top of page
The Application Migration Checklist

Firewall Change Management

The Application Migration Checklist

Asher Benbenisty

Asher Benbenisty

Short bio about author here Lorem ipsum dolor sit amet consectetur. Vitae donec tincidunt elementum quam laoreet duis sit enim. Duis mattis velit sit leo diam.

Tags

Share this article

10/25/23

Published

All organizations eventually inherit outdated technology infrastructure. As new technology becomes available, old apps and services become increasingly expensive to maintain.


That expense can come in a variety of forms:


  • Decreased productivity compared to competitors using more modern IT solutions.

  • Greater difficulty scaling IT asset deployments and managing the device life cycle.

  • Security and downtime risks coming from new vulnerabilities and emerging threats.

Cloud computing is one of the most significant developments of the past decade. Organizations are increasingly moving their legacy IT assets to new environments hosted on cloud services like Amazon Web Services or Microsoft Azure.


Cloud migration projects enable organizations to dramatically improve productivity, scalability, and security by transforming on-premises applications to cloud-hosted solutions.

However, cloud migration projects are among the most complex undertakings an organization can attempt. Some reports state that nine out of ten migration projects experience failure or disruption at some point, and only one out of four meet their proposed deadlines.


The better prepared you are for your application migration project, the more likely it is to succeed. Keep the following migration checklist handy while pursuing this kind of initiative at your company.


Step 1: Assessing Your Applications

The more you know about your legacy applications and their characteristics, the more comprehensive you can be with pre-migration planning.


Start by identifying the legacy applications that you want to move to the cloud. Pay close attention to the dependencies that your legacy applications have. You will need to ensure the availability of those resources in an IT environment that is very different from the typical on-premises data center. You may need to configure cloud-hosted resources to meet specific needs that are unique to your organization and its network architecture.


Evaluate the criticality of each legacy application you plan on migrating to the cloud. You will have to prioritize certain applications over others, minimizing disruption while ensuring the cloud-hosted infrastructure can support the workload you are moving to.


There is no one-size-fits-all solution to application migration. The inventory assessment may bring new information to light and force you to change your initial approach. It’s best that you make these accommodations now rather than halfway through the application migration project.


Step 2: Choosing the Right Migration Strategy

Once you know what applications you want to move to the cloud and what additional dependencies must be addressed for them to work properly, you’re ready to select a migration strategy.


These are generalized models that indicate how you’ll transition on-premises applications to cloud-hosted ones in the context of your specific IT environment.

Some of the options you should gain familiarity with include:


  • Lift and Shift (Rehosting). This option enables you to automate the migration process using tools like CloudEndure Migration, AWS VM Import/Export, and others. The lift and shift model is well-suited to organizations that need to migrate compatible large-scale enterprise applications without too many additional dependencies, or organizations that are new to the cloud.

  • Replatforming. This is a modified version of the lift and shift model. Essentially, it introduces an additional step where you change the configuration of legacy apps to make them better-suited to the cloud environment. By adding a modernization phase to the process, you can leverage more of the cloud’s unique benefits and migrate more complex apps.

  • Refactoring/Re-architecting. This strategy involves rewriting applications from scratch to make them cloud-native. This allows you to reap the full benefits of cloud technology. Your new applications will be scalable, efficient, and agile to the maximum degree possible. However, it’s a time-consuming, resource-intensive project that introduces significant business risk into the equation.

  • Repurchasing. This is where the organization implements a fully mature cloud architecture as a managed service. It typically relies on a vendor offering cloud migration through the software-as-a-service (SaaS) model. You will need to pay licensing fees, but the technical details of the migration process will largely be the vendor’s responsibility. This is an easy way to add cloud functionality to existing business processes, but it also comes with the risk of vendor lock-in.

Step 3: Building Your Migration Team

The success of your project relies on creating and leading a migration team that can respond to the needs of the project at every step. There will be obstacles and unexpected issues along the way – a high-quality team with great leadership is crucial for handling those problems when they arise.


Before going into the specifics of assembling a great migration team, you’ll need to identify the key stakeholders who have an interest in seeing the project through. This is extremely important because those stakeholders will want to see their interests represented at the team level. If you neglect to represent a major stakeholder at the team level, you run the risk of having major, expensive project milestones rejected later on.


Not all stakeholders will have the same level of involvement, and few will share the same values and goals. Managing them effectively means prioritizing the values and goals they represent, and choosing team members accordingly.


