Cloud Security, Asset Management, Data Security

Checklist: A cloud migration to-do list

Infographic of cloudscape reflect to modern multi-cloud technology.

Cloud migration hesitation is a common source of stress for an organization's leaders and administrators. Cloud services provide extensibility, scalability and security benefits that can be difficult to replicate on-premise. Regardless, moving to the cloud is a significant process. 

However, correctly configured and well-implemented migrations to the cloud are relatively seamless. In this checklist, we'll be going over three key areas for success — and how to strategize for best results.

1. Planning ahead: Cloud migration

Planning out the why's and how's of your cloud migration is the most important part. You'll need to nail down exactly what your goals are, both to make the process clearer and to provide a benchmark for post-migration assessment. You'll also need to gather the team that will execute the migration and have its members contribute to the planning process.

  • Determine your needs and goals in moving to the cloud. How will your organization benefit from the migration? Will there be any potential downsides? Make these goals clear.
  • Get buy-in from executives and other stakeholders. You need to have the full support of your C-suite, of course, but consider who else may be impacted by the move, such as top clients and vendors. Don't leave them out of the loop — seek their input instead.
  • Designate who will supervise the migration. You'll need to choose a senior manager as the "migration architect" who will have executive power over day-to-day decisions during the process. He or she will need a team of IT, networking and security personnel. You'll also need to accept that these people will have less time for their regular duties during the migration process.
  • Inventory your assets, data and software dependencies and determine how each will function in a cloud environment. Will your software work properly? What needs to be upgraded — or replaced? Does your network need to be remapped, or can you just "lift and shift" everything to the cloud?

"This is a big project," Yev Koup, senior product marketing manager at Ping Identity, told us. "It's a different infrastructure. Applications need to be reconfigured to be connected to the cloud rather than to the on-prem infrastructure."

  • Decide what goes to the cloud and what stays on-premises. Some data may be better off staying in-house, especially if there are compliance or intellectual-property issues. Some applications may demand high bandwidth and low lag that the cloud cannot guarantee. Licenses and contracts may require keeping some applications and data on-prem for the near future. 

"Financial institutions often don't want their data happening in the cloud," said Koup. "Governments also often want to keep things on-premises."

  • Decide how quickly the cloud migration needs to be done. If it is urgent, you'd better devote a team 100% to planning and preparation. But if you can take your time, then you'll be more likely to detect potential sources of trouble and to make fewer mistakes.
  • Decide what kind of cloud service model you need. Public providers like Amazon Web Services (AWS), Microsoft Azure or Google Cloud Platform are inexpensive but make you give up a lot of control. A private cloud costs more, but your organization is the only client on the server.

Hybrid clouds keep some assets on-premises and other assets in the cloud, while multi-cloud models use two or more public cloud service providers and may include hybrid and private elements as well. Many respondents in a recent survey of organizations conducted by CyberRisk Alliance said they used both AWS and Azure.

"A business might host its most critical applications in an on-prem private cloud, host other applications that it doesn't want to maintain or that have compliance requirements in a partner cloud, then host the remainder in a public cloud," wrote Koup in a 2021 blog post.

  • Decide what kind of cloud deployment you need. Most large organizations will choose infrastructure-as-a-service (IaaS), in which the cloud service provider supplies and maintains the server but the client supplies and runs the operating system and applications. With platform-as-a-service (PaaS), the cloud provider supplies the operating system as well as the infrastructure. Finally, software-as-a-service (SaaS) sees everything run by the service provider. You may want to mix and match these deployment models among your various applications according to which serves you best.
  • Decide on which cloud provider to go with. Should it be AWS, Azure, Google or another? You'll need to figure out which can best meet your needs and how — and how much bandwidth and storage you'll initially need.
  • Calculate how much you'll save from the cloud migration. These should include the total cost of ownership, the reclassification of data-center costs from capital expenses to operating expenses, the reassignment of IT personnel, the cost of staff retraining, and the cost of any new software licenses.
  • Understand the shared-responsibility model. Depending on whether you go with IaaS, PaaS or SaaS, you and your cloud service provider are responsible for maintaining different elements of your cloud instance. For example, with IaaS, you're responsible for the operating system; with PaaS, the cloud service provider is responsible.

