Before You Migrate Critical Applications to the Cloud
Organizations are migrating their IT infrastructure to “Infrastructure as a service” (IaaS) cloud platforms. This may be to move some, most or all on-premises systems to the cloud. Mission-critical applications (i.e. ERP, CRM, SCM, HCM) such as SAP and Oracle EBS are increasingly falling under the scope of migration projects. Regardless of the scope and scale of a migration, there are common considerations that must be taken into account to ensure a smooth and successful migration, which in most cases also becomes an accelerator reducing timeframes and bringing milestones sooner. Migrations are often gradual and not just flipping a switch; as such, organizations must often maintain both on-premises and cloud deployments for some amount of time until the migration is complete. In this post, we’ll explore some considerations for cloud migrations that help ensure success.
First, Assess Where You Are
It’s difficult to reach a destination without first getting your bearings and knowing where you are. This applies to a range of scenarios, from finding your way in the woods, to moving from an apartment to a new home. What is your starting point? In which direction are you headed? What possessions do you have with you now? What are you taking with you?
Doing an inventory and status check will help with key decision making. When changing residences, we often ask ourselves questions like: Do I need to bring this with me? When was the last time I used this? Will this serve a purpose in the new place? Will this fit or is it necessary to move this appliance? We go through this line of questioning to make a more efficient move and to have something closer to a “fresh start” when we get to our destination. You might opt not to bring an air conditioner with you if the new location has central air, while the table you own now could serve the same purpose in a new home, a new, larger one would be better suited to scale.
The same principles apply to migrating an on-premises system housing your mission-critical applications to the cloud. Without knowing the current status of your system, migrations quickly become inefficient and overwhelming. What data is being moved? What regulations or data-residency mandates govern you now? Does that change in the cloud? What is the current health of your system? Are there patches yet to be applied? Similar to moving things in boxes, it’s easier to move an organized and governed system rather than one that is out of date and in need of security and/or configuration hygiene.
In the Onapsis Platform, the Assess capabilities bring insights to your mission-critical applications providing answers to many of the above questions. Whether you’re on SAP or Oracle E-Business Suite (EBS), Assess will discover and inventory your applications and systems alike, deliver status reports on vulnerabilities, misconfigurations, critical authorizations, integrations and patches, allowing you to identify what needs to be actioned and prioritize an order for remediation. A safe and successful cloud migration relies first on knowing where you are, knowing what needs to be done, and crucially, how you will maintain this organization post-migration. Assess is available for both on-premises and cloud deployments, to give continuous updates on the status of your current and destination platforms.
Have Control of Your Processes and Workflows
During your move, you also want to make sure what you packed away, arrives in the same state after transport. Did everything arrive as expected? Was anything modified? These principles again apply to cloud migrations.
On-premises mission-critical applications often incorporate custom and 3rd party code to suit the specific business needs of an organization. Even when these are reviewed at initial deployment, they’re rarely continuously monitored for non-compliant changes or reviewed for efficiency. Do you know the current status of your custom code base? Is there legacy code in your system no longer in use and not receiving updates? Do you have confidence that configurations are not drifting out compliance to your standards on production systems to create unforseen vulnerabilities?
The Control capabilities of the Onapsis Platform can analyze custom code to assess for quality and lock down the change cycle to ensure only approved code changes are made and updates that may bring your organization out of compliance don’t make it to production. This code cleanup and change assurance brings confidence to the migration process, ensuring what is being moved over is in good standing. Additionally, Onapsis provides inspection capabilities into SAP transports to ensure what is going into production is what is supposed to be imported without errors, vulnerabilities or malicious intent. And, when in production, Control capabilities from the Onapsis Platform can help you lock down critical configuration settings to prevent detrimental configuration drift.
Protect Current and Future Compliance
Houses and condos have different sets of responsibilities for their residents. A homeowner may be responsible for maintaining nearly everything on their premises, while moving into a condo might share some responsibilities with a management company. But just because many services and amenities shift to a management company, does not absolve the resident from all responsibility.
Similarly, migrating to a cloud environment might migrate your data, but it doesn’t migrate responsibility of compliance to the cloud operator. Cloud platforms have a “Shared Responsibility” model for security and compliance. A data breach in the cloud still carries major repercussions for the organization that owns the data, not just the service provider. That is because the ownership of the data is always on the company, and not the cloud provider, irrespectively of which cloud service model the organization consumes.
Managing two separate systems during migration is burdensome. Comply in the Onapsis Platform helps automate collection of audit data to help streamline this process. Many organizations spend countless hours collecting data for review, doing this on a second system only increases this time. Comply capabilities will give you visibility into your compliance posture and enable you to automate the process of testing and validating IT controls to maintain a state of continuous compliance.
Defend Your Systems Before, During and After Migration
A standalone house will have different requirements than a building with many units to be properly secured. A lock on the front and back door might be sufficient for a house, but a building with many units needs to control access to common areas and individual units. And, if a malicious actor bypasses your perimeter locks, do you have internal surveillance to monitor your home and protect your most critical assets?
Cloud architecture differs from traditional on-premises systems, and differs between each IaaS provider. Therefore, security solutions will look different in each environment. Many solutions focus around firewalls and network protection. However this is not the only attack vector that can be used to exploit back-office systems. As such, continuous monitoring is needed on these platforms to look for exploitation of unpatched systems, privilege misuse, anomalous activity, and indicators of compromise (IoC). The Defend capabilities of the Onapsis platform provides continuous monitoring for on-premises, cloud and hybrid deployment models. This capability provides peace-of-mind protection even when your perimeter defenses are compromised. You must keep your most critical applications and data protected from at all times from the both internal and external threats regardless of where it resides.
Use this Time to Your Advantage
While the primary focus of this post is to concentrate on considerations for cloud migrations, it’s important to recognize other benefits of going through this process. Getting your systems in order, code cleaned up, automating audit processes and defenses set up to protect your systems will make for an easier system to maintain moving forward. A cleaned up code base is easier to build upon as projects expand. Take this time to also assess future projects. Are there actions you can take during cloud migration to better align for other migrations in the future? SAP customers eventually migrating to S/4HANA may want to use information gathered during their cloud infrastructure migration to plan for a future HANA migration. The goal is to have confidence in your migration project so you can accelerate the process and ensure a secure and compliant posture when complete.
If you are unsure of where to start, request a complimentary Cyber Risk Assessment to gain insights into the current security and compliance status of your SAP or Oracle EBS mission-critical applications.