Your migration team will consist of systems administrators, technical experts, and security practitioners, and include input from many other departments. You’ll need to formalize a system of communicating inside the core team and messaging stakeholders outside of it. You may also wish to involve end users as a distinct part of your migration team and dedicate time to addressing their concerns throughout the process.


Keep team members’ stakeholder alignments and interests in mind when assigning responsibilities. For example, if a particular configuration step requires approval from the finance department, you’ll want to make sure that someone representing that department is involved from the beginning.


Step 4: Creating a Migration Plan

It’s crucial that every migration project follows a comprehensive plan informed by the needs of the organization itself. Organizations pursue cloud migration for many different reasons – your plan should address the problems you expect cloud-hosted technology to solve.


This might mean focusing on reducing costs, enabling entry into a new market, or increasing business agility – or all three. You may have additional reasons for pursuing an application migration plan. This plan should also include data mapping.


Choosing the right application performance metrics now will help make the decision-making process much easier down the line. Some of the data points that cloud migration specialists recommend capturing include:


  • Duration highlights the value of employee labor-hours as they perform tasks throughout the process. Operational duration metrics can tell you how much time project managers spend planning the migration process, or whether one phase is taking much longer than another, and why.

  • Disruption metrics can help identify user experience issues that become obstacles to onboarding and full adoption. Collecting data about the availability of critical services and the number of service tickets generated throughout the process can help you gauge the overall success of the initiative from the user’s perspective.

  • Cost includes more than data transfer rates. Application migration initiatives also require creating dependency mappings, changing applications to make them cloud-native, and significant administrative costs. Up to 50% of your migration’s costs pay for labor, and you’ll want to keep close tabs on those costs as the process goes on.

  • Infrastructure metrics like CPU usage, memory usage, network latency, and load balancing are best captured both before and after the project takes place. This will let you understand and communicate the value of the project in its entirety using straightforward comparisons.

  • Application performance metrics like availability figures, error rates, time-outs and throughput will help you calculate the value of the migration process as a whole. This is another post-cloud migration metric that can provide useful before-and-after data.

You will also want to establish a series of cloud service-level agreements (SLAs) that ensure a predictable minimum level of service is maintained. This is an important guarantee of the reliability and availability of the cloud-hosted resources you expect to use on a daily basis.


Step 5: Mapping Dependencies

Mapping dependencies completely and accurately is critical to the success of any migration project. If you don’t have all the elements in your software ecosystem identified correctly, you won’t be able to guarantee that your applications will work in the new environment.


Application dependency mapping will help you pinpoint which resources your apps need and allow you to make those resources available.


You’ll need to discover and assess every workload your organization undertakes and map out the resources and services it relies on. This process can be automated, which will help large-scale enterprises create accurate maps of complex interdependent processes.


In most cases, the mapping process will reveal clusters of applications and services that need to be migrated together. You will have to identify the appropriate windows of opportunity for performing these migrations without disrupting the workloads they process. This often means managing data transfer and database migration tasks and carrying them out in a carefully orchestrated sequence.


You may also discover connectivity and VPN requirements that need to be addressed early on. For example, you may need to establish protocols for private access and delegate responsibility for managing connections to someone on your team. Project stakeholders may have additional connectivity needs, like VPN functionality for securing remote connections. These should be reflected in the application dependency mapping process.


Multi-cloud compatibility is another issue that will demand your attention at this stage. If your organization plans on using multiple cloud providers and configuring them to run workloads specific to their platform, you will need to make sure that the results of these processes are communicated and stored in compatible formats.


Step 6: Selecting a Cloud Provider

Once you fully understand the scope and requirements of your application migration project, you can begin comparing cloud providers. Amazon, Microsoft, and Google make up the majority of all public cloud deployments, and the vast majority of organizations start their search with one of these three.


  • Amazon AWS has the largest market share, thanks to starting its cloud infrastructure business several years before its major competitors did. Amazon’s head start makes finding specialist talent easier, since more potential candidates will have familiarity with AWS than with Azure or Google Cloud. Many different vendors offer services through AWS, making it a good choice for cloud deployments that rely on multiple services and third-party subscriptions.

  • Microsoft Azure has a longer history serving enterprise customers, even though its cloud computing division is smaller and younger than Amazon’s. Azure offers a relatively easy transition path that helps enterprise organizations migrate to the cloud without adding a large number of additional vendors to the process. This can help streamline complex cloud deployments, but also increases your reliance on Microsoft as your primary vendor.

