15 July 2021
FAQ: A CTO explains cloud migration facts SMEs don't know
On the public forum, tech leaders proclaim: “Just move to the cloud, or you won’t be competitive”. Then it turns out the migration process is shrouded in complexity as no realistic answers are easily available online. Explore the hard truth of going through cloud migration that I’ve learned from helping international customers avoid an irreversible failure.
The hype around the cloud is enormous but often unfounded. Since leaders confused about cloud migration continue to ask me repeated questions, I thought we all could use truthful answers that don’t come from a self-interested cloud provider.
During my tenure here at The Software House, we led dozens of cloud migrations, and in one case, the client’s platform got bought out in a multi-million deal. Here are the most frequent questions that I answer.
Q: What should a cloud migration strategy include?
Some of us imagine that cloud migration is copying/pasting data onto a cloud server. There’s even a name for it —
Lift and shift. In the end, that’s not how it goes down. If you just move your system 1:1 onto the cloud, the application’s performance won’t improve a bit.
Since there are several migration cases that might apply to your project, your best bet is to work with a certified cloud engineer to find the right one. Developing a cloud migration plan strategy helps you level the different expectations everybody has. Without a shared understanding of the goal among stakeholders, you plan to fail, as the new cloud app won’t deliver what they expected.
It all starts with choosing one of the four goals for your migration.
Moving the system to the cloud without adjustments doesn’t guarantee you greater performance. You need a software audit, which in 90% of cases reveals the app needs to be rewritten. That’s what you need to plan out in the strategy. Only 10% of the strategy is a guide to the migration itself.
Worldwide service availability
Your focus should be on defining market areas where you need maximum uptime. Your migration might be based on making 5 cloud copies of your current server where the challenge is making them synced.
Because cloud services work under a pay-per-use model, you need to run resource-drain tests to see what are the weekly costs of hosting the app in the cloud. The strategy should define how to launch such tests from the setup to a spending analysis. Mind you, the cloud can be more expensive than on-prem in some cases — more on that down the line.
Although the cloud offers enterprise-level measures, the strategy usually starts with a security audit of your organization. Backdoors left by employees are the 3rd main threat to digital organizations. The migration won’t change how your teammates work with the system, but you can lead the change that’s a necessary bridge to cloud adoption.
Note that your team will most probably migrate data from a live app, and without a strategy, you can expect there to be a malfunction that takes weeks to solve.
Q: When is it a good time to migrate an app to the cloud?
If you have an application with consistently low traffic and low resource use, it makes little sense for you to migrate.
Then, if you know your app must grow in thousands of users, grab the product roadmap and see which cloud services can help you prepare with scaling up. That’s the usual case for startup-like products expanding from a city market to a national or international market.
Q: How should I prepare my department for cloud migration?
The migration process can even take you 1 month to complete if it’s done by the book. But the timeline depends on the complexity of the system. For instance, The Guardian, an organization of +2069 employees, switched to AWS cloud in around 9 months.
Your work should start at least 6-7 months before the app needs to be in the cloud.
- Count 3 months for certifying your team in cloud operations or 2 months to find a certified cloud development partner
Each of the three main cloud providers — Google, Azure, and AWS — offer free and comprehensive training programs that are impossible to cheat through. They’re also taught by engineers hired at these companies, so your employees will receive first-hand knowledge.
- Add 1 month to set-up a DevOps team (more on that in a moment)
- Then, and 2 months to draft a strategy. Don’t skip the recovery plan. Many of our clients ignored having such and got stuck with a non-performing cloud system that they couldn’t downgrade from.
Q: How can I find the right cloud migration partner?
If you don’t know anyone in your network, browse for a software house OR software company in the directories for
AWS Consulting Partner (search), or
Google Cloud Partner (search), or
Azure Partner (search).
See how The Software House can support your cloud transformation
🚧 Your migration can have unexpected twists. It doesn’t have to. Our AWS Certified Cloud Architects led cloud computing projects in Saudi Arabia, the U.S., and the UK. They can help.
Q: Who do I need in the team to run my cloud?
