Thinking about cloud migration? What to consider
- Collaborate with other institutions; take the path already paved
- Do an independent risk assessment and focus your strategy
- Moving to the cloud gives you the ability to allocate resources differently
Institutions tend to fall into one of three phases of cloud adoption, according to Tom Dugas, director of Information Security and Special Initiatives for Duquesne University.
“The first category is cloud aware, where an organization is just thinking about moving to the cloud. The institution knows that the cloud is out there, but it’s not sure what it’s going to do with it or how to get started with cloud adoption. The second is cloud experimentation, where the institution starts to focus on one particular service—email, for example—to get to the cloud. The third is opportunistic cloud, which is where Duquesne fits. We look at cloud solutions as ‘what is the right opportunity?
My advice is, figure out where on that ladder your organization thinks it is, and then think about the considerations in each area.”
Dugas says that most colleges and universities fall into the group that is experimenting with the cloud. “What you want to think about is whether somebody has paved the path already. Higher education is rich in collaboration and opportunity, and we can use what a lot of other folks have done before us in cloud adoption without having to reinvent the wheel. Take the path already paved. Use what you can from collaborative efforts.”
Despite the collaborative nature of higher education, some institutions still have cloud security concerns. According to Dugas, however, “Going to the cloud doesn’t change your risk strategy: It just helps you focus on different aspects of it.” For example, “The important things to think about in cloud computing risk strategy are identity and access management (IAM). What is the authentication method? What kind of authorization do you use? Can you federate it? Does it work with your existing integration and existing IAM points?”
Dugas says many institutions also worry about their data. He suggests asking questions such as, “What kind of data are you looking to host in the cloud, and how will you secure those data? Are you using single tenant or multitenant? Will your data be spread out across multiple data centers across the United States or even in foreign nations?” He advises, “Don’t be afraid to ask those questions about your data.”
He also suggests that new cloud users also look inward, especially when it comes to risk assessment. “Higher education is a really great collaborative area,” says Dugas, “but I think it’s important to conduct an independent risk assessment. Don’t assume that that assessment will turn out the same as the next institution’s.”
Dugas cautions that institutions won’t necessarily need fewer resources. Instead, you may find that you use existing resources differently. “You may add resources or change resource assignments to have more systems analysts, business analysts, and integration experts rather than system administrators, database administrators, and network engineers. You switch it around a bit to focus more on all the key touch points between your cloud systems and your current systems on premise as well as your user community.
Moving to the cloud gains you elasticity. It is not always a cost savings, but rather it gives you the ability to allocate resources differently.” These resource allocations often allow for new initiatives that can enhance the competitiveness of the institution or enhance the mission, which directly adds business value.
Thomas Dugas, CISSP
Assistant Vice President/Chief Information Security Officer(CISO)/Adjunct Professor Cybersecurity at Duquesne University
As the Assistant Vice President and Chief Information Security Officer (CISO) at Duquesne University, Tom oversees a comprehensive, unified information (cyber) security program for Duquesne University that includes detection, prevention, incident response, and cyber security awareness. He is also responsible for Identity and Access Management and Data Governance. Tom is also an Adjunct Professor of Cybersecurity in the McAnulty College of Liberal Arts.
To help you plan your journey to the cloud, please visit our Pathways to the Cloud page.