PDF version of this report
You must have Adobe Acrobat reader to view, save, or print PDF files. The reader
is available for free
download.
Guidelines:
Migrating Enterprise Applications to the Cloud
Copyright 2020, Faulkner Information Services. All Rights Reserved.
Docid: 00021302
Publication Date: 2008
Report Type: TUTORIAL
Preview
The benefits of the cloud cannot be ignored. More and more companies are
recognizing cloud computing as a priority, cloud traffic is increasing globally,
and the market looks promising. Overall, the outlook is sunny for migrating
enterprise applications to the cloud. However, the major obstacle of completing
the task securely remains.
Report Contents:
Executive Summary
[return to top of this report]
Migrating legacy applications to, or re-engineering them for, the cloud had not
necessarily been part of enterprise strategy until recently. Enterprises
had primarily used the cloud for testing and development or for new
applications purpose built for it. However, the benefits of the
cloud are increasingly tempting enterprises to migrate more and more
applications, especially with the option to pick and choose which tasks or
processes to outsource. Enterprises are looking to the cloud to save on
capital expenditures and enable them to focus on core business. Thus, the
cloud offers hard and soft benefits as well as short-term and long-term boons:
Enterprises can save on hardware, hassles, personnel, and training to focus on
what they do best; in addition they can deploy applications more quickly and
save on maintenance and other IT costs by availing themselves of the
possibilities of cloud technology.
While high-profile data breaches have hurt US tech companies in terms of cloud
security perceptions on the global stage, those same enterprises have almost
universally rebounded, developing more secure, safer cloud-based installations
of their product. Despite this ever-improving level of security, there are still trade-offs that
must be weighed and considerations that must be factored in when considering the
option to transition an application to the cloud. After these points are taken
into consideration and the decision is made to migrate, the bottom line is that
enterprise data needs to be secure and controlled wherever it is located – in a
public, private, hybrid, or community cloud. That said, despite all of the
precautions and warnings listed here, a transition to cloud-based tech can still
provide a very positive outcome for a variety of enterprise customers.
Description
[return to top of this report]
“Cloud”
typically refers to on-demand delivery and consumption of software,
infrastructure, platforms, and resources, as services, over the Internet or
a local network. Cloud services include Software or Storage as a Service (SaaS),
Platform as a Service (PaaS), and Infrastructure as a
Service (IaaS), as well as Low-Cost infrastructure as a Service (LaaS). These resources are shared among cloud
consumers, partners, and vendors in the ecosystem. However, with this
convenience comes a slate of new security concerns. Because multiple users are able to access nearly all types of cloud installations, there is
an increased number of potential
security risks simply due to the introduction of additional
variables in the form of other users. Because of this, security remains the top concern for
companies migrating to the cloud, despite the introduction of improved
encryption and self-defending mechanisms. In fact, as late as mid 2020, 75
percent of surveyed cybersecurity professionals reported feeling "extremely
concerned" or "very concerned" about public cloud security, particularly due to
possible misconfigurations leading to unintended data breaches.1
While this does not apply nearly as heavily to private clouds, and is moderated
somewhat by hybrid clouds, this statistic does illustrate that, even this many
years after cloud-based technologies became commonplace, cybersecurity personnel
remain wary of it.
To address these concerns, cloud product vendors have begun diversifying
their portfolios. In addition to public, private,
and hybrid clouds, there are now community clouds. Public clouds are shared,
community spaces operated offsite, while private clouds include exclusive
spaces, usually dedicated to a single client with built-in hardware and firewall. Hybrid solutions are typically both on-
and off-premise – the external public cloud combined with the internal private
cloud – with more sensitive data residing behind the firewall in the private
cloud. Lastly, community clouds are shared cloud computing service environments open to
certain communities of interest such as banks, schools, etc., that have shared
requirements.
Because of the abundance of choices, enterprises have many opportunities and
obstacles with the cloud. Which applications can or should be migrated? To which
type of cloud? Is a community cloud a viable and secure option? This collection
of variables has led many enterprises to delay or forego any type of
cloud transition entirely. But, that is beginning to change.
