Cloud migration: Not so fast!

The process is undoubtedly underway, but it is going much slower than enthusiasts like to think.

In recent years, analysts and visionaries have been talking nonstop about digital transformation, viewing migration to a public cloud as an integral part of it. On the whole, they are likely to be right. But from our point of view, the idea that by 2020 everyone will have migrated most of their workloads to the cloud looks rather optimistic. The process is undoubtedly underway, but it is going much slower than enthusiasts like to think.

In fact, the migration depends on markets considerably. For North America, the real dynamics might actually approach forecast levels. There, business integration with public clouds is being aggressively pursued in all business segments and verticals — including enterprise customers. That is largely because it is the home market for the largest cloud service providers, and above all Amazon Web Services (AWS). In their home market, cloud service providers have more market penetration, capabilities, and data centers, allowing them to provide clients with the requisite capacity and, if necessary, guarantee compliance with legal data-processing requirements (e.g., AWS GovCloud).

But elsewhere, even in well-developed European markets, we see a different picture. Our market research and client feedback show that despite a constantly growing interest in all cloud service models, it is premature to speak of any kind of mega-trend, especially as regards enterprise companies — which, in the context of the evolution of Kaspersky Hybrid Cloud Security (which protects private, hybrid, and public clouds), are of primary interest to us (80% of clients that use the solution are big businesses). Why is this? It seems that at present, full migration is unattainable because of a number of obstacles.


In fact, companies would gladly migrate to a public cloud. The first reason is the obvious economic benefits. In the case of SMBs, it would be a sure way to reduce infrastructure costs and stay with more preferable operational expenditures rather than capital expenditures. But for most enterprise companies that already have CAPEX spending, the economic factor is less significant (although that depends on the particular business, of course).

For enterprises, the top reason for migrating skyward is instead the opportunity for rapid infrastructure growth and an elastic approach to any kind of business workloads. A public cloud (especially IaaS) offers a super-convenient environment for instant access to technology stacks that usually have no local equivalent (well, there are always exceptions — e.g., Azure Stack). Sure, you can try to recreate the same level of flexibility on a local platform, say in a private cloud, but it will be eye-wateringly expensive, especially the administration.

Meanwhile, public cloud providers are not sitting idle, and are constantly improving their technology stacks. For example, they now offer services to quickly build, ship, and run containers (Container as a Service), seamlessly move existing virtualization deployments to the public cloud (e.g., VMware Cloud on AWS), or use the FaaS (Function as a Service) model for serverless architectures, completely abstracting away from concepts such as “virtual machine,” “instance,” and the like. Providers give the client a pure development environment and charge only for function execution time — a great approach for microservices apps. These trends are only emerging, but in five years such services will be run-of-the-mill.

All in all, then, a public cloud is an ideal platform for many things such as development, testing, rapid service, and product delivery, making it the de facto standard for IT companies of any size even now.

Speaking of product delivery, another major reason for cloud migration (one that can apply to any kind of company) is the possibility of significantly reducing time-to-market. That is, the ability to deploy some business functions and processes in a public cloud, and thus deliver products or services to the end user much faster, simply because everything is faster in the cloud.


But there are also obstacles to migration that prevent many companies from moving most of their workloads and data to public clouds. Chief among them are the numerous regulators and their strict data-processing requirements. And don’t think this pertains exclusively to the infamous GDPR — the phenomenon stalks virtually all markets in one form or another.

The very concept of a public cloud is rooted in the uniform distribution of information and processing load across all available capacities. It is through this that accessibility, scalability, and fault tolerance are achieved. Many regulators, meanwhile, require that data belonging to residents of a particular country be processed and stored only in its territory. But cloud-solution providers cannot guarantee the location of information storage data centers (well, some of them can — for example, AWS can be used in regional mode, although that’s hardly in line with the idea of a global cloud). So, for some businesses, especially large multinational enterprises and government agencies, migration is not an option.

The other common issue is security concern, but, frankly speaking, it’s fading. Businesses are starting to acknowledge that cloud environments often can be even better secured than the companies’ own premises. It’s still important to keep in mind that different service models require different security efforts from a customer perspective. IaaS (Infrastructure-as-a-Service) is the most responsible model — with full control of your workloads comes full responsibility for their protection. An IaaS provider is responsible for protecting your infrastructure but not, for example, keeping ransomware away from your EC2 instance. It is a so-called shared responsibility model. To protect IaaS properly and to enjoy all of its features fully, customers should use specialized cloud security solutions (such as Kaspersky Hybrid Cloud security), which are quite different from traditional endpoint protection platforms.

Amazon Shared Responsibility Model

Shared responsibility model. Source:

As you can see, the pros of migration greatly outweigh the cons, but some companies face an unmovable obstacle. As a result, two simultaneous yet divergent processes are in play: globalization and localization.

Therefore, we are now witnessing a fairly stabilizing trend toward the emergence of local IaaS and PaaS (Platform-as-a-Service) providers. They see the demand for public clouds yet understand that not everyone can use a global heavyweight. Despite lacking the most advanced technologies such as AWS or MS Azure, local players can guarantee that all data is stored and processed within the territory of one country.

At the same time, global providers continue to grow and develop, offering more — and more-effective — technologies.

Perhaps most interesting, many companies are moving toward a multicloud strategy, using different cloud providers for different workloads and processes.

As a global vendor of cybersecurity solutions, we see this trend and believe that successful cloud workload protection demands cooperation and integration with both local and global cloud providers. That is why Kaspersky Hybrid Cloud Security is constantly supporting new cloud and virtualization platforms as well as different deployments. Seven years ago, we started with the protection of on-premises virtualization and private clouds, and now we provide unified protection for hybrid and public clouds.