Journey to the cloud - Do Not Stop there

One of the key mantras from my day job is to meet customers where they are when working with them to start their journey to the cloud. Unfortunately this can sometimes lead to customers basically lifting & shifting their on-premises environment directly to the cloud and just stopping at that point.

I read an article on the UK NCSC site ( I reference it below too) that gave me pause for thought about why folks should** not **stop at the Lift/Shift stage on their migration journey even if they think that’s good enough as it never is!

I will as you knew I would use the Google cloud docs to illustrate any points as I go through this.

**Why do customers stop or pause way too long on their cloud journey at the Lift/Shift stage though? **

Well reasons such as it works as it did before , My staff understand this configuration , Why change what isn’t broken? And a miraraid of other random excuses . This is an anti pattern. You don’t have to believe me about that but maybe the UK NCSC may persuade you. The Security architecture anti-patterns - NCSC.GOV.UK anti-pattern 4 explains succinctly why this is a bad strategy!

If a customer has to lift and shift to migrate existing workloads and many many have to do that as a starting point on their migration journey then they should have a plan to move on by following the approach : Lift/Shift -> Optimise -> Modernize. i.e not just stop at the Lift/Shift stage.

Every Hyperscale Cloud service provider (CSP ) has a methodology that encourages the Lift/Shift to Modernize approach. The methodologies are all very similar in approach ( You can trust me on that, if not there is documentation you can wade through yourself to validate my statement ).

The Google cloud docs on migration start here but happily they do include warnings re why lift and shift although useful as strategy can be problematic too.

**Digging into this you may say well why is just Lifting and Shifting and stopping there bad if the suppliers provide virtual appliances and the CSP’s encourage you to use them? **

There is a place for virtual appliances I am not saying there isn’t but trying to enforce the use of virtual appliances into an architecture where it really makes no sense just adds to complexity and a non optimal architecture. At some point you will want to evolve your legacy architecture to a more Cloud native model and trying to retro fit your security & networking architecture the way you’ve always done it will not lead to a happy adoption of modernizing your workloads to be more cloud native.

What does optimisation give me? That seems like extra work

Optimisation allows you to move beyond just replicating your on-premises environment and just using the cloud as a glorified DC with a slightly different operating model. Optimisation puts you on the path of being able to really take advantage of some of your CSPs in built solutions such as their in-built firewalls & auto scaling features . You could adopt Dataproc to manage hadoop and spark clusters rather than installing onto individual VMs and managing those yourselves. Optimisation allows you to optimise for cost, security and operational efficiency. Google Clouds article on Migration to Google Cloud: Optimizing your environment has a nice flowchart that depicts how to approach optimizing your environment .


Google cloud has Active Assist: cloud management this provides ways to help you optimise your environment for operational efficiency and cost optimisations. Among some of the recommendations & insights surfaced by active assist are those to identify cost savings,recommendations that identify common security misconfiguration issues and network optimisations providing suggestions on how to remediate them.

Why should you care about modernizing your workload?

By modernizing your workload you can take advantage of the inbuilt features that the cloud provider has to offer which leads to many benefits some of which are:

Reduce complexity for example you can move from hosting your websites on a virtual machine and having to worry about all the moving parts like web servers etc to using Cloud run to host your webserver thus abstracting away a lot of the heavy lifting and maintenance involved with running your web server which you have when running on a VM.

You can take advantage of fully managed CSP services for example you may decide that rather than continue to use Hadoop and spark as you did on premises that Dataflow is the modernizing step that addresses your use case.

You can adopt Zero trust architectures which requires shifting access controls away from trusted network perimeters to the identity of what or who is requesting access and whether the devices that request is coming from is allowed. Authentication, authorization and encryption are key to a zero trust architecture. Google Cloud implements this via BeyondCorp . This blog post by Priyanka (@pvergadia ) is a nice explanation of zero trust .

Maintenance and support becomes infinitely easier. For example Patching and maintenance embraces the shared responsibility model so the CSP can make available patches and fixes earlier . In many cases the CSP will apply patches and fixes ahead of the public notification without you being aware of them having being applied.

Google cloud has services like OS patch management | Compute Engine Documentation

If you use virtual appliances you are dependent on the appliance supplier to push those patches out to the appliance and you need to update those appliances. By replicating your on premises architecture a lot of patching and maintenance effort is pushed down to you rather than sharing the responsibility with the CSP.

But if we go all in on the cloud what about my existing staff?

There may be some resistance to modernization as change is hard. Modernizing will involve moving away from familiar paradigms and tooling. Going all in on the cloud gives you the opportunity to have your staff that are willing to embrace change evolve to operate in the cloud. They will learn new paradigms and tools. There will however be some staff that cannot adapt and there may also be staff that are blockers to your migration. In that case maybe you need to find new roles for them where they can no longer be an impediment.

Set yourself up for success by

  • Investing in training your staff who are able to help you with your journey to the cloud
  • Starting with low hanging fruit projects
  • Starting your journey from familiar places that your staff can build upon their existing skills
  • Develop a centre of excellence that has at its core the staff who have expertise with the cloud and been involved in initial deployments

Those willing to face a future that allows your business to adapt to changing market conditions as fast as some of your competitors will thrive.