Migrating your PAM instance to the cloud can look from the outset like a pretty daunting task. How, exactly, do you go about transporting what may be years of data and highly sensitive information to a new home?
It’s often said that migrating to the cloud is like moving houses, and that’s one of the most stressful life events you can go through. You prepare for a move as best you can, pile your treasured belongings on a truck, and hope they arrive at the destination. Months or even years later, you may still be wondering if a box went missing.
Cloud migration can feel unnatural if you’ve never done it before
PAM systems are designed to keep things in—not out—so migration can feel unnatural and maybe even a little scary if you’ve never done it before.
For the past few years we’ve been helping organizations transition their on-premise PAM installations to the Thycotic cloud, a process that plays out best within a custom cloud migration strategy. We expect many more cloud migrations to come, with most on-prem customers to transition within the next 1-2 years.
We’ve developed a step-by-step methodology that takes the fear and stress out of your cloud migration.
With some advance planning and a close partnership, it’s possible to migrate smoothly and efficiently, with near-zero loss of PAM availability and functionality during the move. When the migration is done, you’re likely to end up with a more organized, streamlined instance that gives you more visibility and easier PAM management than before.
Advance planning is key to your cloud migration strategy
PAM migration can be a chance to reset and rethink.
Before you begin a migration, a comprehensive Discovery and review of privileged accounts can help you determine what needs to be moved and what doesn’t. You may find privileged accounts or credentials that aren’t being used or some that are unnecessarily duplicated. It’s usually best to disable those and remove them from your migration plan so you can start with a clean slate.
Once you’ve got your full list of items to migrate, it’s a good idea to mark high priority privileged accounts and systems that will need a close eye and specific user acceptance testing after the migration is done.
Then, you’ll decide when you want to move into the cloud.
Step-by-step cloud migration plan
During the migration, we’ll run an XML export of data from your on-premise installation and import it into your new destination in the cloud.
The larger the PAM instance, the more important it is to take extra care and consideration. If your PAM vault is managing 50,000 secrets or more, it’s a good idea to migrate in batches.
Monitoring is key during this time to make sure you have continuity of data.
There will be a clear text export file of everything that is your system. You’ll want to handle this file with extreme care and ensure it is deleted.
After the export is complete, you’ll confirm everything has been moved over and in the right place.
Will there be downtime during the migration?
This is the most common question we hear.
At a certain point, you’ll need to draw a line in the sand and institute a “freeze” on any new secret creation and password changes. Before the export begins, your PAM instance will go into maintenance mode. During this time, all existing secrets will still be protected, but no changes can be made in the source instance until after the export is completed.
What happens when auditors come calling?
You may have requirements to maintain historical data for audit purposes, or you may want to view previous reports to compare with future changes. To address this, you should always keep your database so you can spin it back up when needed. You will continue to have access to view historical information in your old PAM instance. From the point of the migration forward, all new reports will be in your cloud instance.
Life after your cloud migration
What’s different when your PAM solution is in the cloud?
In terms of functionality and user experience, nothing about the way you use your PAM solution should change after a migration. In the case of Thycotic Secret Server, for example, moving from the on-premise to cloud version gives you 100% feature parity.
On the back-end, however, a lot of things are different.
Instead of ongoing hardware and software maintenance, updates, patches, upgrades, etc. are all taken care of for you.
As your organization grows and becomes more globally distributed, you won’t need to worry about managing as many incoming connections into your network to access your PAM solution.
Thinking about cloud migration?
Let us know how we can help. Don’t let fear of the unknown stop you from making the move. When you end up on the other side with a more streamlined, more cost-efficient PAM solution, you’ll be glad you did.
*** This is a Security Bloggers Network syndicated blog from Thycotic authored by Chris Smith. Read the original post at: https://thycotic.com/company/blog/2020/03/31/pam-on-premise-to-cloud-migration-strategy/