To achieve all of this, they hired an end-to-end cloud solutions provider to help guide the process. This included a cloud engineer as well as a knowledgeable architect to build a robust framework. Weller said this was a critical decision because it helped keep the project on track while harnessing invaluable expertise and knowledge from a provider specializing in cloud migration. “You have to ensure that your foundations are in place,” he explained. “A lot of that is working with architecture. Choosing the right external partner helped us avoid mistakes with configurations, firewalls, and security groups.”
Careful attention to security details
It also helped establish a rigorous and thorough timeline and checklist for security, which is not only essential but also something that companies repeatedly overlook, particularly when they try to execute a project quickly, as in ACS’s case. “You have to make sure that your applications and data flows are fully documented, and that when you are moving, you are properly securing aspects of that data flow,” said Weller.
External partners are invaluable in helping to put the right security steps in place. Yet organizations carrying out a cloud migration are ultimately responsible for any lapse or breach. With that in mind, Weller and his team adhered to the highest benchmarks of security protocol, using the US government’s National Institute of Standards and Technology framework to ensure that all the relevant controls were in place.
They also partnered with Microsoft, choosing Azure as its new cloud platform. Part of the reason, explained Weller, was that the software provider offered non-profits such as the ACS generous terms and significant discounts compared with the alternatives it explored at the time. But the ACS also partnered with Microsoft because it already had its identity and access management solution on the software provider’s Azure platform, and the resulting familiarity with some aspects of the environment eased the learning curve.
One obvious question is why they had not migrated to the cloud earlier. Beyond the implied cost savings, their on-premise data solutions were less agile than cloud computing when it came to adding new features. “When you are dealing with legacy systems, the barriers to innovation are much higher,” said Weller. On top of that, the cloud’s additional security was a clear advantage compared with what they had on the premises. “As a security person, I’m pragmatic,” added Weller. “I know that Microsoft, with a billion-dollar budget, can do security better than I can with a staff of five.”
As it turns out, they had carried out a partial digital transformation two years prior to the pandemic, offloading its customer relationship management to Salesforce, the Californian cloud-based software company. In stark contrast to its 2020 cloud migration, however, that project took two years to complete. It was also dogged by the business team changing its requirements throughout the project, partly as a consequence of gaining more knowledge as the process went on.
For Weller, who was not leading that development team, the lesson from comparing the two experiences is crystal clear. “When you have competing interests and IT projects are just one of a bunch of competing priorities, there is every chance that things will drift,” he said. “But when you set clear goals, and when the entire organization is all hands on deck, you can execute with great precision and consistency.”