The Top 3 Cloud Mistakes
Here we highlight the top 3 cloud mistakes we see when we review customer environments. We will look at some of the resulting problems caused by sub optimal cloud adoption and how to address them.
The Most Common Scenario
Many organisations start their cloud adoption journey without proper planning or training. This is usually due to an immediate requirement to implement a particular solution quickly. Using this method and diving in head first causes problems with the ability to scale properly in the future and more. Sometimes implementation teams have had a bit of training but no real experience. The result of this is usually far worse than someone with no experience! There really is a lot of truth in the saying, “just enough knowledge to be dangerous”. We have created this article with the top three cloud mistakes that usually arise due to the above scenario.
Follow the Framework!
The various cloud vendors have frameworks in place to follow. These frameworks should be used for a smooth best-practice implementation. However, the frameworks are often very detailed and contain a LOT of information, and so it can take time to go through and learn. Vendors also provide accelerators and assessment tools to help customers get moving quicker and usually provide a good baseline and starting point. The framework we use for our cloud implementations is the Cloud Adoption Framework for Microsoft Azure also known as the CAF. Full details of the CAF can be found at https://aka.ms/caf
Train Up or Get Help
The only way to implement a cloud platform properly and avoid the mistakes shown below are to train internal teams or even create a “Cloud Center of Excellence” (CCoE) or to work with a partner as part of that CCoE. However, the quickest and safest way is to work with a trusted partner who has already learned the hard way and has the scars to prove it. We will create a separate article on how to find the right cloud partner for you soon.
Mistake 1 – Lack of Strategy and Planning
Create a proper strategy and a plan that includes, but is not limited to, the following points:-
- Understanding motivations, stakeholders and required business outcomes
- Understanding Responsibilities and accountability (RACI Matrix)
- Organisational alignment (e.g. CCoE) and partner selection
- Skills gap analysis and planning
Failing to focus on the above non-technical aspects of a cloud adoption journey can lead to problems in the future. Problems can include no persons taking responsibility for the platform or solutions running in the cloud. Inadequate understanding of the business and technical requirements and aspirations. No cloud strategy alignment within the organisation which leads to poor (or no) adoption.
Mistake 2 – Poor Foundations
Without the proper cloud foundations, organisations will often face problems in many areas, such as lack of security, proper management and maintenance, and inability to scale to name a few. Therefore it is really important to take the time to think about how the platform will be implemented and managed overall. This should also include planning for initial workloads and user testing. The core foundation of a Microsoft cloud platform is generally called an Azure Landing Zone. This includes the design of the Azure resource structure as well as governance and security, networking and a lot more. The good news is that cloud vendors like Microsoft provide guidance and even templates and accelerators for adoption. Like anything, it helps if you understand the technical aspects to know if the end result will match your requirements.
Many Microsoft partners provide Azure Landing Zone implementations, but note that not all landing zones are equal! We will also do an article shortly on what a good landing zone should look like.
Risks Caused by Poor Foundations
- Lack of governance and security controls
- Nothing in place to stop users from running free on the platform
- Risk to running services
- Huge security risks if no controls are in place
- Increased costs if users have the ability to deploy and configure resources without any controls in place
- Poor network and user access controls
- Untrained users may cause unintentional (or intentional!) damage
- Real risk of unauthorised internal or external users
- No proper monitoring
- Limited view of what’s going on in the environment
- No one knows if something fails
- No agreed process for updating the environment or services
- Outdated and unsupported software and platform-level features
- Incorrect structure and networking (most common issue)
- Difficult to scale in the future
- Incorrect structure and setup of the Azure AD tenant or subscriptions make it very difficult to manage (or fix) and govern the platform.
- Nothing in place to stop users from running free on the platform
Here are some of the design areas that must be considered for an Azure Landing Zone.
Mistake 3 – Going with the Defaults
The final thing to mention are some of the issues caused when users go to a cloud portal and create resources with the default values. Using defaults can make it difficult to alter and correct configuration later on. Without proper planning and design, the default settings could just be plain wrong! The defaults are usually designed for people to get up and running quickly, and therefore very basic and standard settings are applied. There usually isn’t even a full set of configuration options available in a portal compared to what one can configure in code. And so the configuration is set up for ease of connectivity (from the internet! Security risks) and standard or high-performance (cost risks).
A common example we see is organisations creating virtual networks with a default of (65,000) IP addresses and then creating more of these networks with the same IP addresses. When they then go and try and connect the networks to each other or to on-premises networks, they can not, as the address spaces match or overlap. So a proper network design is required here and should be done in coordination with the network team, who can allocate proper IP ranges for the cloud platform.
Other issues can arise without proper guardrails in place, such as users leaving ports open from the internet into network resources. This can have “unwanted consequences”, let’s say. This is a common cause of organisations that have been hacked.
Another really obvious one is identity management. The first thing is to ensure all users have MFA enabled and that all users who have left the organisation or moved roles have their accounts blocked (for leavers) or restricted for movers. We could do a whole day on this, but we won’t do that here.
Summary
We hope you found our top three cloud mistakes article useful! To summarise, there are many things to consider, and it’s not recommended to dive straight into your cloud journey without proper planning, design and foundations.
The good news is that cloud specialists such as LA NET have the experience, tools and know-how to get environments up and running very quickly (usually in a couple of weeks). After all, it is pretty much all we do. As a result, our Azure landing zone provides customers with a solid and safe platform that can be fully managed by us too.
If you feel your cloud environment could do with a checkup, contact us today as we always find areas for improvement to help keep our customers secure and safe.
Did you find the article helpful ? Let us know.
Let LA NET support you with your cloud adoption journey so it gets done properly.