Migrating to the cloud? Beware the many hurdles

Issue 6 2023 Infrastructure, Security Services & Risk Management

Benjamin Coetzer.

Businesses today are moving en-masse to the cloud. However, before undertaking such a move, companies should understand the many hurdles they face and how to overcome these, so says Benjamin Coetzer, Director at local VMware Cloud Verified provider and VMware Principal Partner, Routed.

Most businesses today, if they have not already undertaken a cloud migration, are certainly in the process of planning such a move. The desire to do so is fuelled by the many benefits loudly proclaimed, including scalability, flexibility and cost-efficiency. However, while there are undoubtedly many benefits, there are also numerous hurdles to cloud adoption. CIOs need to be especially aware of these challenges when planning a migration.

In fact, some of the biggest challenges revolve around managing cloud spend, understanding the cost components of cloud infrastructure, and how those costs can scale. Additionally, migrating traditional on-premises workloads to hyperscale providers is not always a simple equation. Unlike buying physical servers and equipment, hyperscalers charge for communication and disk access in ways that are unfamiliar to most organisations.

Still, perhaps the single biggest global challenge currently, and one that is certainly a major issue in South Africa, is the lack of adequate cloud skills. A shortage like this means that many people do not have the relevant experience in cloud migration and thus face a steep learning curve when transitioning from on-premises to the cloud.

Part of the problem lies in the fact that IT teams have more control over data access and security with on-premises setups. In the cloud, security becomes a shared responsibility, requiring awareness and training across the enterprise. Moreover, as businesses shift to software-as-a-service (SaaS) models, employees also need retraining in order to adapt to new ways of using applications and accessing data, while still maintaining effective security.

Legacy versus cloud native

Another concern is that technical leaders sometimes try to take legacy on-premises applications and shift these straight into a cloud-native environment. Not only do such applications not always work properly in the new environment, but organisations that are used to the usual capex-type investments for hardware refreshes or perpetual software licences quickly find that the cost operation model in a cloud environment is completely different.

Worse still, it is often the non-IT departments in the business that do not know how to handle this new cost paradigm model, people like the Finance Director, accountants and product teams.

There are also significant technical challenges to consider, with connectivity being first and foremost among these. Since connectivity is the lifeblood of the cloud, it is imperative that your business or office park has some form of redundancy built in. The best approach is to utilise two different connectivity mediums, such as a main fibre link, with a wireless connection as a secondary option.

A second challenge here is the issue of locality. This is of concern due to the nature of compliance requirements – like the General Data Protection Regulation (GDPR) and the Protection of Personal Information Act (PoPIA) – indicating that certain data must reside within local borders. It is vital to be aware of the personal information that you are saving in your databases, systems, and applications, as this is stringently controlled and there are strict rules around where such data resides from a compliance perspective.

Security and data privacy concerns should be among your top of mind thoughts, as such issues significantly hinder cloud adoption. For example, we are aware that the cloud introduces new operating paradigms and governance challenges, such as shadow IT. This is where different departments use various cloud services without oversight, something that can easily lead to data breaches of local regulations like PoPIA, and international ones like the US Cloud Act. Such laws add complexities to data sovereignty and privacy, meaning that organisations need to consider these aspects when selecting a cloud provider.

High costs and vendor lock-in

It is also worth noting that one really needs to recognise and address these challenges beforehand. This is critical because once you are committed to a cloud provider, switching or repatriating data without incurring high costs is difficult. Vendor lock-in is a real concern, and carefully planning ahead can prevent your business from getting trapped in a situation where options are limited and costs are unforeseen.

This happens because the fees from hyperscalers are often consumption-based when it comes to repatriating data or information out of cloud environments. What occurs is that the providers entice new customers with an offer of huge discounts on their workloads, but this is done because they know that within the contract period, the client’s consumption of their platform is going to grow drastically. Moving to a hyperscaler cloud is like checking into Hotel California: You can check in, but you can never leave – once you have committed, you may find yourself stuck with them – because in order to move out again, it may well cost you more than you would have saved with the original discount.

Another thing to consider is the concept of multi-cloud, similar to the previously coined term ‘hybrid cloud’, where organisations place different workloads with different hyperscalers. This is often considered the next step in cloud migration, but represents further challenges, as it is now about governance, compliance, control, and operational insights across multiple different cloud providers, making the whole process even more complex.

Looking at the big picture, cloud adoption is obviously a move that can be expensive due to the operational complexities outlined above. However, these expenses can be balanced by the expertise cloud providers bring in managing risk and operations, compared to relying solely on internal IT staff, particularly if they do not even have proper cloud skills.

Besides doing your homework before making the move, the best advice for those still seeking to migrate to the cloud is this: Find a trusted partner that has a proven track record in cloud migration. Avoid those that like to throw buzzwords around and instead seek out a partner that will look at your current IT state and your current business processes with a critical eye, and that will be capable of both evaluating your situation and providing ongoing guidance as you move through your transformation journey.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

The TCO of cloud surveillance
DeepAlert Verifier Technews Publishing Surveillance Infrastructure
SMART Security Solutions asked two successful, home-grown cloud surveillance operators for their take on the benefits of cloud surveillance to the local market. Does cloud do everything, or are there areas where onsite solutions are preferable?

Cyber resilience – protect, defend, recover
The challenge with AI is that threats are getting harder to detect. As a result, plans in 2024 are not just about detection and prevention, but about recovery.

Powering business resilience and field operations
Infrastructure Products & Solutions
[Sponsored] The Anker 757 Portable Power Station emerges as a strategic asset for businesses looking to overcome power instability and the demand for operational efficiency in remote and field-based environments.

Top bets for backup and business continuity
Become your organisation’s data pioneer and spearhead data governance and protection of critical data. Challenge why best practices are not adopted or in place, while highlighting the inherent risks this poses.

Deception technology crucial to unmasking data theft
Information Security Security Services & Risk Management
The ‘silent theft’ of data is an increasingly prevalent cyber threat to businesses, driving the ongoing leakage of personal information in the public domain through undetected attacks that cannot even be policed by data privacy legislation.

Proactive strategies against payment fraud
Financial (Industry) Security Services & Risk Management
Amid a spate of high-profile payment fraud cases in South Africa, the need for robust fraud payment prevention measures has never been more apparent, says Ryan Mer, CEO of eftsure Africa.

How to prevent and survive fires
Fire & Safety Security Services & Risk Management
Since its launch in August 2023, Fidelity SecureFire, a division of the Fidelity Services Group, has been making significant strides in revolutionising fire response services in South Africa.

A long career in mining security
Technews Publishing Editor's Choice Security Services & Risk Management Mining (Industry)
Nash Lutchman recently retired from a security and law enforcement career, initially as a police officer, and for the past 16 years as a leader of risk and security operations in the mining industry.

Risk management: There's an app for that
Editor's Choice News & Events Security Services & Risk Management
Zulu Consulting has streamlined the corporate risk management process with the launch of Risk-IO, a web-based app designed to consolidate and guide risk managers through the process, monitoring progress as one proceeds.

Integrated information platform for risk management
Editor's Choice News & Events Security Services & Risk Management
Online Intelligence recently launched version 7 of its CiiMS risk and security platform. Speaking to SMART Security Solutions after the launch event, the company’s Arnold van den Bout described the enhancements in version 7.