Let’s look at the challenges of migrating enterprise workloads to cloud. So as we know, there are hundreds, maybe thousands, of enterprises which are in the process of migrating to the cloud. They could take place on an on-premises private cloud or a co-located private cloud, or it could be through AWS, Azure, or Google where they are trying to get the benefit of the cloud and be more innovative.
But why do they fail?
So a lot of these enterprises that are trying to migrate, have tons of applications they already built, but these are applications not built with the cloud in mind. So it could be Java applications, or C++, COBOL, BL1 — you name it and there are tons of tools and languages they use to develop that depending on how old they are. These various languages run for 10-15 years or maybe forever, some of them could be 5 years old and some of them could be 10 years old. And these older applications are probably not compatible with cloud. But the question is: are they going to be compatible if we make some changes? The answer is yes for most cases, but you need to consider that as you are planning to migrate. The problem most of them face is that they think they can simply lift and shift but that isn’t always true. They need to use some tools to identify whether it is compatible and they also might need some tools to migrate. We also need to check the applications: do they have any vendor license issues in terms of migrating to the cloud now, and what is the cost of the license. If they support the cloud they need to see whether the license they are using now can be moved to the cloud environment. One of the major issues with that and the primary reason that we observe in the market is that the cloud vendors like Google or Microsoft or Azure end up overselling. When their consultants come talk to you, they could oversell because they don’t know your systems but they will highlight what they understand to be the benefits, given that there are tons of companies benefitting from this now, they might suggest that you also try it. However, they are not really worried about how the migrating process is going to work and that is something that the enterprises will end up figuring out, which is a big challenge.
Enterprises have all this legacy and legacy workloads and legacy processes and the like that the new talent doesn’t know about. They might not be aware of enterprise processes or the things that they follow and that could be a big issue. There’s a big demand in the market for people with cloud skills but these folks who have the cloud skills might not have the enterprise knowledge and that is a big issue.
The issue here is when enterprises hire talent from the market and train the existing employees or consultants to do the actual migration to the cloud, they only know enough to kind of migrate it to just barely get the things done but they might not have the expertise to figure out what the best practice around migration is and how to secure it, how to make sure that it runs in a stable way, how to make it hack proof and things like that. So security is a big challenge, because you know people don’t follow the best practices all the time.
Identifying The Right Tools:
If you go to any cloud vendor, they have tons of tools and tons of training material but we don’t know which one to use. Every vendor has their own kind of pipeline tools, migrations tools, even their own devops tools and security tools – so the question is which to use. Most of the time, when you train or hire new talent or an engineer to do this, they might think this is an opportunity for them to learn new things so they might try to do new things, maybe with a new feature that was released by the cloud vendor and that might not be compatible with what you’re trying to do – but they’re not going to tell you that and you don’t know what they’re bringing in – so there are issues in terms of finding the right tool.
Control and governance:
I have come across several enterprise clients of mine who got large bills from these cloud vendors. Sometimes hundreds of thousands sometimes close to a million dollars a month and they don’t have anything running in production. The reason being, they open up the account for the cloud platform and start giving it to the developers and the devops teams, who then start playing around with it and simply go to the console, click buttons and create resources which can consume the underlying resources, which are then getting measured by the cloud vendor, and they are getting charged. This system can easily get out of control, and in many cases it does. So it is very important to make sure there is a cost control implemented. Now let’s say you have some sort of control around the cost but need to figure out the rest. Since everything is software defined – even if that might not be the case in your current environment, in this new cloud world everything is software defined – you need to make sure that everything is considered as code so you need to have a change control process, you need to know on a day to day basis how are you going to operate this, and everything else can be done on the console by clicking buttons and running scripts. But how do you manage these daily operations? You need to have an operations model to achieve what you want in terms of controls and then you need to make sure there is auditability. For example, if someone actually makes a change you need to make sure it’s completely auditable and you can do forensics analysis if you find a problem, or if somebody hacks into the system, there should be a system to monitor it and make sure that it alerts you and once the alert comes in you need to have a process to watch what’s going on, and what happened, and fix it. You also need to have a mechanism to address compliance issues that you would face that would lead into penalties since that could result in losing your credibility in the market because you didn’t comply with something. For example, let’s say you have private data or personal data and it gets exposed and it happens again and again. It’s primarily because, with the speed at which sometimes these enterprises move to the cloud, they don’t think about all the controls that they need to put together because remember, every cloud member has fine print to make sure that they are not blamed when something goes wrong. They do the best they can to control and give the security that it needs in terms of their infrastructure, but once the account is given to you it’s a shared responsibility and you need to make sure that you have processes in place that will help you secure and use the account in a much more controlled, fool-proof way.
About The Author
Rejith Krishnan is the co-founder and CEO of CloudControl, a startup that provides SRE-as-a-Service. He’s also a thought leader and Kubernetes evangelist who loves to code in Python. When he’s not working or spending time with his two boys, Rejith enjoys hiking in the New England outdoors, biking, kayaking, and playing tennis.