Blog - Make your cloud migration a success

Make Your Cloud Migration a Success

Damian Andrews, ICT & Security Consultant at CyberLab, summarises the three most common mistakes companies make when migrating to the cloud and how to avoid them. He covers:

    • Lack of Planning 

    • Security 

    • Lack of Controls 

    • Book Your Free Consultation 

A well-organised cloud adoption can be the best IT decision you ever made. On the other hand, a poorly organised migration could be the last thing you do.

With many service options and cloud platforms to choose from, selecting the best fit can be a task in itself.

How do you decide:

    • IaaS versus PaaS versus SaaS?

    • Which platform is better for your services and data?

So how best do we plan and make this the success we want it to be? What are the common pitfalls, and what can you do to ensure your project is a success?

Outlined below are three of the most common mistakes in planning and implementation we come across with cloud adoption. I also cover what you can do to succeed and avoid these pitfalls.

All examples are based on real-world situations.

Lack of planning

Understand what the migration will look like – key drivers and desired end state are critical to success.

You can choose from an array of intelligent tools to help you plan and schedule your migration. You need to identify service dependencies to ensure these are operational throughout the migration and ‘true size’ allocate resources in the cloud.

Word of warning: No cloud migration will go well if considered a race to the top. The reality is that cloud adoption conducted at pace or big bang is often just a race to the bottom.

The days of ‘lift and shift’ are long gone. Instead, using a planning tool for refactoring should be our buzzword. Modern platforms allow you to offload responsibility to the vendor and helps you reduce your exposure and risk. Plus, it’s often at little additional cost.

After all, if you are migrating to the cloud because your service is no longer fit for purpose, why would you want to recreate it in another environment?

How can all this be put into practice and really benefit you as an organisation? For example, through targeted configuration, we were able to help one customer reduce their operating costs, for a large portion of their service, over 80% month on month. Had this customer reached out in advance, we could have helped them realise this saving from day one.


Security across your cloud is critical. Especially if you consider that cloud platforms are designed to be consumed on any device anywhere. These toolsets range from traditional controls to monitoring and reporting technologies, all designed to keep you and your data safe.

Role-based access (RBAC) represents one area of misconfiguration. Ensuring only those who need access have only the access they need and only when they need it is critical. Properly planned RBAC allows you as an organisation to control access across your administrators, users, and partners to help protect your data and services. While this may seem obvious, misconfiguration of access is a frequent discovery. This is mostly due to a lack of understanding of the cloud platform’s new roles and capabilities.

Exposure of data or services is still all too common. This is often simply a result of not fully appreciating where the line is for responsibility and how best to implement this. Waiting until audit, as one customer decided to do, to realise that their S3 storage bucket had anonymous, public access to PII could have been catastrophic. You can avoid such disasters through proper planning and understanding the services you are migrating to.

Good fortune saved this customer from a potentially embarrassing and costly error.

Lack of controls

Governance is rarely why any organisation adopts the cloud, though the migration can present the perfect opportunity to improve. Azure has long been able to build a scaffold, also known as Azure CAF (Cloud Adoption Framework). The scaffold enables organisations to clearly identify all resources as well as control how, when and who can deploy them.

What does it look like when your controls fail or are simply not deployed?

The most extreme example of poor governance we have witnessed to date was when a customer reached out for help. They were already some way along their cloud journey. During our initial discussions, they disclosed they had a ‘small foothold’ in Azure, but their monthly bills were larger than expected.

On day 1 of the engagement, when reviewing their cloud assets, we discovered:

    • They had consumed all their commit (where commit is your anticipated spend)

    • They were recording a £750K overage (where overage is the spend over and above your commit)

Projects were delivered well under budget without any controls or policies enforcing a chargeback to the service owners. Meanwhile, the poor IT manager had to try to justify to their SLT why the monthly fee was so high. The introduction of a scaffold ensured that all new deployments into Azure were tagged correctly, controlled and identifiable. The appropriate teams could then get monthly reports. With costs now being attributed to the correct service owner, this reduced the pressure on the IT manager and allowed the organisation to have a better sight of true service cost for new services being tested and deployed.

As with any IT project, complexity exists. However, You can mitigate many of the pitfalls with a clear strategy from the start. The tools exist to make your experience and journey a good one. Often the lack of adoption of these tools stems from a lack of awareness. Partnering with a trusted and experienced partner helps greatly in ensuring your project is a success. Feel free to reach out for a free consultation.

Book Your Free 30-Minute Consultation

Our expert consultants are here to take the stress away from cyber security.

Whether you have a pressing question or big plans that need another pair of eyes, discuss it in a free 30-minute session an expert consultant.

Leave a Reply

You must be logged in to post a comment.