Why WAF (Well Architected Framework) Is Not Enough for Cloud Modernization & Migration? Fortune 800 On The Ground Learning by Chandra Gundlapalli

Let’s take a quick look into what is AWS Cloud WAF (Well Architected Framework) and its timelines. The WAF is a set of best practices and guidelines for designing and operating reliable, secure, efficient, and cost-effective systems in the cloud.

WAF Pillars

• Operational Excellence Pillar

  The operational excellence pillar focuses on running and monitoring systems and continually improving processes and procedures. Key topics include automating changes, responding to events, and defining standards to manage daily operations.

• Security Pillar

  The security pillar focuses on protecting information and systems. Key topics include confidentiality and integrity of data, managing user permissions, and establishing controls to detect security events.

• Reliability Pillar

  The reliability pillar focuses on workloads performing their intended functions and how to recover quickly from failure to meet demands. Key topics include distributed system design, recovery planning, and adapting to changing requirements.

• Performance Efficiency Pillar

  The performance efficiency pillar focuses on the structured and streamlined allocation of IT and computing resources. Key topics include selecting resource types and sizes optimized for workload requirements, monitoring performance, and maintaining efficiency as business needs evolve.

• Cost Optimization Pillar

  The cost optimization pillar focuses on avoiding unnecessary costs. Key topics include understanding spending over time and controlling fund allocation, selecting resources of the right type and quantity, and scaling to meet business needs without overspending.

• Sustainability Pillar

  The sustainability pillar focuses on minimizing the environmental impacts of running cloud workloads. Key topics include a shared responsibility model for sustainability, understanding impact, and maximizing utilization to minimize required resources and reduce downstream impacts.

AWS WAF Timelines

On-the-ground challenges implementing a real modernization project (40-year-old mainframe system used by top airlines and banks)

• Doesn’t include the fundamental architectural principles: DDD (Domain Driven Design) and VSM (Value Stream Mapping) are the keys starting points for any modernization. VSM helps with identifying business friction and where to start modernization instead of boiling the ocean. DDD is an architectural approach that focuses on defining the business domain and its corresponding models in a way that can be easily translated into code. It aims to create a software system that closely reflects the business domain and its requirements.

• Limited scope: The Well-Architected Framework focuses primarily on the technical aspects of cloud architecture, such as security, reliability, performance, and cost optimization. However, cloud modernization involves more than just technical considerations, such as organizational culture, business processes, and governance.

• Lack of agility: The Well-Architected Framework provides a set of predefined best practices, which may not be suitable for every organization's unique needs and requirements. Cloud modernization requires agility and flexibility to adapt to changing business needs, and the framework may not provide enough room for experimentation and innovation.

• Incomplete solutions: The Well-Architected Framework provides recommendations and guidelines, but it does not offer complete solutions for all cloud modernization challenges. For example, it may not address how to migrate legacy systems to the cloud or how to integrate cloud services with existing on-premises systems.

• Limited focus on data management: The Well-Architected Framework provides limited guidance on managing data in the cloud. Data is a critical aspect of cloud modernization, and organizations need to consider data governance, data security, data integration, and data analytics to realize the full benefits of the cloud.

• Lack of continuous security and compliance posture solutions: Does’t includes potential solutions for continuous security which is key for every organization.

At Fortune 800, I had an opportunity to share my past cloud modernization experience and also learn from global TEAM leaders on how to do “End-To-End Cloud Done Right“

And also, partnered with a couple of niche vendors to help solve the major requirements for a. How to extract operational intelligence from legacy processes without any documentation (typical scenario of the workforce retiring) b. How to implement microservices from a monolith mainframe codebase? c. Implement Continuous Security (both applications and infrastructure) Posture Life and Shift to the cloud is not a solution, can not put a big container with all the massive code & libraries and deploy it in the cloud.

PS: I will be updating the above, so please check back soon