The idea of this article is share some experiences and lessons learned about Digital Transformation after different projects from our professional services. We had the opportunity to work for industries where the culture is different and where each customer have their own challenges, strengths and weaknesses.
The cloud ☁️ is here from too many years ago, but during few years ago, offering good opportunities for different business, from startups to big companies, at the end the cloud is giving an equal opportunity no matter what is your size. For startups the cloud is a key partner to deliver services, with world class level of quality and SLA, and for big companies, the cloud is a way to offer world class services with some efficiencies and a more resilient model.
To have a good transition to the cloud, a well defined strategy is a key aspect, to have a good identification about how many services you want to move to the cloud, how many assets are involved and also which kind and amount of data is into the scope. Something really good to identify is how many risk you have (today), to start the risk treatment involving stakeholders, because the cloud will mean risk also.
This kind of project need the involvement of a team, with different roles, but as minimum should be part of the team, the Data Privacy Officer (DPO), the Legal Council, the Security Architecture team, the Cloud Architecture team, the developers, the IT owner of the assets involved and Ex-Com members who should approve/reject proposal and risk treatment results and Go Live 🏁
Is not part of the main interest of this article, but if you don’t have an accurate and updated inventory of assets, the digital transformation will be another (and maybe the last one) opportunity to have it. At least you should have trusted documentation with 100% of coverage about the services that you want to migrate (if you don't have good knowledge of the environment, this mean more risk ⛈).
As part of the research before to start any migration, you should know how the service is interacting with other services and components. For this reason the discovery about how the service is working, how is connected, contacted from other services and where each component is located, will help you to prepare a full picture 🗺. In the middle of the migration is not the good moment to have a surprise or ask for documentation 📚.
As any other important project the documentation is a must, it’s a common boring topic, but not least important. If the company have into the culture the documentation of the critical topics, so you will have a good starting point, but if you will start from a blank page, so maybe is a good opportunity to (at least) create documentation with the most important topics (aligned with the roadmap 🛣).
After the project approval, something which is key is the discussion about security requirements to be in place, during the lifecycle of the project and then, as part of the daily operations. These security requirements should be defined considering: architecture, development, implementation, operation and monitoring.
About security requirements, something to be discussed before should be, the cloud model and the cloud vendor, because those aspects have a direct impact in the security features and the governance for the day after.
For a good migration to the cloud, you should have into the team people with a good knowledge about the cloud vendor features and capabilities available, even this should be covered with some PoC to define what is the best approach based in your needs before to take any decision. So, the decision about the best proposal should include business needs, compliance requirements and security.
From a technical perspective for being ready for the challenge of being digital, the application should be redesigned to work with containers and microservices, it’s not the only way for a digital transformation, but is the best. Is not the aim of this article go deep on this topic, but you have a different approach into the cloud vendor to manage containers and define microservices, even the microservices aren’t needed for all the functions, but yes for at least for the most important or critical ones.
For being prepared to go to the cloud, after the definition of the best cloud vendor and model, the scope of applications need to be defined. As part of the scope, one of the main task should be review any GAP about what is required by the cloud PaaS model and the current architecture of the applications into scope. For example, some questions that you should make are: