A data center migration can improve performance and efficiency, and reduce costs. But, it must also maintain or improve the security of the data and the infrastructure. That makes it essential to monitor and manage the impact of changes that occur during the migration.
This process is important, not just to maintain security. It also ensures the business remains compliant with customer SLAs or industry regulations.
A formal documented change management process is essential. The process must identify and record every change that takes place when servers are migrated or data transferred. This can be a complex, time-consuming process, particularly with a large-scale server migration where each server may require five or six changes.
Automation tools can record the changes quickly and easily, reducing change management administration and providing a clear audit trail in the event of an inquiry.
Transferring data between the business and a data center can create a security risk if IT decides to migrate from a premise facility to the cloud or a hosted solution. Data must then be transferred via the public Internet with its well-known vulnerabilities or by a more secure but more expensive private network.
While data encryption provides a higher level of security on public or private networks, that may not be sufficient for data subject to regulatory compliance. Clients and regulators will require details of the service provider’s security policies, together with detailed records of transfers for review and audit.
While security patch management may be up to date in the existing environment, patching can be overlooked during migration, particularly if migration takes place over a long period.
During the migration, vendors may release additional security patches and updates to fix vulnerabilities. However, the migration may not install them if the servers are temporarily out of commission.
Patch automation ensures that all patches and security updates are installed and validated to provide a record for audit. If the data center is migrated to the cloud, make sure that service providers are aware of the scope and status of the patch program and have a process in place to maintain the program.
Migration to a new environment can impact security policies and increase risk. Any pre- or post-migration processes must therefore take account of security changes and essential remediation.
The situation is more complex if different components of the infrastructure are subject to multiple security or compliance requirements. For example, in a financial services firm offering healthcare insurance, servers may have to comply with HIPPA and PCI security requirements, as well as internal company policies.
Automation can simplify the process by applying rules to individual servers, validating compliance and remediating any server failures.
Security is a key consideration for any business and it may determine the migration destination. A business subject to high levels of regulatory compliance may opt for a premise solution where it can control all aspects of security.
If compliance is less of an issue, but security is still critical, IT may need to decide between cloud migration and co-location. Co-location offers greater levels of protection because a business can deploy its own physical and data security measure. With service providers, security policies can vary from location to location.