The advantages offered by a cloud-based environment make it an easy decision for most companies to make. Still, there are numerous critical choices to be made that can transform the complexities of the migration process into a relatively smooth transition—especially regarding application and data security.
This article describes the options available to you when you are planning a migration of application and data resources to the cloud.
Migration Strategy Fundamentals
As with any nascent methodology, business objectives will most likely drive your migration strategy. In addition, there are fundamental components to a migration strategy that are essential to all cloud migration initiatives:
- Define an end-to-end strategy that takes into consideration your business objectives as well as the impact of cloud migration on IT operations.
- Take the opportunity to discover and evaluate your enterprise application portfolio to see where inefficiencies exist, and where they can be remediated and optimized with available cloud services.
- Redesign your business applications to integrate effectively with the specific service models offered in the cloud.
- Understand the model of shared responsibility as it relates to security policy and risk mitigation, and develop policies and controls accordingly.
After you have a thorough and accurate picture of your application portfolio, you can start looking at where to start your application migration. There will be “low-hanging fruit” that will be the easiest to migrate, along with other applications that present complexities requiring additional time and attention.
Develop a plan that can be used as a framework for each application that you migrate to the cloud and the order in which they are to be migrated. Since the plan requires input from other departments, keep in mind that it will likely need to be amended and modified as you proceed through your application portfolio review.
Three Leading Service Models
There are three commonly recognized service models, sometimes referred to as the SPI (Software, Platform and Infrastructure) tiers (SaaS, PaaS, and IaaS), that describe the foundational categories of cloud services:
- Software as a Service (SaaS) can be compared to a one-stop shop that provides everything you need to run an application. Typically, SaaS providers build applications on top of platform as a service (PaaS) and (IaaS) infrastructure as a service to take advantage of all the inherent economic benefits of the IaaS and PaaS service models.
SaaS examples: Google Apps, Salesforce, Workday, Concur, Citrix GoToMeeting, Cisco WebEx.
- Platform as a Service (PaaS) provides a platform that offers management of servers, networks, and other system components. Cloud users only see the platform, not the underlying infrastructure.
PaaS examples: Salesforce Heroku, AWS Elastic Beanstalk, Microsoft Azure, Engine Yard, and Apprenda.
- Infrastructure as a Service (IaaS) provides a shared pool of computer, network, and storage resources. Cloud providers use the technique of “abstraction,” typically through virtualization, to create a pool of resources. The abstracted resources are then “orchestrated” by a set of connectivity and delivery tools.
IaaS examples: DigitalOcean, Linode, Rackspace, Amazon Web Services (AWS), Cisco Metapod, Microsoft Azure, Google Compute Engine (CGE), Joyent.
Most, if not all communications between cloud components are typically handled by application programming interfaces (APIs). A set of APIs is often made available to the cloud user so they can manage resources and configuration.
Cloud deployment models apply across the entire range of service models. They describe how cloud technologies are implemented and consumed:
- Public Cloud – Owned and operated by a cloud service provider and made available to the public or a major industrial sector on a pay-as-you-go basis.
- Private Cloud – Operated solely for a single organization and managed by the organization or by a third party. A private cloud may be located on- or off-premises.
- Community Cloud – Shared by several organizations with common concerns. These concerns can include security requirements or governance considerations. The deployment can be managed by the community or by a third party. A community cloud can be located on- or off-premises.
- Hybrid Cloud – Typically comprises two or more clouds (private, community, or public) and possibly an on-premises infrastructure as well. The different cloud deployments maintain their discrete identities but can interoperate via standard or proprietary technologies. An example of interoperability is “cloud bursting,” which enables an application to run in a private cloud and burst into a public cloud during increased demands for computing capacity.
There are several options available to you when you consider migrating to the cloud. Your strategy can cover the big picture considerations and also provision for attention to security issues. We’ll take a look in our next blog post on how to migrate your security policies from on-premises to the cloud, depending on the deployment you select.
Learn more about approaches and security considerations for migrating your applications and data to cloud, download our Cloud Migration Guide.
This is a Security Bloggers Network syndicated blog post authored by Ajay Uggirala. Read the original post at: Blog | Imperva