By now, the business benefits of moving to the cloud aren’t questioned anymore. Although in Luxembourg cloud transformation isn’t going as fast as it does in some other regions, we are seeing an increasing number of companies engaging with it.
While a minority of them has moved completely to the public cloud, others are adopting an hybrid approach using both private and public cloud solutions. This article’s goal is to offer a summary guide for cloud transformation that you can use to benchmark your current transformation process or as a guide if you’re yet to get started.
3 steps to cloud transformation
Step 1: Assess your business case
Define the triggers or motivations for cloud transformation. We recommend you to clearly document your business case, including an analysis of the direct and indirect costs of your existing infrastructure against the cost of the future cloud or hybrid environment.
Step 2: Define a solid cloud strategy
The objective of this step is to prepare the move of your applications to the cloud as seamlessly and securely as possible. Perform an assessment of your existing applications which will help you to choose the most suitable cloud migration model for each of them. This process could be either manual or automatic. You may want to take advantage of the cloud assessment tools in the market.
Make up the list of applications that can be moved to the cloud, and for each of them, determine a migration strategy, considering their architecture, business criticality and sensitivity of data. Each application can either be “repurchased” under a SaaS model, “re-platformed” or “re-architected” so that it can fit into a cloud native model.
Be very cautious when storing highly sensitive data in the cloud. Involve the Data Protection Officer (DPO) and the Chief Information Security Officer (CISO) in the assessment of applications that expose such data. Store the most sensitive data in a private cloud or keep them on-premise.
Step 3: Define the cloud architecture
Start off by setting up a “landing zone”, namely, an environment that you prepare and configure to host your future workloads in the cloud. It must be designed according to best practices and follow your organisation’s policies and standards. Given that landing zones are implemented using Infrastructure as Code (IaC), this will allow you to build consistent, trusted, rapid and repeatable environments in an automated fashion.
Key considerations of a cloud transformation
Governance plays a major role in cloud transformation. The two key aspects of governance are the control of costs and the mitigation of risks, especially the ones linked to security. Define budget limits per business unit, enable automatic multi-factor authentication on privileged accounts or limit the use of resources to certain geographies.
Have a well-architected cloud environment to take full advantage of the elasticity and scalability that cloud technologies offer. In this regard, Stéphane Zema and Pascal Guérin, PwC Luxembourg's Cloud Experts say “It's recommendable not to move workloads from on-premise virtual machines (VM) to cloud VM when a company owns the application source code. Moreover, containerization also simplifies the implementation of a DevSecOps pipeline in the organisation by using portability across cloud providers”.
Regarding financial institutions that are subject to CSSF supervision, an approval from the Regulator must be required before executing a cloud migration project. This will actually depend on the materiality of the IT outsourcing.
Each cloud transformation journey is unique. It is essential to understand each situation and how the cloud will help unlock business value. Your strategy will depend on different factors that are inherent to your business—organisational culture, scope, risk appetite, urgency, existing technology stack and available budget. Your strategy should consider cloud computing at the heart of your business and as an intrinsic part of your landscape.
By Stéphane Zema, PwC Director