10 Tips To Get Cloud Ready
Sticker Shock May Occur!
Shawn Stewart
Mr. Stewart has 27 years of experience with hundreds of international, commercial, military, and government IT projects. He holds certifications with ISC2, Cisco, Microsoft, CompTIA, ITIL, Novell, and others. He has a Masters in Cybersecurity, a Bachelors in IT, a Minor in Professional Writing, and is a published author.
Many reasons exist that drive businesses to the Cloud. Some want redundancy of services and protection of data their current office environment simply can’t handle. Some want to offer services to all users both in and out of the office. Others see it as a way to outsource internal IT. A salesperson can convince you it will somehow save money. Whatever the reason, your business has decided the Cloud is the answer.
Experience says none of these reasons are true without proper planning. Handing off your data and services to a Cloud provider can offer the services listed and more, but there’s a catch. Usually that catch involves enhancements in security and, regardless of what the Cloud provider might sell you, you need qualified people to help with the transition. Here are 10 things to consider when moving any office service to the Cloud.
Cloud Control
1. All your data and services currently reside on physical servers either in your office or in a leased server farm. How do you plan to move all that data? Sure, the Cloud provider makes it sound simple, but 10 Terabytes of data across a 1 Gigabit per second connection will take how long? Yes, 22 hours, nearly a full day! That’s only if you shut everything else off and the Internet doesn’t slow down at all. The most important addition to your local network to ensure efficient bandwidth usage is called Quality of Service (QoS). This feature, available on most modern network switches and firewalls, prioritizes data to ensure the most important data, like voice and video for meetings, gets out first. Add extra time and costs for data transfers and proper configuration of your local networks.
2. Are the connections across the Internet secure? Most Cloud providers will say communications to and from Cloud-based servers utilize HTTPS and are therefore secure. However, if you are hosting databases online, for instance, the default ports for those databases are Internet facing and OPEN! That’s not just AWS, that’s all Cloud providers! The only way to secure communications for users is through a virtual Firewall in the Cloud to act as a VPN endpoint or SD-WAN node. Add extra configuration time and costs for Cloud-based virtual firewalls. Learn about firewalls here (Link).
Bandwidth Concerns
3. When your data and services were local, corporate usage of the Internet connection involved mostly web browsing and email transfer. Now that all the data and server communications are in the Cloud, you need an Internet connection that matches your internal network. Most wired and wireless connections top out at 1 Gigabit. Sure, you may have a 1 Gigabit Internet connection but now all 50 of your computers will use it just like the local network. To similarly match the experience of on premise efficiency, you may need to multiply your primary Internet connection by the number of computers on your network. Yes, you would need a 50 Gigabit Internet connection to match the same speeds. Don’t forget you need a symmetric connection, meaning both upload and download speeds must be high! You are no longer just downloading but uploading as well. Add extra monthly costs to upgrade your Internet. Learn how Internet bandwidth is calculated here (Link).
4. Now that all your data is offsite, your Internet connection becomes a lifeline. Redundant Internet connections ensure that a primary Internet failure doesn’t grind your office productivity to a halt. When choosing a secondary Internet, be sure to find a solution from a different carrier than your primary Internet. In some places, you may only have one choice for Internet and other carriers resell that one choice. This is your Last Mile Provider because they own the physical wiring, copper or fiber, that enters your office. Supplement your existing Last Mile Provider with Broadband across Coax, Wireless through the cellular network, or Satellite.
Remember, the bandwidth must allow the office to function temporarily. Don’t cheap out on the redundant Internet as it might be your primary for days if the primary carrier connection fails. Also, ensure your firewall is blocking unnecessary traffic, like streaming videos, to save bandwidth. Don’t forget, you need a symmetric connection. Add extra monthly costs for redundant Internet.
The Real Cloud Costs
5. Cloud bandwidth limitations are real. Granted, most Cloud providers’ lowest bandwidth limitation starts at 100Gbps, but based on your need, that could be an issue. With a 200Gpbs Internet connection, you could find your connection to the Cloud rate-limited. Be sure to fully understand your Cloud connection limit before signing up. This is where a trained network engineer is required. Don’t rely on the Presales Engineer from by the Cloud sales team. They don’t understand your business and data models. Add extra costs for a qualified network engineer to review your connections and needs.
