Aiven for Apache Kafka®

Go to page

4 key risks in moving to the cloud (and how to mitigate, manage and master them)

Moving the data infrastructure of your service or app from an on-prem model into a managed cloud service comes with risks. These ones you can't ignore.

17 May 2022
Auri Poso
Auri Poso RSS Feed
Technical Copywriter at Aiven

Moving your service into a managed cloud service is perhaps the most important business transformation you’ll ever undertake.

The benefits of using a managed data infrastructure are clear:

  • Increased cost control
  • Better information security
  • Improved agility
  • Focus on growing your own business

But if your company is still in on-prem mode, getting to a point where you can enjoy them can seem like a daunting task. Don't worry - you're not alone. Others have made the journey before you.

Like all major undertakings, digital transformation comes with risks. Here are four of the most business-critical ones, and some food for thought as to how you can manage them.

1. Critical workloads and downtime - during and after transformation

Your on-prem solution probably isn’t perfect in terms of uptime; few solutions are. It’s likely that you originally went with on-prem because it offered the most control over fault situations and you trusted your staff to handle it. If that’s the case, then it’s no wonder if a managed cloud seems like a downtime risk.

Let’s look at the numbers. When you consider how critical the service you provide is for your customers and partners, how much downtime is an acceptable amount? What is the point at which the number of users starts to go down? Your analytics department will be able to give you an idea of the timeframes you have to work with.

The relevance of those figures is twofold. Firstly, there may be outages during the initial process of moving to the cloud. You need to figure out how to keep the uptime at tolerable levels during the transformation process, through the migration of data and workloads, the reconfiguration of apps and so on.

Secondly, no cloud service has 100% uptime; even the best providers sometimes have outages. The good news is that it’s no longer your responsibility to fix it. And with that transfer of responsibility comes three magic letters: SLA. When your service uptime doesn’t match expectations, it’s the provider who takes the financial hit. (But don't rely on it too much, because it's your company whose reputation suffers in the eyes of the consumers. Pick your cloud partner carefully.)

Note that an SLA doesn’t mean you should just shove the whole responsibility onto the shoulders of the service provider and then forget about it. You will need to configure your own application so that it uses the provider’s resources in a sensible, sustainable way.

And finally, update your disaster recovery plans to reflect the new reality.

2. Contractual and legal risks

A cloud infrastructure provider offers a more or less standardized service that may include various customizable or purpose-built elements. This standardization is what allows them to achieve economies of scale, and what gives you a predictable, transparent view of your expenditure. This is why cloud contracts are also standardized, and you should study them with this consideration in mind.

When examining the service provider contract, take note of the jurisdiction that is specified for conflict resolution. Services are global, but contracts much less so.

Cloud storage of data involves an interesting legal conundrum. Data is subject to the local laws of the country where it’s physically stored, but data processors and controllers operate under the laws of the country where they receive the data. There may be inconsistencies in these two legal codes. Whatever your particular case, you should arm yourself with an understanding of the implications.

You should also remember that since most laws were written in the times before the internet, let alone managed data infrastructure providers, the legal framework is likely to be updated in the coming years.

3. Sensitive data and security in the cloud

Maintaining data security, confidentiality, AND availability is a tall order, and the related risks are great. How can you control what happens to your data and who has access, if the supply chain passes through public cloud providers?

The fact is that data breaches happen less frequently in the public cloud than they do in on-prem or private cloud environments. Public clouds are run by dedicated companies with armies of experts. They have the latest know-how, the latest tools and the best training to keep your data safe, and they sport the appropriate certifications. The risk of human error is minimized.

If your cloud access is configured appropriately, it’s also safer to share data via the cloud than it is to use a physical medium like a USB stick.

That being said, the user of a public cloud database service must absolutely keep security in mind when selecting a provider. Here are a few questions you should look for answers to:

  • Who generates, holds and distributes the encryption keys? Where does encryption happen? Is data encrypted both at rest and in motion?
  • Is personal data anonymized and encrypted?
  • Can you set access levels freely?
  • Where are the provider’s data centers located? How has the staff been vetted?

Always ensure that data is being processed and stored in accordance with the law. At the end of the day, the data controller - that’s you! - is accountable and liable for any breach, and also bears the brunt of negative publicity.

4. Keeping control of your own data

When moving from on-prem to a public cloud, you may easily feel like you’re handing over your data to the DBaaS vendor. It’s a natural reaction, and you should definitely listen to your gut with this one. You never want to lose control of your data.

It’s a sad fact, too, that unless you’re careful, you may find yourself in a lock-in situation. That’s when your data goes into a proprietary system and gets stored in a format where you can’t export it anywhere or even access it if you leave the vendor.

Ensure that you’re always able to move your data and workloads to another provider whenever you want to. The best way to avoid vendor lock-in is to use open source software and providers whose systems are compatible with the plainest vanilla open source.

Wrapping up

In this post we've looked at only four of the biggest issues you will run into when planning a migration from on-prem to a managed cloud service. That's not the end of the story - it's only the beginning. The more you dig, the more you'll find that the answers you're figuring out are answers you should perhaps have considered already.

It all goes towards getting your house in order - even if it means renting a storage locker and fitting some of your in-house mess in there, preferably in an organized way!

--

To get the latest news about Aiven and our services, plus a bit of extra around all things open source, subscribe to our monthly newsletter! Daily news about Aiven are available on our LinkedIn and Twitter feeds.

If you just want to stay find out about our service updates, follow our changelog.

Struggling with the management of your data infrastucture? Sign up now for your free trial at https://console.aiven.io/signup!

open mic