  • Google Cloud is the third runner-up in terms of market share. It continues to invest in cloud technologies and is responsible for a few major innovations in the space – like the Kubernetes container orchestration system. Google integrates well with third-party applications and provides a robust set of APIs for high-impact processes like translation and speech recognition.

Your organization’s needs will dictate which of the major cloud providers offers the best value. Each provider has a different pricing model, which will impact how your organization arrives at a cost-effective solution. Cloud pricing varies based on customer specifications, usage, and SLAs, which means no single provider is necessarily “the cheapest” or “the most expensive” – it depends on the context.


Additional cost considerations you’ll want to take into account include scalability and uptime guarantees. As your organization grows, you will need to expand its cloud infrastructure to accommodate more resource-intensive tasks. This will impact the cost of your cloud subscription in the future. Similarly, your vendor’s uptime guarantee can be a strong indicator of how invested it is in your success.


Given all vendors work on the shared responsibility model, it may be prudent to consider an enterprise data backup solution for peace of mind.


Step 7: Application Refactoring

If you choose to invest time and resources into refactoring applications for the cloud, you’ll need to consider how this impacts the overall project. Modifying existing software to take advantage of cloud-based technologies can dramatically improve the efficiency of your tech stack, but it will involve significant risk and up-front costs.


Some of the advantages of refactoring include:


  • Reduced long-term costs. Developers refactor apps with a specific context in mind. The refactored app can be configured to accommodate the resource requirements of the new environment in a very specific manner. This boosts the overall return of investing in application refactoring in the long term and makes the deployment more scalable overall.

  • Greater adaptability when requirements change. If your organization frequently adapts to changing business requirements, refactored applications may provide a flexible platform for accommodating unexpected changes. This makes refactoring attractive for businesses in highly regulated industries, or in scenarios with heightened uncertainty.

  • Improved application resilience. Your cloud-native applications will be decoupled from their original infrastructure. This means that they can take full advantage of the benefits that cloud-hosted technology offers. Features like low-cost redundancy, high-availability, and security automation are much easier to implement with cloud-native apps.

Some of the drawbacks you should be aware of include:


  • Vendor lock-in risks. As your apps become cloud-native, they will naturally draw on cloud features that enhance their capabilities. They will end up tightly coupled to the cloud platform you use. You may reach a point where withdrawing those apps and migrating them to a different provider becomes infeasible, or impossible.

  • Time and talent requirements. This process takes a great deal of time and specialist expertise. If your organization doesn’t have ample amounts of both, the process may end up taking too long and costing too much to be feasible.

  • Errors and vulnerabilities. Refactoring involves making major changes to the way applications work. If errors work their way in at this stage, it can deeply impact the usability and security of the workload itself. Organizations can use cloud-based templates to address some of these risks, but it will take comprehensive visibility into how applications interact with cloud security policies to close every gap.

Step 8: Data Migration

There are many factors to take into consideration when moving data from legacy applications to cloud-native apps. Some of the things you’ll need to plan for include:


  • Selecting the appropriate data transfer method. This depends on how much time you have available for completing the migration, and how well you plan for potential disruptions during the process. If you are moving significant amounts of data through the public internet, sidelining your regular internet connection may be unwise. Offline transfer doesn’t come with this risk, but it will include additional costs.

  • Ensuring data center compatibility. Whether transferring data online or offline, compatibility issues can lead to complex problems and expensive downtime if not properly addressed. Your migration strategy should include a data migration testing strategy that ensures all of your data is properly formatted and ready to use the moment it is introduced to the new environment.

  • Utilizing migration tools for smooth data transfer. The three major cloud providers all offer cloud migration tools with multiple tiers and services. You may need to use these tools to guarantee a smooth transfer experience, or rely on a third-party partner for this step in the process.

Step 9: Configuring the Cloud Environment

By the time your data arrives in its new environment, you will need to have virtual machines and resources set up to seamlessly take over your application workloads and processes. At the same time, you’ll need a comprehensive set of security policies enforced by firewall rules that address the risks unique to cloud-hosted infrastructure.


As with many other steps in this checklist, you’ll want to carefully assess, plan, and test your virtual machine deployments before deploying them in a live production environment. Gather information about your source and target environment and document the workloads you wish to migrate. Set up a test environment you can use to make sure your new apps function as expected before clearing them for live production.


