No matter how simple a cloud migration project might be, figuring out how to accomplish it is not always easy. Companies are increasingly tempted by the SaaS approach, which in itself is not surprising because these solutions offer many advantages. Indeed, the cloud has become an integral part of the landscape, winning over countless Information System Divisions (DSI) which are increasingly willing to externalize their security system. So what are the exact reasons for this?
Financially, SaaS is often advantageous because it consists in a subscription that is relatively easy to cancel. Time savings is another benefit of SaaS, because maintenance is managed directly by your PKI provider from a datacenter outside your company, meaning you no longer have to worry about logistical aspects, system updates or storage issues. By delegating some of your responsibilities, you make room for the expertise of your trusted partner!
Should your needs change, you gain in agility because your subscription can be easily modified, as opposed to an investment in equipment on company premises. The applications and services you use in the cloud are accessible no matter where you are, as long as you have a terminal and an internet connection.
Before migrating to the cloud, certain variables must be considered to make sure you ask the right questions at the right time. Below we have shared with you the three main steps you’ll need to take for a successful migration to the cloud.
Step 1: Define the scope of your cloud migration project
Deciding to migrate to the cloud is a step in the right direction, but before going any further, we recommend that you carefully plan each step of the process and define all of your needs. Start by asking yourself questions such as: What goal do I hope to accomplish by transitioning to the cloud? – What will the migration encompass: security aspects only, other transversal projects, links to other existing cloud-based tools…? – What impact will this change have on my teams and structure? – What is my budget? – What are my priorities?
Equipping a single company or an entire country are obviously two different things. In the latter, rollout quickly takes on huge proportions, but defining the project in both scenarios requires the same amount of effort, with the possible addition of a few variables to consider.
Project size depends first and foremost on whether you already have a trusted architecture. If you don’t, then let’s start there. Working with your trusted partner, you should identify:
- Project players: First, determine your project manager or IS security manager, depending on your infrastructure. This person, who may be an in-house employee or a subcontractor, is an essential information system player and one of the most important contributors in terms of your company’s security. Next, assign trusted roles based on the level of security to which the other identified contributors are assigned.
- Security-related risks and threats: Pay special attention to the security requirements of the information system and the other systems to which it is connected. List your procedures for accessing sensitive data, in order to identify potential intrusion and compromise vectors.
- Physical and virtual trust zones: Divide your information system to reduce exposure to attacks and the ensuing consequences.
The work accomplished upstream with your trusted provider will allow you to effectively determine identification and authentication procedures as well as administration rights. It also gives you an overview of the administration IS secure data exchange systems that best suit your needs. This preliminary assessment also helps you to better pinpoint your needs, so you can acquire the most appropriate solutions for your business.
Sample legacy trusted architecture migration with IDnomic
You now have a complete picture of how to roll out your cloud migration project. The next step is crucial to the success of your transition…
Step 2: Choose your trusted provider
A migration requires certain steps, and the underlying processes are not always easy to manage. That’s why it is highly recommended that you get support from a specialized service provider who will give you the guidance you need.
Partnering with a cloud service provider is a long-term investment. The partner’s strategy, financial stability and ability to accompany customers that are expanding internationally are aspects that should be considered from the very beginning of the partnership.
To avoid mistakes and choose the best trusted partner for your company, here are a few suggestions to help you make your decision. First of all, examine the experience of the cloud migration service provider. There are several ways to do this, but be sure to check whether they describe their SaaS offering on their website. The provider’s past customers are also proof of the quality of its services, all the more so if the provider in question has partnered with companies in the same sector as yours. Also try to find out what certifications the service provider has obtained.
For example, the required qualifications for a cloud migration service provider are compliance with the “RGS” French general security guidelines and eIDAS, a regulation concerning electronic identification and trust services, renewed annually following an audit of the provider’s platforms by LSTI, an independent French certifying organization. SecNumCloud, a set of standards issued by ANSSI (the French national IS security agency) in 2017, also contributes to this compliance, as it applies only to cloud IT service providers. Ideally, the products offered by the provider should also have proven credentials. CC EAL4+ certification offers a high level of quality assurance for civil applications. It is also the highest evaluation level attainable, and is recognized by all the signatories to the Common Criteria Recognition Arrangement.
You can also consider feedback from customers. If you know any, don’t hesitate to contact them and investigate questions such as: Did they maintain a good relationship with their provider? – Did the level of customer service meet their expectations? – Were they responsive when problems arose? and so forth. Another tip is to find out who the service provider works with. In this field, it is very common to maintain a network and collaborate with third parties. It’s a good sign when the provider in question is surrounded by leading industry players. Your best option is to contact a pre-sales team member who can present the most relevant solution(s) to you and identify the resources you’ll need to successfully carry out your project.
Since you want to switch to SaaS, it would be useful to know where your data will be hosted and the associated guaranteed security level. Most of the time this information is easy to find, but if it isn’t, ask your candidate partner directly. To give you an idea, datacenters are ranked according to their level of security: Tier 1, 2, 3 or 4.
IDnomic’s datacenter has a Tier 4-equivalent ranking, based on criteria issued by the French Caisse des Dépôts et Consignations, and features 24/7 on-site security surveillance by our technical teams. This is the highest guaranteed level a datacenter can obtain if it has several circuits for electrical supply and cooling systems.
By choosing a provider that has obtained certification for this high level of security, you benefit from the full guaranteed protection of your stored data. Servers that are stored in compliance with Tiers 4 criteria benefit from a redundant power supply – two processors – hotswap capability (a failed component such as a hard drive can be replaced while the server in question continues to operate).
Step 3: Prepare for the transition phase
Once the scope of your migration project has been defined and your PKI provider selected, but before you begin the migration, you should consider how this deployment will impact your company internally, especially the teams that will be affiliated with a new structure.
The secret to success lies partly in achieving perfect cohesion between the layers and business lines that are directly involved. It is crucial to accurately determine each participant’s role. Designate someone to be in charge of the cloud migration who will make functional choices and help spread the word to your users. Don’t hesitate to share important deadlines with all players involved, to ensure flawless coordination.
In addition, it is important to bear in mind that most of the time, we are afraid of the unknown, and so tend to stick to what we already know. This attitude can hinder your cloud transition project. That’s why involving all contributors from the outset of the project is essential! After drawing up an exhaustive list of needs, it is useful to involve these players when choosing your solution. Human and technical cohesion among teams is the cornerstone of a smooth transition phase. It would be a mistake not to take users into account.
This process not only provides an opportunity for your users to develop new skills, but is also the best way to alleviate their fears. You can hire new talents for this adventure while also giving everyone an opportunity to participate, which will help to speed up your transition to the cloud.
Good communication throughout the project is essential to ensure the buy-in and motivation of each user. You will have to take the time to assist and check up on the team regularly to ensure that systems are being properly used.
Lastly, training is another must for the everyday tracking of operations. IDnomic is a training organization certified by the Paris area DIRECCTE (regional department of companies, competition, consumption, work and employment), registered under number 11 92 19072 92. We offer a range of trainings designed to meet the needs of your users. This period of change management is what will contribute to the success of your project – don’t underestimate it!
Now you have an overview of how to roll out your migration project and the steps you should follow to make your digital transition a success. Good luck!
By Charlène Demaret