6.23.22 – SIW – Mike Rulf
To avoid security problems down the line, you should approach the migration process with a long-term outlook
More than 90% of businesses now use the cloud, up from 69% in 2020. But while most organizations recognize how the cloud can help, many are still hesitant to fully migrate to the cloud. In fact, only half plan to migrate 50% or more of their applications to the cloud in 2022. This plan leaves a significant portion of apps on-prem, which poses security risks and hinders the impact of digital transformation.
Splitting applications between the cloud and on-prem legacy platforms leads to inconsistent security policies and practices that make organizations more vulnerable to cybersecurity incidents. Even if organizations migrate their legacy apps to the cloud, they can still be at risk if they fail to update the underlying architecture. To reap the full benefits of cloud migration, your organization needs to modernize its legacy applications before attempting to move them.
The Problem with Legacy Applications
Although more and more organizations are transitioning to the cloud, nearly a third still rely on legacy apps. This decision makes sense on the surface. After all, upgrading all of your legacy applications is easier said than done — the average enterprise organization uses 464 custom apps.
But as time passes, continuing to rely on legacy apps can do your organization more harm than good. On-prem legacy apps and servers are difficult (and costly) for IT teams to manage. These apps’ data remains confined to a central location, which means organizations that want to scale up need to invest in more physical infrastructure. Aging hardware nearing its end of life is vulnerable to malfunctions. And from a security perspective, OS upgrades may not be available for that aging hardware or not be supported by the legacy application which means patches for well-known exploits are not available. This can lead to compromised systems, ransomware attacks, and natural risks like water damage in older buildings — events that could result in a permanent loss of data or exposure of sensitive data resulting in statutory fines or lawsuits.
Even if your organization splits applications between on-prem and the cloud, security concerns still apply. That’s because on-prem and cloud-based apps are managed differently. With on-prem apps, you have complete control. You’re responsible from the hardware up, installing firewall protections, setting user access policies and keeping track of security patches. But in a cloud environment, some of these activities are owned by the cloud provider who may mandate upgrade schedules, minimum software versions, and necessitate different tools to implement your security controls. Without a thorough understanding of which application belongs where this split can confuse your IT team and lead to costly mistakes.
Another problem with on-prem legacy apps is how little visibility organizations have into them. Many of these apps have been running for years and the individuals who developed and deployed the applications have left the organization. Over time, it’s easy to lose track of these apps’ firewall and IDPS rules, as well as how they interact with other IT systems.
For many organizations, the cloud represents an opportunity to digitize their operations and become more responsive to changing business needs. But if your organization leaves the majority of its apps on-prem — or fails to modernize these apps for a cloud environment — many of the benefits the cloud could provide will remain inaccessible.
3 Steps to Migrate and Modernize Legacy Apps for the Cloud
While organizations may be tempted to use the lift-and-shift method — where IT teams drop legacy apps into the cloud without any architectural changes — it comes at a cost.
The lift-and-shift method may be faster and less costly than other migration methods, but it can cause issues down the line because many functions in on-prem apps are built for specific platforms. Migrating the app without updating it for the cloud will leave it susceptible to unstable performance, security breaches and long-term governance issues. With 99% of cloud security failures falling on the organization, it’s your responsibility to adapt your organization’s apps for this new environment.
To avoid security problems down the line, you should approach the migration process with a long-term outlook. Even though a more in-depth migration process may seem like a headache now, consider how many headaches you’ll avoid down the line. Here are four steps you can take to set your organization up for a successful legacy app migration:
- Determine your migration method. As you modernize and migrate to the cloud, consider modernizing your apps by adopting a containerized architecture. Containers allow you to isolate specific pieces of code without affecting other functionality within the application. This enables you to update specific features or components of an app individually as opposed to all at once and helps you bake in granular security controls like authorization.
Containerization may require a different approach to vulnerability management. To get the most out of this method, you should incorporate security into your DevOps pipeline. This will ensure your apps are rebuilt with security top of mind.
- Minimize risk through proof-of-concept projects. Digital transformation feels like a daunting endeavor, but it’s more manageable when you begin with a series of proof-of-concept (POC) pilot projects. These projects are a low-risk way to plan how you’ll migrate a specific application in a controlled environment.
A strong POC pilot project will help you determine the feasibility of updating your app, the technologies to use for development and the goals you want it to achieve. It’s easy to misjudge the speed and scale at which you can migrate, these POC projects will help ground the process in reality.
3. Find the right partners. Cloud migration is a significant undertaking, which is why 74% of cloud migrations fail. The right partner, like a technology consultancy or professional services company, can help optimize your transition to the cloud and monitor its status over time.
When evaluating partners, look for prior experience in your industry and the cloud environment you’re interested in (public, private or hybrid). They should also be open to collaboration and offer a high level of customer service. As business goals change, your cloud priorities need to change as well. When this happens, it’s important to have an experienced, responsive partner to rely on to help facilitate any adjustments.
Cloud Migration Offers an Opportunity to Shore Up Your Security
Staying on-prem or opting for the lift-and-shift migration method will limit your organization’s agility and increase security vulnerabilities overall.
It’s true that modernizing your apps’ architecture for the cloud is more time-consuming. But without this modernization, your organization will be unable to take full advantage of the many benefits the cloud can bring and just carry forward (and add to) any existing security vulnerabilities.
When done right, modernization allows you to digitally transform your operations and achieve higher standards of security across the board.
About the author: Mike Rulf is the CTO of Americas for Syntax. Rulf is a seasoned executive with over two decades managing large technology organizations exceeding 500 individuals supporting product lines in excess of $250M in revenue. During that time, he has had continuous hands-on involvement in the design, installation, maintenance and extension of large, distributed software solutions as well as both Cloud Services and SaaS platforms.