A couple of companies called us 2 months after their in-house migration. The problem? Their system slowed down and programmers don’t see a fix.
Before the cloud, everything was compiled in one, continuous block of monolithic code. Software performance was easier to control. Now your code might be split between 50 or even thousands of microservices, so development, management, and analysis are way tougher. It’s a common problem for early-stage cloud projects.
The domain that controls how system components interact is called cloud observability. DevOps on your observability team ensure your cloud architecture has optimal response time, functional routing, and manageable resource use. You need somebody to do that.
Remember that once, a server admin used to take responsibility for any abnormalities. Since now cloud platforms have robot admins, they can’t customize the system to your needs, letting many errors go on unaccounted for.
Q: What are the risks of migrating to the cloud?
The first risk is that your project will drag on indefinitely, draining your budget dry.
You might estimate 2 weeks for the migration with no tests planned and no recovery plan only to find out a month after the process that a critical module stopped working. Then another might fail, and another.
Before you jump the gun, be sure to follow your cloud lead’s advice. If they say you need refactoring, it means it’s unavoidable if you want your public cloud to work for months to come.
Overspending is another risk to consider. I witnessed someone getting a $20K bill for cloud computing overnight when the regular cost should have been $500.
In that situation, the cloud was configured to add processing resources (“autoscaling”) without a spending cap. Someone either didn’t know or forgot about the option — but your observability team probably wouldn’t.
The third risk is that you want to cut costs by using the cloud but are unaware that it’s not a guarantee. If a first-time cloud engineer leads your migration, your system can transform from cheap to expensive, stable to unstable, or fast to lagging. Such a person will most definitely fall for untruthful content from cloud providers that is overly optimistic.
Save yourself thousands of dollars in fixes by working with engineers with a proven track record in cloud operations.
Q: Which main cloud provider should I choose?
It’s a bit like with programming languages. You need one that works with what you have. The Software House recommends AWS, simply because we have years of experience in developing on that cloud. Another company might recommend Azure or Google Cloud.
In our State of Microservices report, we asked 669 technology professionals about their serverless technology provider. 49% of them pointed to Amazon AWS. Does it mean their cloud is a must-have for your business? No.
Right now, all cloud platforms offer similar on-demand services. However, if you’re concerned with GDPR compliance, the selection narrows.
Although there are legal “hacks” you can use to avoid connecting your cloud data to a country (Amazon and Google did that, and it worked), Azure might provide you with the most privacy-friendly environment to work with. That’s what corporations choose. Azure has legal guarantees, the right documentation, and processes for companies of 200+ employees.
Q: How can I migrate from one cloud to another?
If you see this advice on Google, don’t believe it. Cross-cloud migration doesn’t work this way.
Cloud providers do everything to trap their customers. For instance, AWS and Google Cloud have comparable computing services, so people think they can switch in no time. But you can’t because the configuration is way different.
So you might envision building a cross-cloud system. That’s cool, but it’s a waste of time, as you’d need an abundance of time and budget that corporations may have. There’s a minimal chance that your business will want to or be required to swap providers, so save yourself the trouble.
Now, if you’d still insist that a swap is mandatory, you need your infrastructure documented so that your cloud team knows if a Google Cloud setup can be replicated with Azure or AWS. It means… you need to write a new strategy to be even close to success with swapping providers.
Q: How can I estimate cloud migration costs?
If you’re not a technical person who worked with the cloud before, you simply won’t handle all the dependencies that matter in an estimate.
To have a guesstimate, you can ask your Cloud Engineer to input your business data into a pricing calculator. AWS, Google Cloud, and Azure have such. Select your services of interest, provide information about resource use, and you’ll see your monthly bill. But the story doesn’t end there.
We did cost simulations several times, but they rarely present what you can expect post-launch. In the first months, your bill will go up and down before it stabilizes at a point. That’s why your observability team can’t provide a straight estimate beforehand.
Still, if knowing costs is critical for your project, you can access first-hand insider knowledge from the providers themselves. For instance, if you register for the AWS Business Consultant certification, you’ll learn what regulates the prices from their calculator.
