Guidelines: Migrating Enterprise Applications to the Cloud

PDF version of this report
You must have Adobe Acrobat reader to view, save, or print PDF files. The reader
is available for free

Migrating Enterprise Applications to the Cloud

by Faulkner Staff

Docid: 00021302

Publication Date: 2008

Report Type: TUTORIAL


The benefits of the cloud cannot be ignored. More and more companies are
recognizing cloud computing as a priority, cloud traffic is increasing globally,
and the market looks promising. Overall, the outlook is sunny for migrating
enterprise applications to the cloud. However, the major obstacle of completing
the task securely remains.

Report Contents:

Executive Summary

[return to top of this report]

Migrating legacy applications to, or re-engineering them for, the cloud had not
necessarily been part of enterprise strategy until recently. Enterprises
had primarily used the cloud for testing and development or for new
applications purpose built for it. However, the benefits of the
cloud are increasingly tempting enterprises to migrate more and more
applications, especially with the option to pick and choose which tasks or
processes to outsource. Enterprises are looking to the cloud to save on
capital expenditures and enable them to focus on core business. Thus, the
cloud offers hard and soft benefits as well as short-term and long-term boons:
Enterprises can save on hardware, hassles, personnel, and training to focus on
what they do best; in addition they can deploy applications more quickly and
save on maintenance and other IT costs by availing themselves of the
possibilities of cloud technology.

While high-profile data breaches have hurt US tech companies in terms of cloud
security perceptions on the global stage, those same enterprises have almost
universally rebounded, developing more secure, safer cloud-based installations
of their product. Despite this ever-improving level of security, there are still trade-offs that
must be weighed and considerations that must be factored in when considering the
option to transition an application to the cloud. After these points are taken
into consideration and the decision is made to migrate, the bottom line is that
enterprise data needs to be secure and controlled wherever it is located – in a
public, private, hybrid, or community cloud. That said, despite all of the
precautions and warnings listed here, a transition to cloud-based tech can still
provide a very positive outcome for a variety of enterprise customers.


[return to top of this report]

typically refers to on-demand delivery and consumption of software,
infrastructure, platforms, and resources, as services, over the Internet or
a local network. Cloud services include Software or Storage as a Service (SaaS),
Platform as a Service (PaaS), and Infrastructure as a
Service (IaaS), as well as Low-Cost infrastructure as a Service (LaaS). These resources are shared among cloud
consumers, partners, and vendors in the ecosystem. However, with this
convenience comes a slate of new security concerns. Because multiple users are able to access nearly all types of cloud installations, there is
an increased number of potential
security risks simply due to the introduction of additional
variables in the form of other users. Because of this, security remains the top concern for
companies migrating to the cloud, despite the introduction of improved
encryption and self-defending mechanisms. In fact, as late as mid 2020, 75
percent of surveyed cybersecurity professionals reported feeling "extremely
concerned" or "very concerned" about public cloud security, particularly due to
possible misconfigurations leading to unintended data breaches.1
While this does not apply nearly as heavily to private clouds, and is moderated
somewhat by hybrid clouds, this statistic does illustrate that, even this many
years after cloud-based technologies became commonplace, cybersecurity personnel
remain wary of it.

To address these concerns, cloud product vendors have begun diversifying
their portfolios. In addition to public, private,
and hybrid clouds, there are now community clouds. Public clouds are shared,
community spaces operated offsite, while private clouds include exclusive
spaces, usually dedicated to a single client with built-in hardware and firewall. Hybrid solutions are typically both on-
and off-premise – the external public cloud combined with the internal private
cloud – with more sensitive data residing behind the firewall in the private
cloud. Lastly, community clouds are shared cloud computing service environments open to
certain communities of interest such as banks, schools, etc., that have shared

Because of the abundance of choices, enterprises have many opportunities and
obstacles with the cloud. Which applications can or should be migrated? To which
type of cloud? Is a community cloud a viable and secure option? This collection
of variables has led many enterprises to delay or forego any type of
cloud transition entirely. But, that is beginning to change.

Until fairly recently,
enterprises more frequently used the cloud for testing and development or for
new applications designed specifically for the cloud. However, the benefits of
the cloud are increasingly tempting enterprises to migrate more and more
applications, especially since they can pick and choose which tasks or
applications to outsource. For example, the cloud offers high availability for
high traffic times at pay-per-use/service rates, as well as the scalability to
reduce usage when traffic drops. The
cloud can also offer lower-cost alternatives to on-premise
data centers and storage – once the security hurdle (whether real or
perceived) is overcome. In other words, the cloud can save on capital
expenditures. This technological automation can enable enterprises to focus on
core business by offering the aforementioned savings on hardware, hassles,
personnel, and training to focus on what they do best, as well as deploy
applications more quickly and save on maintenance among other IT costs.

Of course, the simplest path to the cloud remains an application or platform
that has been designed from its inception to be cloud-enabled. However, several
tools can make migrating existing assets easier.

