Winning teams at large enterprises adopt cloud technology at a rapid pace. This brings changes to 3 well-known aspects: people, process & technology. Despite good efforts, there are also departments that resist change. In every new technological innovation, they see a burden. From their perspective, migration to the cloud is no exception: they just see the roadblocks, not the opportunities. In this article, I will present 10 common barriers when it comes to cloud migration and how to tackle them. Hopefully, this will convince the above-mentioned departments to turn into winners too.
Barrier 1: the cloud is too insecure
For years, security was in the top 3 concerns with regard to adopting cloud technology. As we’ve seen in the last couple of years, cloud providers made tremendous improvements to offer secure services to their clients. Not only from a physical security perspective (you can’t just call someone from the CSP to examine “your server” in the data-center) but also from a risk and compliance perspective. All cloud providers offer secure connections to their endpoints. Insecure connections and endpoints become obsolete very quickly.
Data can be encrypted in transit and at rest. This applies to binary data as well as to data stored in databases. Azure even offers features like dynamic data masking and “encryption in use” which only enables decryption of the data by the application that actually needs it. Administrators can’t decrypt the information.
Access to your data and applications is secured through fine-grained roles and permissions like IAM. This is available for all popular services, Kubernetes included. All major cloud providers offer these services from a central point of view. There are multiple options to handle key management: do it yourself or let the cloud provider handle it. Tracing and auditing get more attention every day. Security dashboards are common now. Compliance departments are happy.
Security by design
From an architectural and developers’ perspective, people have to think in terms like “security by design” and “shift security left”. Security within the public cloud is definitively not an afterthought. Of course, this brings another threat: the level of knowledge that DevOps teams need to operate their applications in the cloud in a secure way needs to be very high. It takes time to train them and make them aware of the best practices specifically for their solution. Keep in mind, they also evolve quickly over time. Despite all of this, it’s worth the investment.
According to the number of cases in which companies store even very critical data in the cloud, it is not too insecure.
Barrier 2: business departments do not see any benefit
In an ideal organization, business and IT departments work closely together to reap the benefits of what cloud technology can offer. If business departments are not so familiar with the potential benefits that cloud technology can bring to the organization, they tend to block any cloud-related effort which is outside of their circle of influence.
One way to tackle this problem is to show the business departments clear and successful use cases in which cloud technology proves to be valuable. Business departments do not (need to) understand the technological aspects very deeply. Instead, they need a clear picture of the direct (financial)l benefits. This could be direct cost savings related to infrastructure resources or a reduction in the number of human resources needed to operate Virtual Machines. When building a cloud business case, don’t forget the intangible benefits like a boost for innovation, the attractiveness of tech talent, etc.
The trick is to change the mindset of the people who do not directly see the potential revenue. Once they see benefits for their domain, they will probably support the ideas of DevOps teams and become a great sponsor. Don’t underestimate their level of influence since they also act as a stakeholder for other teams. In case they see the business benefits for themselves, they spread the word. As a result, this accelerates more initiatives.
Barrier 3: cloud technology is too expensive
If you do cloud wrong, it can become very costly. However, the following tips provide help. First of all, you should have your business goals very clear. Based on that, you should define your cloud strategy. One critical aspect is to select which applications and data you want to host in the cloud and how you plan to do it. As seen in one of my previous articles: a “lift and shift” approach is not always the best in the long run.
If you select the wrong cloud service for your core application, this will cost you a lot of money. Think of selecting a database to store big chunks of data. Sometimes you need to select another type of database and refactor your application in order to keep costs low. It is important not copy what you have in your on-prem data-center to the cloud. This may lead to sub-optimal results. Managers and business owners will be disillusioned and they won’t help you spread the good news.
Keep a close watch on cloud resources that eat away your budgets. It is important to select and use the “pay per use” cloud model as best as possible. Cloud resources that are not needed anymore should be terminated. Check out my previous article which highlights plenty of examples of how to save money in the cloud.
Keeping these tips in mind helps you to overcome this barrier.
Barrier 4: a vendor lock-in prevents us to get out
A lot of companies fear the “lock-in” of a cloud provider. According to them, it’s easy to get in, but difficult and costly to get out. This applies both for the services they use and for the data they store. How to avoid being trapped by your cloud provider?
My best advice would be to:
- calculate or estimate what it would cost to exit the cloud (and move to another cloud provider) in advance. It should be part of your business case as a “what if” scenario.
- use open standards and open APIs as much as possible. For example: you can use CodeCommit and CodePipeline ” from AWS all the way” but this is not portable to Azure. The same is true for Azure Resource Manager versus Terraform or Pulumi. If you really want to be portable select tools and services which work on multiple clouds and perhaps even on-prem.
