A cloud readiness assessment is a process that helps you to understand your current IT infrastructure and identify potential gaps in compliance, security, and performance requirements. This blog post will provide you with guidelines for conducting an assessment of your company’s needs before moving to the cloud. It also includes actionable steps on how to complete this Cloud Assessment at your organization.
Steps of a Cloud Readiness Assessment
Scope and Business Cases for Migration
Decide which applications you will move to the cloud and
why. You can refer to your existing business cases for these decisions or
create new ones based on your company’s specific requirements.
Compliance Requirements
You must identify any compliance, security, privacy, or
other policy requirements that need to be met as part of an aws migration
process before moving files into the public cloud environment. These policies
may vary from industry-specific regulations such as HIPPA in healthcare
settings or PCI DSS for payment card data storage. Make sure that all
identified policies are supported by a current version of a Vendor Policy
Statement (VPS) from service providers you plan to use, along with an outside
review if possible. Additionally, make sure potential gaps between
organizational policies and cloud vendor policies are clearly identified.
Data Storage Requirements
You must understand where, how, and for how long your
company’s data will be stored in the public cloud environment before moving to
it There may also be specific storage needs that need to be considered, such as
encryption or availability requirements.
Determine Security Policy Compliance Requirements
Cloud security is a critical step in ensuring compliance
with internal standards such as NIST SP-800. Review all current policies on
information security at your organization, including any existing policies
around multi-factor authentication (MFA), user access controls, remote session
logging, etc., especially those related to physical presence at the time of
login. A gap analysis between organizational standards and potential service
provider policy options will help identify any potential security issues with
cloud service providers (CSPs).
Network Connectivity Requirements
Network connectivity is an important part of the migration
process because you must understand how your company’s applications and data
communications over the internet. You need to know which sites, subnets, or IP
ranges are currently in use by each application, along with current bandwidth
requirements for different types of information, such as voice/video
conferencing vs. email traffic.
Determine Performance Requirements
Performance can be measured in terms of various metrics
depending on your organization’s business needs, but it also includes
consideration for network latency, both internal and external to a CSP
environment. This may require actual testing performance under load conditions
within an isolated test environment before moving to the cloud.
Compliance Requirements for Data in Motion and Data at Rest
Data in motion refers to data being sent from one location
to another over a network connection, while data at rest is when your files are
stored on servers or disks within a CSP environment. Ensure that all
requirements around compliance, security, privacy, etc., have been identified
along with supportability of encryption standards for any required data-at-rest
policies such as HIPPA protected health information (PHI) protection under
HITECH.