Introduction: Infrastructure Changes – Responsibility Remains
Moving to an IaaS cloud environment has become a must-do for modern organizations. It allows for greater flexibility, savings on hardware investments, and improved control over IT resources.
But there’s an important point that many people miss: IaaS isn’t magic, and it’s certainly not SaaS .
You rent infrastructure – but everything above it – is your full responsibility .
Without proper planning, you will move the same problems from local servers – straight to the cloud.
📌 For non-technical managers : Think of IaaS as renting an empty building. The provider provides the walls, electricity, and water—but the furniture, security systems, and maintenance—are your responsibility.
Unlike a SaaS solution, where you get a full, ready-to-use service, with IaaS you are still responsible for everything beyond the infrastructure.
Step One: Characterizing the Existing Environment
Before moving, it is essential to understand the current situation:
- What servers are there?
- Which applications are critical to operation?
- How much storage is actually used?
- What is the daily workload?
- What are the availability needs and hours of operation?
- Are there backups/DR solutions – and do they actually work?
📌 For managers without a technical background : This is the "inventory" stage. Like before moving an office – you need to know exactly which systems are in place, how much they weigh, when they are running, and what the status of the backups is. This is the basis for proper planning and understanding the costs.
Step Two: Checking the Required Resources
Not everything that exists today must move to the cloud.
- Are all servers in daily use?
- Which systems are always required to run, and which can be paused?
- Is it possible to migrate certain services to SaaS?
- What SLA is really required – 99.9% or 99.99%?
🎯 The goal : not to "lift everything as it is" – but to optimize . Only what is needed.
📌 For managers without a technical background : It's time for a digital spring cleaning. In the cloud, you pay per use, so it's worth taking advantage of the opportunity and reducing unnecessary systems. The higher the SLA, the higher the cost.
Step Three: Designing a Smart Cloud Architecture
The move to IaaS is an opportunity to design a better, more secure, and more stable environment:
- Layer separation: AD, App, DB
- Using Load Balancers
- Object/Block storage by performance
- Snapshots, backups, and DR outside of the AZ
- Network configuration with internal subnets, DMZ and NSG rules
📌 For managers without a technical background : This is the architectural planning stage. You don't copy the old office – you build a new and improved one. Load Balancers are like a smart load routing system. The other terms refer to storage, backup, and security systems that provide higher speed, stability, and protection.
Step Four: Survivability – It Starts with You, Not in the Cloud
True survivability does not depend solely on the cloud provider.
If you don't have a survivable communications infrastructure, the cloud won't help.
What is needed on the client side?
- Two different internet providers
- Two firewalls in an HA structure
- Two switches in a separated layout
- Smart routing and constant monitoring
🛡️ The goal : even if one line goes down, the services remain active.
📌 For managers without a technical background : Imagine that your office is perfect – but the path to it is blocked. Therefore, a dual communication path is required, with infrastructure that ensures business continuity even in the event of failures.
Step Five: Information Security – Full Responsibility of the Organization
Endpoint protection :
- EDR/XDR – Real-time detection and response
- MDM – Mobile Device Management
- Patch Management – Regular Updates
- Hardened Group Policy + Personal Firewall
Environmental protection :
- Cloud Firewall with UTM: IPS, Antivirus, Website Filtering
- Log retention according to regulations – at least 24 months
- SIEM – Event Analysis and Anomaly Detection
- IAM – Identity and Permission Management according to the minimum necessary
- Data encryption – in motion and at rest
📌 For managers without a technical background : The cloud security system is like security in an office building. Cameras (EDR/XDR), device control (MDM), lock maintenance (Patch Management), guards at the entrance (firewall), visitor registration (logs), control room (SIEM), permissions (IAM) and a document vault (encryption). Even in the cloud – the responsibility remains with you.
Step Six: Backups and Disaster Recovery – A Must, Not a Permission
If you don't know how to answer the question:
" How long will it take us to restore the system in the event of an emergency ?" – you are not ready for the cloud.
What must be included?
- Daily backup of production servers and databases
- Storing backups in isolated areas
- Active or passive DR in different geographical areas
- At least quarterly recovery tests
📌 For managers without a technical background : This is business insurance. Backup is like photocopying important documents. DR is an emergency plan if disaster strikes. Even in the cloud – a system failure, cyber attack or human error can hurt. Ask yourself: “ How much time and money would it take to get back to full operation if everything collapsed today ?”
Mandatory questions before clicking "Move to the Cloud ":
- Is our environment secure and hardened?
- Do we have a residual cloud connection?
- Do we have control over access to information?
- Is there a proven backup + recovery capability?
- Have we removed non-critical services?
- Do we have full visibility over the media?
📌 For managers without a technical background : These questions are a critical checklist. A "no" answer to any of them requires a pause and rethink.
A clear and concise summary
IaaS is a growth engine – but only if planned correctly .
❌ Don't copy 1:1
❌ Don't skip on survivability
❌ Don't neglect security or backups
❌ Don't assume the cloud will "take care of it"
📌 For managers : Moving to the cloud is a business opportunity for improvement, savings, and flexibility. But success depends on proper execution. Don't expect the cloud to solve all problems on its own. Invest in planning, connectivity, security, and backups – that's the difference between failure and success in the cloud.
✍️ Idan Tsabari – Your Leading Advisor
Accompanying organizations in all aspects of IT and information security – from the characterization phase, through establishment, to operation and ongoing security.
📧 [email protected]
🌐 https://sec-it.co.il
Cybersecurity & IT – Two Worlds, One Solution