"Everything in the cloud is shared responsibility," said one respondent in the CyberRisk Alliance survey. "We have to understand how the security works and what is our responsibility."

  • Draw up cloud-exit and disaster-recovery strategies. In the event your cloud migration goes drastically wrong, you want to have a Plan B, and maybe a Plan C. Have a plan for exiting the cloud if it doesn't meet your needs, and another plan for recovering your assets and data if the cloud service somehow fails.

2. Preparing your organization for migration

Once you've decided on the details of your cloud migration, it's time to prepare for the move. Much of this will be filling in more details, but you'll likely have to test things and possibly purchase or upgrade software.

  • Get a migration partner. Consider asking your cloud service provider for assistance and expertise or hire a migration consultant. You may never have performed a cloud migration before, but they certainly have.
  • Get ready to reconfigure your applications, assets and data flows to the cloud environment. Unless you're doing a pure "lift and shift" that simply rehosts your data center, you will need to remap your network topology and make sure that applications will work. Test everything before you begin the move.
  • Decide on a cloud security strategy. The cloud is fundamentally different from an on-prem data center. You may need to add a next-generation firewall or an intrusion-protection system tailored to the cloud. You should definitely consider a cloud-access security broker, a security program that monitors activity between your users and your cloud instances.
  • Upgrade or replace software as necessary. Some of your applications may not work in a cloud environment. For others, this is a perfect opportunity to update or upgrade them.
  • Determine the migration priority order. Decide which applications and assets will migrate to the cloud first. You could start with the least sensitive, least important assets.
  • Determine KPIs for cloud assets. When it's all over, you'll want to be able to present numbers on how well the cloud migration went, and how much faster and cheaper it's made your day-to-day operations.
  • Document everything before and during the migration process. It may add a bit of time, but paying attention to and logging every minor details will be worth it in the long run.
  • Decide how to migrate your data. The most obvious way to upload your data to the cloud is over the internet. Your cloud service host may provide a private, dedicated network. Organizations with a tremendous amount of data may find it efficient to ship storage drives or tapes.
  • Make sure data is encrypted. However you move your data to the cloud, you will first need to make sure it is encrypted both "at rest" on storage drives and "in transit" over the internet or a private network.
  • Back up everything before beginning the migration.

[Read more: How to protect resources during your cloud migration]

3. Monitor and evaluate environments post-migration

If you've planned and prepared sufficiently, the actual migration should not be too difficult, as long as you go slowly, monitor everything throughout and test every migrated asset before switching to it from the on-prem version.

  • Get the configuration right. Many data leaks are caused by misconfigured cloud instances that failed to properly lock down authorization and access.
  • Go slowly. It's best to move only one segment at a time. Test each piece to make sure it works properly before switching over your users. Once you are confident the migration is going well, you can move things a bit more quickly.
  • Integrate your on-premises assets with your cloud-based assets. You'll probably have to use a hybrid-cloud model, at least during the migration process.

"Your cloud migration can't happen overnight, nor should it," said Jordan Griffith, product marketing manager at Ping Identity, in a 2020 blog post. "More likely, you'll need to support a hybrid IT environment as new resources are onboarded and older resources are moved on a schedule that is approved by the business."

Once the migration is done, you still won't be. There will probably be a few kinks to be worked out.

  • Keep monitoring everything. Are your apps working properly? Is the right data going to the right users? You may have to do some fine-tuning.
  • Monitor the parameters of your cloud instance. You may need to add more memory, storage, processing power or bandwidth. But now that you're in the cloud, that should be easier and cheaper than with an on-prem data center.
  • Consider more staff training. You may need to get more employees up to speed with the cloud environment than you initially anticipated.
  • Get the operating costs right. Your cloud migration may have ended up costing more than you expected, and your supervisors will want to know why.
  • Decommission and dispose of your old data center. Once you're satisfied with the cloud migration, it'll be time to sell off or scrap your old hardware. Make sure that hard drives containing sensitive data are thoroughly wiped or physically destroyed.
Paul Wagenseil

Paul Wagenseil is custom content strategist for CyberRisk Alliance, leading creation of content developed from CRA research and aligned to the most critical topics of interest for the cybersecurity community. He previously held editor roles focused on the security market at Tom’s Guide, Laptop Magazine, TechNewsDaily.com and SecurityNewsDaily.com.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.