Sidestepping common cloud migration pitfalls

Not identifying the right apps or level of vendor support, and focusing only on virtualizing hardware stack, are some common migration mistakes companies commit as they jump on the cloud computing bandwagon, industry insiders noted.

Rex Wang, vice president of product marketing at Oracle, said one of the common pitfalls companies make is the belief that they are cloud-enabled once their hardware layer is virtualized. Many companies are currently investing in virtualization technology as it is an "important enabler" for cloud computing to create the environment for sharing of compute resources and flexible application deployment, he noted in an interview.

The benefits of having a cloud infrastructure alone "are limited" and will eventually reach a point of diminishing returns because it "does nothing to minimize heterogeneity and complexity" at the platform and software layer, Wang pointed out.

Organizations should recognize that virtualization is "only part of the solution" to streamline siloed, heterogeneous data centers, he added. He urged companies to consider a comprehensive cloud migration strategy that would encompass the full stack of cloud applications, platform and infrastructure and the lifecycle component, including cloud application development and management, security and integration of legacy systems.

Wang said: "There is greater value in providing a standardized, shared and elastically scalable cloud application platform, which includes middleware and database services, [rather than sharing compute resources at the infrastructure level]."

Offering a slightly different perspective, Suhas Kelkar, CTO of BMC Software Asia-Pacific, noted that setting up the cloud is only the beginning. Once the underlying hardware layer is virtualized and cloud-ready, companies need to employ systems that will help them monitor and operate their cloud resources, he said.

"Without a tight, close loop of monitor-and-operate, companies are likely to fail in their cloud deployments," Kelkar cautioned.

Not all apps suited for cloud
With regard to migrating applications, Mark Smith, managing director of Asia at Savvis, pointed out that not all applications are suited for cloud environments and this is something enterprise customers tend to overlook or disregard. He suggested that companies take time to conduct "application migration and implementation".

Oracle's Wang agreed, adding that in order to holistically address the issue, IT departments should relook how custom apps are developed for line-of-business users. Elaborating, he said rather than build an app each time the business units request for a specific function, companies should create shared libraries of "composite apps" that users can just pick and choose to build the app they need on their own.

"The traditional method of custom-building apps for business users is inefficient and requires constant reinventing of the wheel," explained the Oracle executive. "With the shared library system, cloud benefits such as self-provisioning and chargeback can now be realized."

Rethink security
Smith also highlighted that security concerns continue to be one of the biggest barriers to cloud adoption, according to a Vanson Bourne study commissioned by Savvis in March this year.

This was echoed by Frost & Sullivan Asia-Pacific's research director for ICT practice, Arun Chandrasekaran. In an e-mail to ZDNet Asia, he said the "first and foremost challenge" for companies migrating to the cloud is to handle the issues surrounding security and privacy.

"Organizations need to make sure the applications and data in the cloud are secure. IT decision-makers also need to ensure their continued adherence to regulatory compliance through a thorough evaluation process," said Chandrasekaran.

Wang noted that security components are typically found in apps but these are "not efficient" or enough in today's security climate.

Instead, he reckons incorporating both security and management functions in a centralized system, which will provision the security parameters and protocols once apps are "connected" to it, is a more effective method of securing one's cloud environment.

As for organizations which are using public cloud services, Smith suggests taking a hard look at the cloud provider's security practices based on key industry metrics in areas of operating system management and identity access management, for example.

Get right support
Ker Wing-Dar, general manager for Asia-Pacific and Greater China at Microsoft's customer service and support department, also pointed out that because cloud computing is still relatively new and issues of privacy, security and regulatory compliance have not been addressed fully, companies need to have the right level of support from their cloud vendors.

"It's very important for vendors to work closely with companies during the migration stage as many underestimate the time and resources need," he noted. "This process is not just about training on the platform but also involves many internal processes and tools.

"It would be disastrous if a customer experiences an extended period of downtime [during the migration]."

He also noted that companies have the misconception that cloud offerings are a "switch on solution" whereby they can easily sign up for and just start using it. This might be true for individual users, but the process is more complicated for enterprises. As such, it is vital for customers to have the confidence that their vendors would be able to provide security and availability of data should hitches occur, he stated.

"Moving ahead, the competitive environment of cloud computing will be based on factors such as differentiated customer experiences, sustained relationships and enhanced communications [between customer and service providers]," Ker surmised.