Introduction to Cloud Migration Plan: security
Start course

Cloud Migration services from your on-premise environment can sometimes be very simple and other times an extremely complicated project to implement. For either scenario, there are always considerations to bear in mind when doing so. This course has been designed to highlight these topics to help you ask the right questions to aid in a successful Cloud migration.

Within this course, we look at how timing plays an important part in your project's success and why phased deployments are important. Security is also examined where we focus on a number of key questions that you should have answers to from a business perspective before your Cloud migration. One of the biggest decisions is your chosen public cloud vendor, how do you make the decision between the available vendors, what should you look for when selecting you will host your architecture, this course dives into this question to help you finalize your choice.

Understanding the correct deployment model is essential, it affects how you architect your environment and each provides different benefits, so gaining the knowledge. I look at how you can break this question down to help you with your design considerations. We also cover service readiness from your on-premise environment and how to align these to the relevant Cloud services. Your design will certainly be different from your on-premise solution, I discuss the best approach when you start to think about your solution design, some of the dos and some of the don’ts.

Once you have your design, it’s important to understand how you are actually going to migrate your services ensuring optimum availability and minimal interruption to your customer base, for example looking at Blue/Green and Canary deployments. Cloud migration allows for some great advantages within your business continuity plans, as a result, I have included a lecture to discuss various models that work great within the Cloud.

Course Objectives

By completing this course you will:

  • Have greater visibility of some of the key points of a cloud migration
  • Be able to confidently assess the requirements for your migration

Intended Audience

This course has been designed for anyone who works or operates in business management, business strategy, technical management, and technical operations.


For this course, it's assumed that you have a working knowledge of cloud computing and cloud principles.

What You Will Learn about Cloud Migration

Introduction - This provides an introduction to the trainer and covers the intended audience. We will also look at what lectures are included in the course, and what you will gain as a student from attending the course.

Time Management – How time plays an important part in successful cloud migration. We discuss the key points to allow time for and how to use it to plan a phased migration.

Security – This lecture will give you the ability to ask the key security questions to the business before performing a migration to the Cloud.

Selecting a Vendor – Here you will learn how to define the best way to assess which vendor would be a good fit for your migration based on a number of considerations.

Selecting a Cloud Deployment Model – This discusses different Cloud deployment models where you will understand the differences between them before gaining insight to the questions you should be asking before making a decision as to which to select.

Are your services ready to move to the Cloud? – This lecture will help provide you with the ability to identify if your on-premise applications and services are ready to migrate to the Cloud. There are a number of issues that could arise which we dive into.

Alignment of Services – Here we learn how to categorize your current services and how to map them across to the Cloud service.

New Design – This lecture discusses the importance of not performing a ‘lift and shift’ from on-premise into the Cloud. We look at how this design should be addressed using high availability and other Cloud characteristics.

Migration and Deployment options – Here you will learn the differences between the different deployment methods that could be used and how to tackle the questions around migrating your data into the Cloud to start with.

Optimization and Cost Management – Here we look at some of the considerations around optimization of your costs and how you can achieve greater efficiency.

Business Continuity – The Cloud offers a number of different DR methods which are discussed here and you will be able to define the differences between these and when to you one method over the other.

Proof of Concept – In this lecture, you will learn the importance of implementing a proof of concept design before your production migration.

Summary - Lastly, we will take note of some of the important factors learned from the previous lectures.

If you have thoughts or suggestions for this course, please contact Cloud Academy at


Hello and welcome to this lecture, where I shall be discussing some of the security points. This lecture won't detail how to implement security controls, but simply offer considerations when thinking about your security strategy.

One of the biggest and most critical errors within your cloud migration strategy plan would be surrounding security. No matter the size of the migration or deployment, small or large, security must play a part of your design considerations. Remember, using a public cloud, you are handing over your data and additional responsibility to a third party. And as this information is typically accessed over the Internet, it opens it up to a potentially whole new world of malicious attackers.

Security's a huge topic and one that we could talk about for hours, however, there are a few key points to consider.

What layers should security be applied to? For example, the network layer, user, application, service, et cetera.Adding security to multiple layers of your architecture makes it harder for an intruder to penetrate deeper into your environment. Consider what security configurations you could add to each layer to prevent unauthorized access to your data.

Who needs access to the service and application and data you're storing? Identify who or what needs access to which resource. This could be a single user, a group of users, or a resource, or a group of resources. Identifying who or what requires access allows you to add fine-grain control to those services. You can then explicitly deny everyone and anything else should your security controls allow you to do so.

How will access be granted? What will your access methods be to gain access to resources? Will you use username and passwords, or perhaps federated access for a active directory, leveraging your existing user accounts on premise? Look at where you should add additional of access security, such as adding multi-factual authentication for power users or admins. It's recommended for these users as if their accounts are breached, they could cause havoc within your environment. Also, from an API perspective, will you be using access keys for resources to call upon other resources. It's important to consider how you'll be accessing your objects within your environment, so you must maintain policies around this control.

How much access do you need and to what level? You must define the required level of permissions for the user or resource to perform the functions required. Only allow the access needed and refine this access as much as possible, as it reduces the potential of unauthorized breaches and what can be done once breached.

What other services require access to the service, application, or data and over which ports? Again, when resources are talking to other resources, specify only the ports needed. Do not open up access to all TCP ports, for example, when only Port 22 is required.

Does the data need to be encrypted at rest and in transit? Depending on the sensitivity of your data, you may wish to encrypt your data when it rests and when in transit. This may be required from security compliance reasons, and so you must identify what data is affected by this and ensure that the correct level of encryption is applied.

How will encryption be managed? Will you manage the encryption methods for all your data, including management of encryption keys, or will you look to your cloud vendor to manage this aspect for you via one of their service offerings?

What logging can be enabled? Activating logging for your services allows you to monitor, analyze, and inspect authorized and unauthorized activity, allowing you to increase your security as and where required. This also allows you to identify consistent attackers and block specific requests within your security controls.

Security is typically a shared responsibility between you and the vendor. The vendor will manage security of the cloud and its global architecture. And you must architect and be responsible for security within the cloud. The vendor will not perform the security for you, but they will offer services and tools to allow you to implement and architect it.

Bear in mind any data laws that you might have to abide by, ensuring that the infrastructure you are using adheres to any governance controls relating to these requirements. Certain data may need to remain within a certain location or it might have to ensure it has a specified retention period applied. This can affect how you architect your environment and could impact where you physically store data within the cloud.

I recommend you refer to your internal information security management system document. This document is a set of controls and policies that dictates the security requirements within your organization. It will also identify what risks you have to consider, along with your data protection controls needed. Often, it will also identify what encryption methods should be used and to what extent. Any policies will also be included, such as password requirements.

This has taken us to the end of this lecture and so coming up next we'll discuss the points surrounding your vendor choice.

About the Author
Learning Paths

Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.

To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.

Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.

He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.

In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.

Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.