift once they’ve had some experience of transitioning to the cloud and are able to learn from their mistakes, says Goedert.

He sees four common patterns of cloud migration.