  •  Amazon Web Services (AWS) has been the
    market leader for years, thanks to its ability to offer security at a level that organizations such
    as Pfizer, Intuit, and the US Navy require.2
  • A close challenger is Microsoft’s Azure, “a growing collection of integrated services – analytics, computing,
    database, mobile, networking, storage, and web – for moving faster, achieving
    more, and saving money.”3
    Azure can enable enterprises to weigh short-term options (migration) vs. long-term (new
    application development) benefits as it best optimizes their own core business
    by easily integrating with existing IT environments.
  • Google Cloud enables developers to build, test, and deploy applications on
    Google’s highly-scalable and reliable infrastructure and offers computing,
    storage, and application services for web, mobile, and backend solutions.4
  • Finally, IBM has taken in north of $5.5 billion per
    year, for multiple years, solely from its cloud and cognitive services

A key enabling
technology used to achieve the goals and benefits of the cloud is
virtualization. Simply stated, virtualization helps the cloud to work. Virtualization may be
employed across machines, software, networks, servers, desktops, and storage
systems, helping to achieve the following:

  • Decreased hardware and overall costs for the user
  • Reduced power consumption and smaller footprint
  • Faster application deployment and upgrades
  • User provisioning
  • High availability and scalability
  • Compliance management
  • Simplified IT management

There are
various forms of virtualization:

  • Server Virtualization
    enables a physical, or real, server to be divided into multiple virtual
  • Desktop Virtualization enables enterprise users to access their office PCs
    anywhere, anytime.
  • Storage Virtualization enables enterprise planners to improve storage
    utilization and flexibility.
  • Network
    enables network resources to
    be allocated dynamically.
  • Software
    enables applications to be run
    in multiple environments and/or on the same machine.
  • Machine
    Virtualization or VM (Virtual Machine)

    is a software-based emulation that works like a real machine.

Cloud benefits enabled when using these types of virtualization are detailed in Table 1.

Table 1. Cloud Benefits Enabled When Using Different Types of Virtualization

Server Virtualization






Reduce the number of physical, or real, servers, often by a factor of five or more.

office PCs anywhere, anytime, as long as there is access to a PC and a high-speed
Internet connection.

storage resources into a single, virtualized storage pool, reducing the total
cost of storage ownership and administrative overhead.

cost savings due to more efficient bandwidth allocation and usage.

different versions of software or operating systems to run on same machine.

a software-based emulation to work like a real machine.

server-related power and air conditioning costs.

critical data – which remains housed at the office – from loss or

a consistent presentation of storage to VMs, eliminating VM storage I/O
bottlenecks and freeing up valuable storage capacity.

more effective network disaster recovery.

applications in multiple environments.

per-hour or less metering to lower costs.

data center floor space normally allocated to server hardware.

longer-life, lower-maintenance, thin-client PCs.

high performance access to VM disks.

and deploy network resources dynamically.

on hardware costs and licensing.

different sizes of VMs as needed.

the server data backup process.

– and enforce – a standard PC configuration, thereby simplifying
desktop maintenance.

live migrations of VM disk files across storage arrays.

advantage of scaleable network resources.

the number of applications running on the server effectively.

VMs to minimize costs.

server reliability, availability, and serviceability, lessening the demand
for IT support services.

Expedite the provisioning of remote workers, thereby easing administration.

Support multiple connectivity options.

Provision network resources more efficiently.

Load balance the servers more efficiently (automatic load balancing).

Provision VMs on demand.

Current View

[return to top of this report]

Currently, because of many potential benefits and solid market leaders such as Amazon, Microsoft,
and Google that are continuing to flourish, the migration of enterprise applications to
the cloud is increasing, despite lingering concerns about security.
Enterprises are migrating applications to public and private clouds as
well as using hybrid and community models. Specifically, Forbes predicted that
more than 83 percent of enterprise workloads will be migrated to the cloud by
the end of this year, with 41 percent in public clouds, 20 percent in private
installations, and 22 percent in hybrid variants.5

The ODCA (Open Data Center Alliance) wants to speed this
migration to cloud computing by fostering an ecosystem built on openness and
interoperability. Its mission includes:

  • Helping to align
    cloud service providers with customers by identifying customer requirements for
    cloud adoption.
  • Developing usage
    models based on best practices that help customers quickly integrate cloud
  • Influencing
    industry innovation:

  • Facilitating service
    and solution selection through ODCA tools and resources.
  • Promoting available
    services and solutions through ODCA programs.
  • Sharing deployment
    best practice stories to help leverage insight to a wide variety of
  • Collaborating with
    industry standards bodies to drive standards development toward more openness
    and interoperability.6

While a cloud-centric organization will
obviously wish to promote the increasing usage of the cloud, it’s hardly the
only reputable entity with a vested interest in the success of cloud-based
technology. Even the US government has its own cloud strategy, and has developed the Federal Risk and Authorization Management
Program (FedRAMP), a government-wide program that
provides a standardized approach to security assessment, authorization, and
continuous monitoring for cloud products and services. FedRAMP
has among its goals accelerated adoption of secure cloud solutions, increased
confidence in the security of cloud solutions, and agreed upon standards that
can be used outside of FedRAMP. The program also
hopes to achieve many benefits, including improving real-time security
visibility, enhancing transparency between government and cloud service
providers, and saving cost, time, and resources. Lastly, the Cloud Security
Alliance (CSA) is a not-for-profit organization with a mission to promote the
use of best practices for providing security assurance within cloud computing,
as well as to provide education on the uses of cloud computing to help secure
other forms of computing.

