Any IT migration program has its share of risks, and a data center migration is no exception. With many stakeholders involved and myriad complex moving parts, as you begin your data center assessment, a vital part of that will be identifying and mitigating potential risks
Without a risk assessment, there could be huge consequences for the business. Capital One was hit with an $80 million fine for failing to conduct an appropriate risk assessment before migrating data to the AWS cloud, leading to customer data being leaked online.
So, what should you be looking out for?
Migration goals: Do you have clear goals for your data center migration? Are you right sizing your IT environment to meet future business needs? Are you addressing ESG compliance requirements? Now’s the time to understand what you are supporting, what you no longer need, and what you could need for the future. You should also identify a way to constantly assess your progress against these goals, once the project is underway.
Incomplete/bad data: If you don’t know what makes up the current IT estate you can’t define your data center needs. A comprehensive assessment begins with accessing a holistic inventory of data center assets, including servers, applications, and databases, and who is accessing what.
Critical applications: Identifying the critical applications which you need to support is a must. Following a successful migration in 2018, TSB bank’s new platform experienced technical failures that affected all of its branches and many customers and resulted in a £48.65m fine. Talk to teams to identify critical apps.
Dependencies: A data center migration can’t be managed overnight but must be done in a phased approach. You’ll likely want to upgrade hardware and move certain teams first, but if you don’t understand interdependencies within your estate, you’ll encounter issues, such as disrupting access to critical business applications.
Regulatory requirements: What data center regulations are applicable in the countries you operate? Are there any data handling requirements or regulations for your company or industry? By understanding these you can identify what can be migrated to a cloud data center and what must remain on-prem. The $80 million fine was issued to Capital One because ‘unsound practices resulted in noncompliance with Interagency Guidelines Establishing Information Security Standards’.
Cloud Service Provider Security: If you’re moving to the cloud, by assessing cloud service provider offerings you can identify gaps or weaknesses that could put data at risk and will ensure you move to a cloud provider or providers that align(s) with your needs.
You should also assess cloud service providers’ capabilities for meeting current or known future regulatory requirements. Finance companies in Europe, for example, should look to those providers that are preparing for the Digital Operations Resilience Act (DORA).
Critical Business hours: Plan the time of the migration by understanding critical business hours to avoid when any disruption will not be tolerated.
Finding out what you don’t know is no small feat, particularly if you are using manual processes. This means trawling your IT discovery tools, CMDBs and other systems of record and data held outside of IT such as identity management databases and aggregating data into a single source of truth. Then it’s a case of chasing missing data by surveying applications owners and other teams to identify endpoint dependencies. To understand future requirements and business needs you’ll also need to work with business managers and stakeholders.
Many companies use workshops and manual processes for data discovery. These take time – months to years in some cases – and effort to manage. This adds delays to your migration program. Correlating the data manually via spreadsheets also increases the risk of data errors.
Using a digital platform conductor (DPC), a tool highlighted in four Gartner hype cycles you can ditch the manual process and use automation to cut the time and cost of your risk assessment. A DPC does this by:
to understand how ReadyWorks, a digital platform conductor, can help you streamline your data center migration risk assessment.