Smart use of cloud services

Eyal Estrin
Cloud Computing
June 27, 2020

Many organizations are talking and beginning to embrace system migration to the cloud, as part of a global IT strategy to use public clouds.

The migration from the on premise to the public cloud, allows organizations to choose from a variety of alternatives,each with its own benefits, knowledge requirement and different pricing model(as compared to the on premise licensing model).

In this article, I shell review the different methods, with their pros and cons and I will try to explain which method suites which scenario.


Lift & Shift Migration

In this method, the customer chooses an existing system from the on premise environment, reviewing the required resources for running the system in a cloud environment (number of CPU/amount of Memory and required disk space), the operating system version (assuming the cloud provider has an image for this operating system), checking with the software vendor the ability to run the system a cloud environment (licensing issues) and deploying all software components on a virtual server in the cloud environment (or migrating the entire system, assuming the cloud provider offers a managed service for system migration).


This is the most common method and the simplest one (comparing to other alternatives…) for migrating to the cloud, and most cloud vendors (Infrastructure as a Service) support this method, but we should take under consideration, that cost-wise, this method is considered expensive (in terms of cost and resource usage) when comparing to purchasing physical hardware for 3-5 years in advanced in the on premise environment.

The most common ways to lower the server cost are:

·      Resizing the server size (number of CPU/amount of memory) to the actual usage

·      Purchase reserved instance for 1 or 3 years in advanced

·      Using Spot instances for servers who does not require availability of 24x7 or for applications who can survive temporary downtime, without harming the entire service 

Moving to Micro-Services and Containers

In this method, the organization begins migration from monolith application (a system where all components relay on each other and required to be deployed together) to micro-services based development, where each component runs independently (usually inside its own container) and it can be replaced, upgraded and vertically scale out as needed and independently from the rest of the system components.

It is possible to run containers on virtual servers (the entire management, update and scale is the customer’s responsibility)or as part of a managed service (such as managed Kubernetes clusters service).

This method requires the developer’s teams to know how to package their applications inside containers, take care of scaling, monitoring of containers activities (and the communications between containers), and taking care of security topics (such as who can access a container or whether or not the communication between containers is encrypted,etc.)

This method is suitable for organizations who wish to change their current application architecture or being developing new applications. Modern applications are being developed today as containers and allows the customer to migrate between the on premise environments to the public cloud, and with proper adjustments between different cloud providers(once we solve topics such as connectivity to current cloud vendor’s services such as message queuing, storage, logging, etc.)


Moving to Serverless / Function as a Service

In this method, the customer isn’t in charge of operating system maintenance, system availability or scale. Due to the fact that the entire infrastructure is been managed by the cloud vendor,the vendor takes care of scale, as required by the application needs.

This method is suitable for event based services, with short running time (few seconds to few minutes). As part of moving to modern applications, there are many scenarios for choosing specific development language, uploading the code to a managed cloud environment (Serverless), selecting the desired compute power (amount of memory, which effects the number of CPU) and creating triggers for running the function.

It is possible to embed Serverless capabilities, as part of modern micro-services architecture.

The pricing model for this method is based on the amount of time the function was running and the amount of memory used for running the function.

Common use cases for Serverless – image processing, data analysis from IoT devices, etc.

This method is not suitable for every application (due to short running intervals), and also not every development language is currently been supported by every cloud vendor.

For example:

·      AWS Lambda(currently) support natively the following languages: Java, Go, PowerShell, Node.JS, C#, Python, Ruby

·      Azure Functions (currently) support natively the following languages: Java,JavaScript, C#, PowerShell, Python, True Script

·      Google Cloud Functions (currently) support natively the following languages: Python,Go, Node.JS

·      Oracle Functions (currently) support natively the following languages: Java, Python, Node.JS, Go, Ruby


Migration to managed services (SaaS /PaaS)

In this method, the organization chooses an existing SaaS (such as Messaging, CRM, ERP, etc.) or existing PaaS (such as Database, Storage, etc.)

This method suites many scenarios in which the organization would like to consume existing service, without the need to maintain the infrastructure (operating system, storage, backup, security aspects, etc.). After choosing an existing service, the organization begin migrating data to the managed service, configure proper access rights,sometimes configure VPN connectivity between the on premise and the cloud environment, configures backup (according to the service support this capability) and being consuming the service.

The pricing model changes between cloud vendors (sometime is it based on monthly pricing and sometimes it is based on consumed compute power or consumed storage space).

Mature and transparent the cloud vendors,reveal accurate monthly billing information.
Also, mature cloud vendors knows how to handle privacy, low and regulation aspects (such as GDPR compliance and other privacy regulations) using data processing agreements.



In this article, I have reviewed the various methods of using cloud service wisely. As we can see, not every method suites every scenario or every organization, but there is no doubt that the future is heading cloud and managed services.

My recommendation for organizations – focus on what brings your organization business value (such as banking, commerce,retail, education, etc.), train your IT and development teams on the coming technological changes and migrate the responsibility for maintaining your organization infrastructure to vendors who specialized on the topic.

Eyal Estrin

Information Security and Cloud Expert, CISSP, CCSP, CISM, CISA, RHCE, CCSK, AWS Certified Security Speciality, CEH

Related Posts


Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form