Similarly, you may need to configure and change firewall rules frequently during the migration process. Make sure that your new deployments are secured with reliable, well-documented security policies. If you skip the documentation phase of building your firewall policy, you run the risk of introducing security vulnerabilities into the cloud environment, and it will be very difficult for you to identify and address them later on.


You will also need to configure and deploy network interfaces that dictate where and when your cloud environment will interact with other networks, both inside and outside your organization. This is your chance to implement secure network segmentation that protects mission-critical assets from advanced and persistent cyberattacks. This is also the best time to implement disaster recovery mechanisms that you can rely on to provide business continuity even if mission-critical assets and apps experience unexpected downtime.


Step 10: Automating Workflows

Once your data and apps are fully deployed on secure cloud-hosted infrastructure, you can begin taking advantage of the suite of automation features your cloud provider offers. Depending on your choice of migration strategy, you may be able to automate repetitive tasks, streamline post-migration processes, or enhance the productivity of entire departments using sophisticated automation tools.


In most cases, automating routine tasks will be your first priority. These automations are among the simplest to configure because they largely involve high-volume, low-impact tasks. Ideally, these tasks are also isolated from mission-critical decision-making processes.

If you established a robust set of key performance indicators earlier on in the migration project, you can also automate post-migration processes that involve capturing and reporting these data points.


Your apps will need to continue ingesting and processing data, making data validation another prime candidate for workflow automation. Cloud-native apps can ingest data from a wide range of sources, but they often need some form of validation and normalization to produce predictable results. Ongoing testing and refinement will help you make the most of your migration project moving forward.


How AlgoSec Enables Secure Application Migration


  1. Visibility and Discovery: AlgoSec provides comprehensive visibility into your existing on-premises network environment. It automatically discovers all network devices, applications, and their dependencies. This visibility is crucial when planning a secure migration, ensuring no critical elements get overlooked in the process.

  2. Application Dependency Mapping: AlgoSec’s application dependency mapping capabilities allow you to understand how different applications and services interact within your network. This knowledge is vital during migration to avoid disrupting critical dependencies.

  3. Risk Assessment: AlgoSec assesses the security and compliance risks associated with your migration plan. It identifies potential vulnerabilities, misconfigurations, and compliance violations that could impact the security of the migrated applications.

  4. Security Policy Analysis: Before migrating, AlgoSec helps you analyze your existing security policies and rules. It ensures that security policies are consistent and effective in the new cloud or data center environment. Misconfigurations and unnecessary rules can be eliminated, reducing the attack surface.

  5. Automated Rule Optimization: AlgoSec automates the optimization of security rules. It identifies redundant rules, suggests rule consolidations, and ensures that only necessary traffic is allowed, helping you maintain a secure environment during migration.

  6. Change Management: During the migration process, changes to security policies and firewall rules are often necessary. AlgoSec facilitates change management by providing a streamlined process for requesting, reviewing, and implementing rule changes. This ensures that security remains intact throughout the migration.

  7. Compliance and Governance: AlgoSec helps maintain compliance with industry regulations and security best practices. It generates compliance reports, ensures rule consistency, and enforces security policies, even in the new cloud or data center environment.

  8. Continuous Monitoring and Auditing: Post-migration, AlgoSec continues to monitor and audit your security policies and network traffic. It alerts you to any anomalies or security breaches, ensuring the ongoing security of your migrated applications.

  9. Integration with Cloud Platforms: AlgoSec integrates seamlessly with various cloud platforms such as AWS, Microsoft Azure, and Google Cloud. This ensures that security policies are consistently applied in both on-premises and cloud environments, enabling a secure hybrid or multi-cloud setup.

  10. Operational Efficiency: AlgoSec’s automation capabilities reduce manual tasks, improving operational efficiency. This is essential during the migration process, where time is often of the essence.

  11. Real-time Visibility and Control: AlgoSec provides real-time visibility and control over your security policies, allowing you to adapt quickly to changing migration requirements and security threats.

Related Articles

Azure Security Best Practices

Azure Security Best Practices

Cloud Security

Mar 19, 2023 · 2 min read

How to Implement a Security-as-Code Approach

How to Implement a Security-as-Code Approach

Cloud Security

Mar 19, 2023 · 2 min read

A secure VPC as the main pillar of cloud security

A secure VPC as the main pillar of cloud security

Cloud Security

Mar 19, 2023 · 2 min read

Speak to one of our experts

bottom of page