Until fairly recently,
enterprises more frequently used the cloud for testing and development or for
new applications designed specifically for the cloud. However, the benefits of
the cloud are increasingly tempting enterprises to migrate more and more
applications, especially since they can pick and choose which tasks or
applications to outsource. For example, the cloud offers high availability for
high traffic times at pay-per-use/service rates, as well as the scalability to
reduce usage when traffic drops. The
cloud can also offer lower-cost alternatives to on-premise
data centers and storage – once the security hurdle (whether real or
perceived) is overcome. In other words, the cloud can save on capital
expenditures. This technological automation can enable enterprises to focus on
core business by offering the aforementioned savings on hardware, hassles,
personnel, and training to focus on what they do best, as well as deploy
applications more quickly and save on maintenance among other IT costs.
Of course, the simplest path to the cloud remains an application or platform
that has been designed from its inception to be cloud-enabled. However, several
tools can make migrating existing assets easier.
- Amazon Web Services (AWS) has been the
market leader for years, thanks to its ability to offer security at a level that organizations such
as Pfizer, Intuit, and the US Navy require.2 - A close challenger is Microsoft’s Azure, “a growing collection of integrated services – analytics, computing,
database, mobile, networking, storage, and web – for moving faster, achieving
more, and saving money.”3
Azure can enable enterprises to weigh short-term options (migration) vs. long-term (new
application development) benefits as it best optimizes their own core business
by easily integrating with existing IT environments. - Google Cloud enables developers to build, test, and deploy applications on
Google’s highly-scalable and reliable infrastructure and offers computing,
storage, and application services for web, mobile, and backend solutions.4
- Finally, IBM has taken in north of $5.5 billion per
year, for multiple years, solely from its cloud and cognitive services
endeavor.
A key enabling
technology used to achieve the goals and benefits of the cloud is
virtualization. Simply stated, virtualization helps the cloud to work. Virtualization may be
employed across machines, software, networks, servers, desktops, and storage
systems, helping to achieve the following:
- Decreased hardware and overall costs for the user
- Reduced power consumption and smaller footprint
- Faster application deployment and upgrades
- User provisioning
- High availability and scalability
- Compliance management
- Simplified IT management
There are
various forms of virtualization:
- Server Virtualization
enables a physical, or real, server to be divided into multiple virtual
servers. - Desktop Virtualization enables enterprise users to access their office PCs
anywhere, anytime. - Storage Virtualization enables enterprise planners to improve storage
utilization and flexibility. - Network
Virtualization enables network resources to
be allocated dynamically. - Software
Virtualization enables applications to be run
in multiple environments and/or on the same machine. - Machine
Virtualization or VM (Virtual Machine)
is a software-based emulation that works like a real machine.
Cloud benefits enabled when using these types of virtualization are detailed in Table 1.
Server Virtualization |
Desktop |
Storage |
Network |
Software |
Machine |
---|---|---|---|---|---|
Reduce the number of physical, or real, servers, often by a factor of five or more. |
Access |
Consolidate |
Achieve |
Enable |
Enable |
Lower |
Protect |
Offer |
Enable |
Run |
Allow |
Recover |
Deploy |
Provide |
Control |
Save |
Choose |
Shorten |
Establish |
Perform |
Take |
Deploy |
Share |
Improve |
Expedite the provisioning of remote workers, thereby easing administration. |
Support multiple connectivity options. |
Provision network resources more efficiently. |
Load balance the servers more efficiently (automatic load balancing). |
Provision VMs on demand. |
Current View
[return to top of this report]
Currently, because of many potential benefits and solid market leaders such as Amazon, Microsoft,
and Google that are continuing to flourish, the migration of enterprise applications to
the cloud is increasing, despite lingering concerns about security.
