How Cloud Migration of Legacy IT Systems Overcomes Obstacles
Moving to the cloud is seen as a way to simplify IT, but legacy systems may not allow for a simple cloud migration. netrix's Mark Kedgley discusses the importance of considering private and public clouds, and the implications for security, cost and scalability.
Enterprises are moving toward cloud-delivered IT. If ready-made applications are available, SaaS is attractive because of its relative simplicity and ease of deployment and maintenance. If you need to develop applications in-house, you may want to adopt modern cloud and container-based computing models and use a DevOps pipeline that includes automation, continuous testing, and image deployment.
But in the real world, most of us also have systems that predate cloud computing and don't allow for simple cloud migration. So while moving to the cloud is often seen as a means to simplify IT, it can actually make life more complex as IT teams need to consistently manage cloud and legacy systems. In fact, according to the Netrix Cloud Security Report Open a new window, the top factor slowing down cloud adoption (mentioned by 41% of respondents) is integration with existing IT environments.
By 2023, 73% of organizations will already have a hybrid IT infrastructure. 37% of enterprises currently only plan to adopt cloud technology in the next 12 months. This means that for most organizations, learning how to use the cloud effectively and securely is critical.
Private cloud, public cloud and hybrid cloud
When it comes to cloud architecture, there are two main options: private cloud and public cloud. However, you may need a combination of both, known as a hybrid cloud. Your choice involves a range of issues, including cost, scalability, security and compliance.
Private cloud means you own your own cloud infrastructure, built and managed by your in-house IT team. This approach often provides greater control over data and infrastructure, but flexibility comes at a cost: Managing these systems requires more hardware, software, and human resources. Additionally, the total cost of ownership of a private cloud includes ongoing maintenance, upgrades, and support.
On the other hand, operating in a public cloud means you are using the cloud service provider's infrastructure to host your data and applications. This option is more convenient and cost-effective, but also has some limitations in terms of customization and control. What's more, security responsibilities are split between the cloud service provider and your own IT team. You don't have the opportunity to negotiate who will take care of what; as the customer, you simply accept their terms and conditions. Therefore, to avoid security breaches, you need to pay special attention to which areas are your responsibility.
If you have specific security or compliance needs (such as HIPAA), operating in your own cloud may be preferable. But if you need to scale quickly, or don't have the resources to manage your own cloud infrastructure, public clouds often make your job easier.
100% cloud-based security details
In a 100% cloud-based IT model, security is multifaceted. On the one hand, cloud service providers have strong security measures. In fact, many companies will carry SOC2 certification, which means that the service provider, their infrastructure and operating procedures have been audited and judged to have reached a sufficiently high level of security.
On the other hand, as a tenant, you need to take extra steps to ensure the security of your applications and data. One of the most important strategies is a zero trust approach. This is not a new security control specifically for the cloud, but a basic IT security best practice for ensuring that only authorized users have access to their applications and data, and that access is granted as needed. This may involve the use of multi-factor authentication, access control and monitoring.
Another important security consideration is encryption. Again, this is not unique to cloud computing, but it can be more important when the data is stored in what is essentially a publicly accessible resource. Ensuring data is encrypted both in transit and at rest provides compensation for data loss even if the system is compromised. Fortunately, encryption is a standard option with many public cloud providers.
Finally, cloud-based organizations also need to carefully consider their backup strategies. When you have a local server, you can store backups offline, making them more difficult for attackers to access. When all your data is in the cloud, make sure you store backups on another cloud. For example, if you have Microsoft application data, don't store backups in Azure.
Legacy IT systems: You can’t live without them and you can’t live without them
If all you need is a modern Windows or Linux platform, you can do anything with any combination of public and private clouds. However, if you're still relying on legacy platforms—older Linux or Unix versions, or even iSeries and mainframes—then moving entirely to the cloud may not be an option.
What's more, these systems require maximum protection because they are legacy! Since vendors often no longer support such systems, no patches or updates will be provided. Additionally, you may be limited by outdated encryption technology.
因此,您需要保持警惕,并采用多层方法来加强系统并补偿安全控制。这些控制可能包括防火墙、跳转服务器、代理连接和虚拟桌面访问等等。考虑将遗留系统与网络的其余部分隔离开来,以显著减少攻击面,并使攻击者更难渗透到组织it环境的其他部分。
Choose the right cloud
Cloud architecture is fundamentally different from on-premises architecture and requires a different approach to design, implementation and management. When moving to the cloud, organizations need to carefully consider the differences between running in their own cloud versus a public cloud, including the impact on security, cost, and scalability.
IT professionals must take steps to ensure the security and availability of cloud-based applications and data, paying close attention to what the cloud provider is and is not responsible for. A zero-trust approach can be particularly valuable. If you need to maintain legacy systems, you will have to rely more on basic security controls such as system hardening and access control.