Migrating the data infrastructure of a service or app from an on-premise model to a managed cloud service is not a risk-free process. While there are clear and tangible benefits of using a managed data infrastructure — such as cost-effectiveness, more robust security, better agility and the ability to focus on scaling one’s business — it is not a transition that happens overnight.
Asia Pacific (Apac) is ripe for such migration. In fact, according to a report by the International Data Corp, cloud spending in the region will more than triple and hit US$165.2 billion ($220.24 billion) by 2026. But like all major endeavours, digital transformation is not without risk. Here are four of the most pertinent ones and some considerations for managing them.
1. Critical workloads and downtime during and after transformation
No on-premise solution can guarantee flawless uptime. A company usually chooses an on-premise solution because it offers the most control when issues arise and allows IT teams to immediately remediate the situation. When viewed from this perspective, a managed cloud seems like a downtime risk.
When a company considers how vital the service they provide to customers and partners is and how much downtime is acceptable, at which point do businesses start losing users, productivity, and revenue? There is a good chance for outages to occur during the initial cloud migration phase. Companies must maintain satisfactory uptime during transformation, data and workload migration, and app reconfiguration.
No cloud service can guarantee 100% uptime. However, certain firms can insulate the client from any responsibility through a Service Level Agreement (SLA). If a company’s service uptime falls short of expectations, the onus to fix it no longer falls on them. Instead, the service provider assumes responsibility. That being said, SLAs do mandate that companies should configure their apps in a manner that sensibly and sustainably utilises the provider’s resources. Companies should also update disaster recovery protocols to reflect this new paradigm.
See also: 80% of AI projects are projected to fail. Here's how it doesn't have to be this way
2. Contractual and legal risks
A cloud infrastructure provider offers managed services that provide some degree of customisation while standardising other components. Standardisation allows customers to achieve economies of scale and gives them a clear view of their expenditures. This also explains why cloud contracts are standardised. When examining the service provider contract, companies should pay heed to the jurisdiction that is specified for conflict resolution. While services are global, it is not necessarily the case for contracts.
Storing data in the cloud presents an interesting legal conundrum. Data is subject to the local laws of the country where it is physically stored, but data processors and controllers operate under the laws of the country where they receive the data. There are often inconsistencies in these two legal frameworks.
See also: Responsible AI starts with transparency
Companies should be well aware of these differences and potential implications as it applies to the jurisdictions in which they operate. In a world where technology advances at the pace of innovation, the law finds itself playing catch up. Over time, these frameworks will be updated to reflect current realities.
3. Sensitive data and security in the cloud
Maintaining data security, confidentiality, and availability is a challenge fraught with risks no matter how a company chooses to deploy its infrastructure. How can companies control what happens to their data and who has access if the supply chain transits through public cloud providers?
Data breaches happen less frequently in the public cloud than they do in on-premise or private cloud environments. Public clouds are run by dedicated companies with a phalanx of experts who possess the latest knowledge, tools, training and certification to keep your data safe and secure. The risk of human error is reduced. If a company properly configures its cloud access, it makes it safer to share data via the cloud than via physical means like a thumbdrive.
Customers of a public cloud database service must consider security when choosing a vendor. These are some considerations to think about:
- Who generates, holds and distributes the encryption keys? Where does encryption happen? Is data encrypted both at rest and in transit?
- Is personal data anonymised and encrypted?
- Can you customise access levels and roles?
- Where are the provider’s data centres located? How has the staff been vetted? Is the provider using third-party companies to provide their service?
Companies should always ensure that data is being processed and stored in accordance with the law. At the end of the day, the data controller is the one accountable and liable for any breach and bears the brunt of any reputational damage.
To stay ahead of the latest tech trends, click here for DigitalEdge Section
4. Keeping control of your own data
When migrating to a public cloud from an on-premise model, companies can be forgiven for feeling as if they are surrendering their data to the database-as-a-service vendor. They should exercise caution nonetheless, lest they find themselves in a lock-in situation — where their data goes into a proprietary system and gets stored in an unexportable format or lose access to data if they switch providers.
Companies should strive to ensure they have the flexibility to move data and workloads to another provider whenever they want to. Open source software or using providers whose systems are compatible with open source are viable means to avoid vendor lock-in.
Cloud to support the future
These considerations are only the beginning. The further along its migration journey a company finds itself, the more considerations will likely crop up.
According to an Asian Development Bank report, digital transformation could add 65 million jobs annually and an economic dividend of more than US$1.7 trillion to Asia Pacific. In that same vein, a study commissioned by Amazon Web Services revealed that in 2022, more than 86 million across Apac were expected to undertake digital training to keep pace with technological advancements. This number is expected to grow in the coming year — driven by sectors such as e-commerce, fintech and manufacturing, the rise of super-apps, and the continued digital transformation of businesses across the region. To power those sectors and ensure service delivery to the people in the region, cloud technology will play a crucial role.
Troy Sellers is the solution architect lead for Asia Pacific at Aiven
