SIX Key Questions Every CIO Must Ask Before Cloud Migration

February 18, 2020 | by Krittika Banerjee | Posted In Cloud

Questions to Ask Before Migrating to the Cloud

As we enter the second decade of cloud computing, the rapid pace at which businesses are migrating their on-prem resources to the cloud continues unabated, with worldwide public cloud spending projected to grow from $229 billion in 2019 to nearly $500 billion in 2023, according to figures from IDC. However, migrating your application to the cloud can be a complex endeavor. The larger the business, the more complex migration may be, so CIOs should carefully examine the myriad factors that can contribute to a successful outcome. As a decision maker, it becomes important to ask yourself the right questions before embarking on your cloud journey.

1. What are your business goals?

As a CIO you need to first ask how the organization stands to benefit with the migration. This should include criteria not just for the IT side of things, but also the business purpose of moving to the cloud as well as how it aligns with the organization’s overall strategic direction. Without this exercise, various teams may end up misaligned about the success of your migration initiative. For instance, the business team might feel that the migration helped the organization achieve cost advantages, but IT could be disappointed because certain features (such as, autoscaling or one click server provisioning) that they needed were not implemented. It is therefore important to be clear about the context of cloud migration and then set goals for each team that fit within the context.

We recommend asking yourself what your organization truly requires from a cloud environment – is it a focused lift-and-shift of a single application or part of a wider strategy for digital transformation? In the above example, perhaps IT wouldn’t have felt the need for one-click server provisioning if the objective was simply to migrate a single application to the cloud in order to save some money on server costs. You’ll want to set clear benchmarks so that everyone can be aligned on when to consider your migration a success. It could be something tangible like faster application load time, a quantifiable increase in productivity or measurable cost savings, or it could also be something less concrete like improved customer satisfaction.

2. What will be the impact on IT and business performance?

Another key concern is whether the technologies enabled by cloud are compatible with your existing legacy applications and systems and how to minimize the disruption that such a move would entail. It’s a question of understanding your dependencies and priorities in order to promote business continuity and minimize disruption wherever possible.

To ensure business continuity, you should contemplate your disaster recovery strategy before commencing on your cloud journey. What would be an effective backup strategy and recovery plan if your cloud provider experiences a downtime or is faced with a disaster? Your service-level agreements (SLAs) should cover all the specifics on recovery point objectives (RPOs) and recovery time objectives (RTOs) and make sure they meet your needs.

3. What are the realistic costs?

While it is generally assumed that the cloud is automatically more cost-efficient, there are various factors that you need to take into account and without careful planning costs can quickly spiral out of control. If you simply map your on-prem resources to cloud instances, it might result in overrun of cloud budgets. Many on-prem data centers may be overprovisioned largely because there was no large budgetary penalty for doing so.

It therefore becomes important to properly rightsize your cloud instances based on actual usage, and then model what your cloud costs will be, as well as compare those costs across various cloud providers to find out which one can offer the greatest value for your business. It is also vital to understand how the services you are proposing to migrate to are charged for, and prepare a comprehensive business case.

4. Is your staff up to speed?

A successful migration involves bringing your people with you too – not just your applications. To keep things moving at the pace that you need, you may need to hire new staff or train members of your current IT staff and equip them with the required technical expertise to implement cloud projects. The specific training will depend on the type of projects and the size and existing skills of the in-house IT staff.

It is certainly helpful if you have personnel who already have these skills you need to address your business requirements and make sure that critical areas like security and compliance, managing costs, and governance are properly addressed.

5. How will you manage security?

Although the general consensus now is that cloud services are more secure than any approach you can adopt internally, it would be prudent to  avoid complacency and prioritize your security strategy. You should prepare to address your security concerns at the beginning of any cloud migration exercise, and not as an afterthought.

More often than not, security problems that occur are caused by users working on a perfectly safe cloud, but doing something that is not secure. Therefore setting up the right internal processes, particularly around staff, becomes an essential element of a robust security strategy. Continuous training for your staff, and constant refreshing of best practices to keep all internal teams up to date on data security and hygiene, are important.

It is important to understand that cloud security is a shared responsibility between your organization and the prospective cloud provider. Even if your cloud service provider (CSP) provides your entire cloud system — servers, systems, and applications — the onus for the security of your data wherever it is, whether it’s at rest or in transit, is still on you. You must pay careful attention to roles and responsibilities and understand what is expected to avoid any security risks.

6. How do you handle compliance requirements?

Related to security, compliance is yet another important consideration for most CIOs. You might need to store certain data in a specific region, based on the regulations that apply to your industry and/or country, or some data may not be deployed to the cloud at all. Ask prospective CSPs what compliance standards they adhere to – and if they have audit results to prove it. It is also vital to discuss whether sound controls are in place over system and data access. Your CSP should be able provide documentation that proves that they ensure separation of duties for administrative functions, showing the level of access that each user has and how those levels are maintained.

The above questions cover a lot of ground, but there are definitely other factors you should consider before cloud migration depending on your unique requirements. This is why it makes sense to find a partner with the right experience and expertise, plus the end-to-end services to help you both ask the right questions and define specific answers to match your organization’s needs.

To find out more, visit