When it comes to Azure, I’m a big fan. It’s just about unbeatable when it comes to getting to market quickly.
But I’m also a realist. Five years of building and migrating applications to Azure have given the team here at Parallo plenty of visibility of pitfalls some companies run into when migrating to Azure. We know that no matter how good Azure is, jumping in blindly won’t be a pleasant experience. Getting it wrong can compromise your security, performance, availability and cost - the four critical pillars of operational excellence that Parallo aims to optimise.
One of the benefits of cloud is the ease with which you can spin up new offerings. Unfortunately, it’s also one of the pitfalls you need to be mindful of because it can be an issue on both the cost management (which we covered in my previous post), security and data governance sides.
Say one of your team is creating a new service and wants to test it. They may spin up a virtual machine and use production data to test if the service does what they want it to do.
They might need remote access to the server, so they configure it to receive remote access requests, but if they do that in an incorrect manner, it could enable others to also access the server remotely and increase your attack vectors.
It’s a common myth that because you’re moving to cloud, whether it’s Microsoft Azure or any other service, the cloud provider has already done everything for you. The reality is, they’re just providing the platform. You still need to do design work to make sure the system will be highly available and secure. Security in public cloud is a shared responsibility.
There are plenty of tools within Azure that will detect and alert to issues such as potential security problems. Say that developer testing a new service hasn’t secured it properly or used a weak password. Leveraging Azure Security Center, Azure can detect and alert on things like that. And that leads to another pitfall…
Something that is very common, not just in Azure but across the board, is people putting monitoring tools in place but not actually looking at them. It’s all very well to have great visibility of what is going on, but if no one is paying attention to the alerts, it’s all rather pointless and the issues will remain.
Another common issue we see is that companies go so granular with the alerts that they become a torrent of information which people can’t sift through to find the important things among the non-important and they lose the signal in all the noise.
There are new features coming out in Azure every week and in many cases they’re cheaper, more secure and just plain better than previous features. But while it’s important to stay across all the new developments, that’s hard to do so when running a business.
At Parallo, it’s our job to be across new features and to be the context filter between Azure and our customers, ensuring they know of developments that might be meaningful for their business and how they can be applied to make them more secure, cost effective or provide a better customer experience.
As well as being a Microsoft Gold Partner we’re part of the Azure Management Elite Program. It’s a group of just 60 or so partners worldwide (out of hundreds of thousands). As part of the group, we get early access to new features, access to the product engineering people, and we also contribute to the shape of new features, providing input on what’s working and what isn’t.
No cloud provider can guarantee 100% uptime. There will occasionally be hiccups, so if your application needs very high levels of uptime, you need to ensure you design your application to be resilient, just as you would for on-premises applications.
Another common issue we’re seeing is companies approaching Azure with traditional network thinking, approaching solutions in the way they’ve always done them, trying to fit traditional models into the cloud world. In many cases, they’ve come to us because the solution hasn’t worked, and we’re helping them migrate to a better, more cloud-native solution.
Cloud changes some of the requirements and enforcing traditional IT models on cloud services can add complexity and create bottlenecks that can affect performance, availability, cost, and potentially security.
Most of these pitfalls come back to one key thing: A lack of governance and frameworks.
When we’re working with clients on Azure migrations, governance is at the forefront of what we do. Setting out from the start who can do what, who has the right to turn things on and who can see data is critical and can ensure that security, performance, availability and cost are always optimal.
A layer down from that, it’s also important to have standards, such as naming, grouping and tagging standards to identify resources, what they’re used for and who has access to what.
We’ve seen organisations who have never had naming conventions and the like in place and it’s all just a big bowl of spaghetti in terms of what they have running, where and how. And it’s near impossible to manage. They might know they have a service running, but don’t know who turned the object on or why, so they’re scared to turn it off because they don’t know what might happen. You might laugh, but that’s not actually an uncommon scenario.
With more than five years’ experience building and migrating applications to Azure, we have plenty of experience of the pitfalls and ramifications of not having governance and management in place. It’s enabled us to create several frameworks to ensure a very structured approach to migrations.
Our Parallo Application Framework engagement leverages the Microsoft Cloud Adoption Framework which enables organisations to have a predefined method for consuming Azure safely.
We also offer a mature Azure Managed Service offering to proactively manage your Azure footprint, where we leverage an application called Parallo Runtime. A collection of five years of IP from managing Azure, Runtime is about knowing what to do when something happens. It automates enhanced scaling and scheduling services to shut down, it also has automated corrective actions to ensure performance and availability are always met for our customers. It’s an integral part of managing Azure comprehensively, while minimising the human cost. Runtime can manage bespoke automated processes to ensure our customers’ customers user experience continually improves.
If you want to find out more about how proactive governance and management can ensure your security, performance, availability and cost will always be optimised, please get in touch!