There is one trick here: the costs of a tool that works on multiple clouds should be compared to the costs to leave a cloud provider and move to another one. If, in the end, migration to another cloud is still more beneficial, you can fully use the potential of that cloud provider without having to worry about the lock-in scenario.
Barrier 5: cloud services won’t integrate with other services
Building great applications becomes more difficult when you need to integrate them with other systems. Often, companies fear the ways to integrate their cloud-based application with their existing applications or third party systems.
This is true to a certain extend: cloud services work best within the perspective of how a cloud provider has intended it. For example: Azure Pod Identity works fine with Azure Active Directory but there is no way you can swap out Azure Active Directory for another Active Directory solution.
On the other side, there might be great integration points between a cloud-native service and a third-party tool. One key example comes from the CI/CD point of view: integrate Azure DevOps pipelines with Jenkins as is discussed in the article of AzureDevOpsLabs.
New solutions also pop up which bridge the integration gap: iPaaS. Axway describes this as: An Integration Platform-as-a-Service (iPaaS) is a cloud-based integration solution that connects any combination of on-premises and cloud-based applications and data — even legacy systems, and traditional integration patterns such as managed file transfer, B2B, and EDI — across any number of organizations.
Open standards and open APIs help to keep integration points smooth.
Barrier 6: migration is very complicated
Let’s be short on this. I agree for 90% with this barrier. There is so much to learn, so much to forget (e.g. old habits) and things evolve so fast. Please check out my article on “cloud migration considerations” to make the migration a success.
Barrier 7: there is not enough knowledge to adopt cloud
For sure this is a real concern in the beginning of your journey. Where to start and how to make sure you get the right knowledge for what you need. Some tips to get you started with this:
- Create a training plan for your engineering teams and your business representatives.
- Create a certification path for your DevOps teams. In every team, there should be a certain amount of certificates for a specific topic like architecture, operations, and security.
- Hire external consultants which can help to speed up the initial initiatives.
- Facilitate the one’s who are eager to learn and give them time and sufficient mandate to help others.
- Invest in a changed mindset since this is the core to success and also be sure to manage expectations of the management or the one who sponsors the projects.
One last advice: invite guest speakers of other companies who have more experience. They can be great inspirations for your teams.
Barrier 8: cloud providers do not offer sufficient stability and performance
Perhaps this was true in the early days of the cloud. Now it’s not. Things have changed so fast. Cloud providers offer robust infrastructure services of very high quality. Strict SLAs help their customers to make sure you will get your uptime figures. For example: consider the durability of S3 or the uptime SLA of AKS in Azure. all major cloud providers offer discounts up to 100% if they cannot comply to their own SLA.
Cloud providers offer very mature solutions to keep your application up and running. Think of database replication, high availability, scaling groups, etc. Nowadays, stability problems and performance bottlenecks become much more the responsibility of the consumer. Advice on this: make sure your applications are designed with failure in mind. This way they will survive a number of problems which can and will be present in the cloud.
Barrier 9: cultural changes are too big
Cultural changes should not be underestimated. With Cloud, most people need to drastically change the way they work. Not just the tech people, but also the business representatives. Cloud offers new ways to tackle similar problems to what you might know but also offer a lot more which should be taken into consideration. Starting with the business case all the way up to the DevOps teams and the financial departments which need to decide on which applications to spend their money.
Address this barrier similarly to other cultural challenges. Listen to the people who fear the change, address their fears, and seek solutions. Keep them informed about important decisions that affect them and give them the time needed to learn, practice, play, and blend in the new way of working into their daily tasks. Some people have the ability to learn fast, others need more time, so bear that in mind.
In the end, the people are the consumers so they can make or break even the most important strategic decisions.
Barrier 10: regulations prevent us from using cloud
Rule and regulations for privacy, data security and auditing are pretty strict sometimes. In Europe, this is especially true. These kinds of non-functional requirements put a high price on your cloud migration initiatives.
Cloud providers worked hard to make sure they comply with regulations in every part of the world. As of now, there are a large number of examples which proof even highly sensitive workloads can run in the cloud. They all make use of the strict compliance regulations which are now offered by cloud providers: HIPAA, SOC2, GDPR. In addition to that, you need to make sure your application is designed to support these and that you put your data in the region which supports the needed compliance regulations.
To make this practical: some data is not allowed to leave the country. For other data, you need to make sure it is encrypted with your own (hardware-based) encryption keys. Companies like financial institutes are and will be audited to prove they are in control of what they do with their sensitive data. Their success stories prove that regulations do not prevent them from using cloud.
Legal and compliance departments can help you to achieve your goals. Be sure to train people from those departments as well as the people you have thought of immediately.
As seen in this article, there are a lot of (potential) barriers to overcome when you decide to move to the cloud. I hope my thoughts on this subject gave you insights into ways to do it. Don’t let them stand in your way to pursue your strategic cloud-related goals.