6. Speaking of bandwidth, did the Cloud sales team tell you that you have a monthly cap on the TOTAL data transferred in a month? Or did they just say that some additional charges may apply? No Cloud provider allows unlimited data flows through their system. Some charge you for the percentage of processors used on virtual servers along with the actual total bandwidth consumed across their infrastructure in a month. If your user database is in the Cloud, like with Microsoft Azure or Entra, you could be charged every time a user is authenticated.
Certain customers end up paying two to three times more per month in overage and usage charges than the set monthly subscription fee of the Cloud service! Be sure to extract an exact billing estimate for several different use cases to prevent surprises. Request a three-month test of certain services to see exactly how they bill before moving your entire network. DO NOT host data-intensive services in traditional Clouds! Voice, video, and other high-transaction or high-bandwidth applications will skyrocket your bill. Add additional time and costs to test and prevent surprise overages.
Cloud Security
7. Security posture is not the strong point of any Cloud provider. Every single provider has been hit with some security breach over the last few years. EVERY ONE. When Cloud providers speak of security, know that they will never match the same level of security protection you have in place. Read the contract closely. You’ll see how security is your concern, not theirs. Be sure to enable every security feature they offer. This includes full encryption end to end for all traffic to and from their Cloud. Enable Multifactor Authentication. Enable account access alerting. Turn on every bell and whistle they have and make it work. Don’t expect the Cloud provider to be watching. Add additional time and costs to have a Cloud engineer secure the implementation with the Cloud provider.
8. Monitor every aspect of your business, both locally and in the Cloud. Every Cloud provider maintains a mountain of log data, from system status to access records. If you aren’t currently collecting and monitoring logs with your on premise systems, you should be. You cannot be blind when your data is no longer local. Don’t expect the Cloud provider to secure your systems for you and don’t expect them to tell you when they experience security failures. They typically won’t find out until after your data or users have been compromised. Add additional time and cost to implement and maintain a fully functional and immediate response Security Incident and Event Management system.
Controlling Cloud Access
9. Control who has access to your data and when. This may sound redundant, but when your computers sat in an office, you had physical control over who had access. Now with your services and data in the Cloud and the understanding it is available from anywhere, you MUST limit and secure who has access, from what device, and when. Access controls are the most important in distributed systems. Verify that every user only has the level of access they absolutely need. Should your users be allowed to access data at 3AM on Saturday? If not, disable that access. Thousands of controls exist to prevent users from connecting from different countries, at different times of day, or from a device not owned and controlled by the company. Enforce Multifactor Authentication. Prevent access from any computer not directly under your control. And never, ever allow data transfers off the Cloud. Add extra time and cost for proper Access Controls. Learn how to protect your data here (Link).
10. Secure every device with access to your Cloud data. The old concepts of Bring Your Own Device (BYOD) have mostly lost favor with security-conscious businesses. The cost savings aren’t worth the potential loss from a single security incident. Companies should own any device connecting to the Cloud. This gives them the ability to implement Endpoint Detection and Response (EDR) software and Mobile Device Management (MDM). Adding local encryption, patch management, Data Loss Prevention (DLP) measures, and forced Virtual Private Networking (VPN) when outside the office is required. Policies and training won’t stop the CEO from leaving his phone in an Uber, which happens waaaaaay too often. IT can lock the device, erase all data, or enable a homing signal. Add extra time and cost for the right tools and talent to keep your data safe. Don’t take my word for it. Read what Mitre recommends to protect your Cloud implementation (Link). And read what the National Institute for Standards and Technology (NIST) recommends for Cloud Access Controls (Link).
Cutting costs should not be the driving force in the decision to move to the Cloud. In fact, to properly secure the transition from on premise to Cloud often requires more money, time, and qualified resources to keep your data safe. If you believe moving to the Cloud will allow you to eliminate IT resources, you’ll find the knowledge gap left behind will eventually cost you more in outsourced support, either from the Cloud provider or another vendor. If you’re Cloud-bound for other reasons, be sure to follow these steps for a smooth and secure transition.
Need Help?
Reach out to us! We’re all in this together. Visit our contact page to submit an inquiry. Also, please follow us on social media for the latest updates.
Check Out Our Podcast!
The Hillbilly Hacker Podcast is the hottest new show on the Internet to learn about today’s latest technology in simple words. You can find the Hillbilly Hacker on Spotify, Apple, Amazon, or where ever you find your podcasts. (Link)