Enterprises are migrating applications to public and private clouds as
well as using hybrid and community models. Specifically, Forbes predicted that
more than 83 percent of enterprise workloads will be migrated to the cloud by
the end of this year, with 41 percent in public clouds, 20 percent in private
installations, and 22 percent in hybrid variants.5
The ODCA (Open Data Center Alliance) wants to speed this
migration to cloud computing by fostering an ecosystem built on openness and
interoperability. Its mission includes:
- Helping to align
cloud service providers with customers by identifying customer requirements for
cloud adoption. - Developing usage
models based on best practices that help customers quickly integrate cloud
services. - Influencing
industry innovation: - Facilitating service
and solution selection through ODCA tools and resources. - Promoting available
services and solutions through ODCA programs. - Sharing deployment
best practice stories to help leverage insight to a wide variety of
enterprises. - Collaborating with
industry standards bodies to drive standards development toward more openness
and interoperability.6
While a cloud-centric organization will
obviously wish to promote the increasing usage of the cloud, it’s hardly the
only reputable entity with a vested interest in the success of cloud-based
technology. Even the US government has its own cloud strategy, and has developed the Federal Risk and Authorization Management
Program (FedRAMP), a government-wide program that
provides a standardized approach to security assessment, authorization, and
continuous monitoring for cloud products and services. FedRAMP
has among its goals accelerated adoption of secure cloud solutions, increased
confidence in the security of cloud solutions, and agreed upon standards that
can be used outside of FedRAMP. The program also
hopes to achieve many benefits, including improving real-time security
visibility, enhancing transparency between government and cloud service
providers, and saving cost, time, and resources. Lastly, the Cloud Security
Alliance (CSA) is a not-for-profit organization with a mission to promote the
use of best practices for providing security assurance within cloud computing,
as well as to provide education on the uses of cloud computing to help secure
other forms of computing.
With a strong ecosystem already
currently in place and growing, as well as the assurance that security practices being developed, migrating enterprise applications to the cloud will continue
to quicken as security concerns are eroded.
Outlook
[return to top of this report]
Global cloud application services spending is expected to rise to $151.1 billion by the end of 2022,
accounting for the largest single segment of the $354.6 billion in cloud
spending expected for that year, followed by $74.1 billion expected to be spent
on cloud-based infrastructure services.7
IDC’s “Cisco
Global Cloud Index: Forecast and Methodology 2016–2021 White Paper” has the following
long-term data projections, all of which appear to be on track to be fulfilled:
- Annual global data center IP traffic will reach 20.6 zettabytes (1.7
zettabytes [ZB] per month) by the
end of 2021, up from 6.8 zettabytes (ZB) per year (568 exabytes (EB) per month) in
2016. - By the end of 2021, more than 94 percent of
workloads will be processed by cloud data centers; only 6 percent will
remain in traditional data centers. - By the end of 2021, 73 percent of the cloud workloads will be in
public cloud data centers, up from 58 percent in 2016. - By the end of 2021, 24 percent of the cloud workloads will be in
private cloud data centers, down from 42 percent in 2016. - Global cloud IP traffic will more than triple (3.3 fold) over the next five years.
- Global cloud IP traffic will account
for more than 95 percent of total data center traffic by the end
of 2021.8
If all of this evidence were not enough to prove that cloud-based computing
is here to stay, an increasingly-correct 2015 “Computerworld Forecast Study”
suggests that cloud projects are the “single most important technology
initiatives right now and expected to cause the most disruption in the future,
with the goal being to improve service and generate new revenue streams.”9
Thus, it is important for enterprises to consider these early-days options
for entering the cloud, before the cloud market becomes overly saturated and
less hospitable to new entrants.
Recommendations
[return to top of this report]
Guidelines are
needed to help enterprises migrate applications to the cloud. The short answer
is that not all enterprise applications have the potential of migrating to the
cloud; moreover, there should be some selection process. To ensure a wise
migration of enterprise applications to the cloud, the process should start
with assessment – even more specifically, with a security assessment – followed
in general by planning and oversight/management. More granular considerations
follow for a successful migration strategy:
- Be open to a short- or mid-term strategy. Perhaps
migrate cloud-ready applications to test the waters and achieve an
acceptable comfort level with the cloud. - Establish enterprise standards for migration until
global standards are achieved. There needs to be consistency of migration
for an organization to manage enterprise applications efficiently. - Consider possible delays from a lower-performing cloud service, as they can result in
loss of customers and brand damage. Choose a higher-performing cloud
service if latency cannot be tolerated. - Decide if some types of data, such as business-critical
data, have to be kept totally in-house, while others do not. If this is
the situation, consider the hybrid cloud model. Note that if the federal
government can achieve an acceptable level of security through FedRAMP, the
perceived security threat is almost certainly manageable.