With a strong ecosystem already
currently in place and growing, as well as the assurance that security practices being developed, migrating enterprise applications to the cloud will continue
to quicken as security concerns are eroded.


[return to top of this report]

Global cloud application services spending is expected to rise to $151.1 billion by the end of 2022,
accounting for the largest single segment of the $354.6 billion in cloud
spending expected for that year, followed by $74.1 billion expected to be spent
on cloud-based infrastructure services.7

IDC’s “Cisco
Global Cloud Index: Forecast and Methodology 2016–2021 White Paper” has the following
long-term data projections, all of which appear to be on track to be fulfilled:

  • Annual global data center IP traffic will reach 20.6 zettabytes (1.7
    zettabytes [ZB] per month) by the
    end of 2021, up from 6.8 zettabytes (ZB) per year (568 exabytes (EB) per month) in
  • By the end of 2021, more than 94 percent of
    workloads will be processed by cloud data centers; only 6 percent will
    remain in traditional data centers.
  • By the end of 2021, 73 percent of the cloud workloads will be in
    public cloud data centers, up from 58 percent in 2016.
  • By the end of 2021, 24 percent of the cloud workloads will be in
    private cloud data centers, down from 42 percent in 2016.
  • Global cloud IP traffic will more than triple (3.3 fold) over the next five years.
  • Global cloud IP traffic will account
    for more than 95 percent of total data center traffic by the end
    of 2021.8

If all of this evidence were not enough to prove that cloud-based computing
is here to stay, an increasingly-correct 2015 “Computerworld Forecast Study”
suggests that cloud projects are the “single most important technology
initiatives right now and expected to cause the most disruption in the future,
with the goal being to improve service and generate new revenue streams.”9

Thus, it is important for enterprises to consider these early-days options
for entering the cloud, before the cloud market becomes overly saturated and
less hospitable to new entrants.


[return to top of this report]

Guidelines are
needed to help enterprises migrate applications to the cloud. The short answer
is that not all enterprise applications have the potential of migrating to the
cloud; moreover, there should be some selection process. To ensure a wise
migration of enterprise applications to the cloud, the process should start
with assessment – even more specifically, with a security assessment – followed
in general by planning and oversight/management. More granular considerations
follow for a successful migration strategy:

  • Be open to a short- or mid-term strategy. Perhaps
    migrate cloud-ready applications to test the waters and achieve an
    acceptable comfort level with the cloud.
  • Establish enterprise standards for migration until
    global standards are achieved. There needs to be consistency of migration
    for an organization to manage enterprise applications efficiently.
  • Consider possible delays from a lower-performing cloud service, as they can result in
    loss of customers and brand damage. Choose a higher-performing cloud
    service if latency cannot be tolerated.
  • Decide if some types of data, such as business-critical
    data, have to be kept totally in-house, while others do not. If this is
    the situation, consider the hybrid cloud model. Note that if the federal
    government can achieve an acceptable level of security through FedRAMP, the
    perceived security threat is almost certainly manageable.
    Moreover, community clouds for enterprises with similar requirements might
    be an option.
  • Clarify if an application needs to be rehosted, reconfigured, or rebuilt from the ground up
    to be migrated to the cloud. This is a major decision point, since not all
    enterprise applications are created equal. For example, is it cost
    effective to reconfigure a legacy application when a newer, more agile
    application would improve performance? Does rehosting
    make sense if scalability was a big selling point of the cloud (and the
    original application was not in and of itself scalable)? In other words,
    just because the cloud is scalable does not mean that an enterprise
    application automatically becomes scalable when migrated. The cloud cannot
    fix what is already broken.
  • Examine Service Level Agreements (SLAs) thoroughly. Can
    the cloud provider meet a company’s own SLAs to its customers? Is 99.95
    percent availability acceptable or must it be 99.999 percent? Look at
    outage statistics. Are faults able to be isolated?
  • Determine if the migration path is cloud specific or
    not. In other words, can the enterprise application connect with other
    clouds and cloud providers, whether public, private, hybrid, or community?
    Is cloud-to-cloud migration possible?
  • Assess who needs access.
  • Determine if Bring Your Own Device (BYOD) models can be
    accommodated and managed. Employees can be just as big a challenge as applications.
  • Ask if third-parties have access to your data and/or
    how that is controlled.

It would be disastrous for companies that have migrated enterprise applications to the cloud to
only then discover that they cannot integrate services from different providers.
Therefore, the attraction and possibilities of cloud technology, while
promising, must be carefully and deeply considered before a transition is
determined to be the best course of action. After these
points are taken into consideration, and if the decision is made to migrate to
the cloud now, then the bottom line is that enterprise data needs to be secure
and controlled now, wherever it is located – public, private, hybrid, or
community cloud. When deciding about migrating enterprise applications to the
cloud, a company can reap massive rewards, but only if it makes the right moves.


[return to top of this report]

[return to top of this report]