Each year, we talk to thousands of customers about their public cloud deployments in all of the major hyperscalers. Consistently, the health of customer cloud ecosystems is marginal because of a few key focus areas: workload & cost optimization, security posture, and monitoring. We hope that this blog post, based on our findings and observations, will serve you well.
When reflecting on a customer’s journey to the cloud, there are three key phases: assessment, migration, and optimization. First, we must assess current-state, on-premises workloads. Areas that must be considered include operating system versions, physical dependencies, total storage consumed, VDI, and compliance requirements. Once there is a clear and concise understanding of what can move, and where there may be challenges, we move to the migration phase. In this phase, services are being migrated and built in the public cloud: everything from subscription setup to Identity Access Management (IAM) policies to reference architecture implementation to migration.
The optimization phase of this journey is overlooked on a consistent basis. All too frequently, it seems like a directive comes from leadership to “put something in the cloud.” It’s very rarely optimized, and the conversation always includes something along the lines of, “I don’t know why I’m paying this much for this service.” When moving workloads to the cloud, whether you’re using IaaS, PaaS, or Serverless, there are areas for optimization. If a service is not being used but is in the powered-on state, shut it off. If resources are overutilized, scale an instance up; conversely, scale down for underutilization. This can be as simple as setting up scaling groups, automation runbooks, templatized deployment, or resource tagging for cost tracking. Tools native to the respective hyperscalers, as well as third-party solutions (e.g., Chef, Puppet, Ansible) are available.
Security still seems to be an area of ambiguity for users of public cloud. Deploying applications in the cloud is not too dissimilar from using the data center. It’s still the responsibility of consumers of cloud to secure their applications, whether it’s the deployment of a public-facing application, an internal application, or using cloud for disaster recovery. We have always been of the mindset that the cloud providers are really only concerned with the hypervisor down to the concrete when it comes to their data centers where public cloud services are consumed. Customers must continue to make security a priority in the public cloud. Configuring firewalls, effective IAM policies, subscription governance, compliance and data sovereignty requirements, and data retention and disaster recovery are all mission-critical ingredients for an effective and secure cloud posture.
It’s easy to get lost in all of the different options when it comes to monitoring in the cloud. Are you using the cloud for DR, are you running production in one cloud provider, are you multi-cloud? There are many options for any use case. Monitoring is key from not only a usage perspective, but also for optimization purposes. When I think about my eight-plus years in this cloud world, the good news is that the world of monitoring has evolved quite a bit. Not only are tools readily available that are reactive in nature, but there are also options for proactive monitoring. Customers are not only allowed to be alerted when a vulnerability is identified, but are also allowed to put into place proactive measures to prevent action from a bad actor, for example. While there are tools specific to each of the hyperscalers, some tools, such as CloudHealth, with which we’ve had great success, grant usage and optimization visibility into multiple cloud platforms.
The cloud has evolved in the past few years. We no longer live in the “why cloud?” world, we live in the “why not cloud?” world. With that, it is crucial to consider optimization, security, and monitoring on a consistent basis. With the right tools and strategy, the journey to the cloud can be one met with minimal turbulence, headaches, and service disruption.
For more information about Presidio cloud solutions, please visit our web site.