Moreover, community clouds for enterprises with similar requirements might
be an option. - Clarify if an application needs to be rehosted, reconfigured, or rebuilt from the ground up
to be migrated to the cloud. This is a major decision point, since not all
enterprise applications are created equal. For example, is it cost
effective to reconfigure a legacy application when a newer, more agile
application would improve performance? Does rehosting
make sense if scalability was a big selling point of the cloud (and the
original application was not in and of itself scalable)? In other words,
just because the cloud is scalable does not mean that an enterprise
application automatically becomes scalable when migrated. The cloud cannot
fix what is already broken. - Examine Service Level Agreements (SLAs) thoroughly. Can
the cloud provider meet a company’s own SLAs to its customers? Is 99.95
percent availability acceptable or must it be 99.999 percent? Look at
outage statistics. Are faults able to be isolated? - Determine if the migration path is cloud specific or
not. In other words, can the enterprise application connect with other
clouds and cloud providers, whether public, private, hybrid, or community?
Is cloud-to-cloud migration possible? - Assess who needs access.
- Determine if Bring Your Own Device (BYOD) models can be
accommodated and managed. Employees can be just as big a challenge as applications. - Ask if third-parties have access to your data and/or
how that is controlled.
It would be disastrous for companies that have migrated enterprise applications to the cloud to
only then discover that they cannot integrate services from different providers.
Therefore, the attraction and possibilities of cloud technology, while
promising, must be carefully and deeply considered before a transition is
determined to be the best course of action. After these
points are taken into consideration, and if the decision is made to migrate to
the cloud now, then the bottom line is that enterprise data needs to be secure
and controlled now, wherever it is located – public, private, hybrid, or
community cloud. When deciding about migrating enterprise applications to the
cloud, a company can reap massive rewards, but only if it makes the right moves.
References
- 1 See “Cybersecurity Report Illustrates Challenges Surrounding
Public Cloud Adoption.” Available online at
https://www.techrepublic.com/article/cybersecurity-report-illustrates-challenges-surrounding-public-cloud-adoption/ - 2 See “Amazon Web
Services Solutions.” Available online at
https://aws.amazon.com/solutions/. - 3 See “What Is Microsoft
Azure?” Available online at
http://azure.microsoft.com/en-us/overview/what-is-azure/. - 4 See “Why Google
Cloud Platform?” Available online at
https://cloud.google.com/why-google/. - 5 See “83% of Enterprise Workloads Will Be in the Cloud by 2020 ” Available online at
https://www.forbes.com/sites/louiscolumbus/2018/01/07/83-of-enterprise-workloads-will-be-in-the-cloud-by-2020/#615e47106261. - 6 Mission statement
taken verbatim from ODCA materials at
http://www.opendatacenteralliance.org/about-us. - 7 See "Gartner Forecasts Worldwide Public Cloud Revenue to Grow
17% in 2020." Available online at
https://www.gartner.com/en/newsroom/press-releases/2019-11-13-gartner-forecasts-worldwide-public-cloud-revenue-to-grow-17-percent-in-2020. - 8 “Cisco Global Cloud Index: Forecast and Methodology 2016–2021 White
Paper.” Available online at
http://www.cisco.com/c/en/us/solutions/collateral/service-provider/global-cloud-index-gci/white-paper-c11-738085.html - 9 See “Computerworld Forecast Study 2015.” Available online at
http://www.idgenterprise.com/report/computerworld-forecast-study-2015.
Web Links
[return to top of this report]
- Amazon: http://www.amazon.com/
- Cisco: http://www.cisco.com/
- Cloud Security Alliance:
http://cloudsecurityalliance.org/ - FedRAMP:
http://cloud.cio.gov/fedramp - Google: http://www.google.com/
- IBM:
http://www.ibm.com/ - Microsoft:
http://www.microsoft.com/ - Open Data Center Alliance:
http://www.opendatacenteralliance.org/
[return to top of this report]