Since cloud pricing can be tricky, get that estimate, add a 50% margin of error, and run resource-drain tests.
Q: Why should I trust the cloud as a core for my business?
The cloud is not 100% reliable, but it’s still more reliable than your server. Statistics say driving a car is more dangerous than flying, but a big bunch of people would rather trust their car than a plane. Being the driver gives us a false sense of control — just like having an on-premise server does.
Just because we don’t own cloud servers, it doesn’t mean they have weak resilience. Cloud providers offer a service-level agreement to their customers promising a 99,9% uptime guarantee. If it wasn’t for that, I can’t imagine why BBC, Spotify, or Airbnb would risk running their platforms from the cloud.
My question — do you want your business to be overly reliant on the cloud? Sure, it’s better to be in the cloud than on a server. But because of that thin margin of 8-10% of cloud outrages, every adopter should have a plan B for when their service fails to work for thousands or even millions of users.
The EU is currently developing the DORA legislation that would require businesses to guarantee digital resilience of their services. Many industries with an online product or service just laugh at ACTA or GDPR, but the reality is that in the future, an unreliable service might get 3 strikes before getting a fine.
Take example of FinTech companies such as Revolut. They know that without ensuring their platform’s resilience, either the users or third-party customers could mass-sue them for service disruption.
Q: Are on-prem servers safer than cloud servers?
Developers have something called the “bus factor” question. What happens if your cloud provider or a cloud lead gets hit by a bus? Aim to diversify risk across assets and people.
Because of executives’ fear of losing control, many see cloud adoption as an opening to a new world of vulnerabilities. But Bitglass’s study reveals the public opinion believes both on-premise and cloud servers offer similar security.
As I mentioned before, it all starts with your employees following cybersecurity guidelines. If you can’t execute that to a satisfying extent (2FA logins, encrypted passwords, email threat scanning…), it doesn’t matter where you host.
Sony estimated $171M in losses for the 2011 Playstation Network Hack that affected 77M accounts. Somebody either didn’t secure their database or didn’t run penetration tests. It was a human error after all, doesn’t really matter cloud or not.
There’s a stronger focus on IT security innovation for the cloud because that’s where the world’s biggest corporations run their applications from. Oracle’s VP of Cloud Security engineering has a logical explanation why it’s well-secured — cloud providers deliver automated patches, continuous compliance assurance, and dozens of cyber-resilience modules you can use.
Q: What’s the timeline for a cloud migration project?
That’s a tricky question. The migration can take a month or several months, depending on whether you have cloud engineers, system documentation (rarely anyone has it), the number of elements in your app, and the number of interconnections.
It’s stunning how much we ignore it. I’ve met clients with a 20-year-old system that remained undocumented because they had their Senior wizard explaining everything in person. Cloud engineers can’t work without documentation, and however you try, you won’t avoid preparing such. How can you move something that you don’t know?
Level of complexity
The more services you have, the longer the migration will drag on. With 12 services to be transferred, it might take a month or two. But if you have 50, 250, or even more, nobody can estimate the time without an audit.
Your cloud can limit or expand resources depending on the app’s use. One client owned a football ticketing service that would be in demand only before a match. We used auto-scaling to put the server to sleep outside of the season.
Cloud providers put an “on” button for auto-scalability in the dashboard, but it’s a myth that it works. Without going through a pile of settings in configuration and usually some external tools, it doesn’t, and using it might suck your money out like a vortex. Remember the man who got the $20K bill for one night?
Set your measurement KPIs, decide if resources should scale equally, and prepare if-this-then-that scenarios.
If you need the app tested for security, that’s gonna take a couple of weeks. You might also want to test if the migration can succeed. Feature-testing can be also necessary, as you wouldn’t like to find out customers get a system error because they can’t even save a report.
As you see, depending on your preparedness, you can count 2 or 7 months to finish the migration.
Continuing your cloud journey
Most probably, your next step will be to find your migration goal, prepare your cloud lead, or call up a software partner. 21 articles on our blog deal with cloud operations, so you might want to hang around a little bit longer.