Migrating to Office 365 continues to be a top priority for many CIOs and there are many reasons why enterprises are pursuing this initiative, including flexibility, scalability, new features and collaborative functions such as Teams, and cost savings.
For many, the value of migrating to Office 365 is clear. However, making the transition requires significant planning to safeguard against minimal disruptions and impacts to existing operations, as well as ensuring the best management of an endeavor of such complexity, size and scope.
CIOs and IT administrators should be aware that moving to Office 365 can be fraught with unexpected considerations that require well-informed decisions. To learn more about how best to handle these situations, we sat down with FireEye CIO Colin Carmichael to discuss the challenges of migrating FireEye’s infrastructure to Office 365.
Colin, tell us what were the main reasons for migrating to Office 365?
Like most organizations, we were intrigued with the possibility of reducing our overall infrastructure and support costs and were attracted to the possibility of being able to deploy new capabilities more rapidly to our users.
How did you begin the process of moving to Office 365?
To begin, we looked at the migration process as a series of phases; lots of phases. We settled on components that we would migrate first based on an internally developed set of criteria that we validated early on with the Office 365 team from Microsoft. We are a year and a half into it, and we’re still in the journey of moving everything over to Office 365. The first phase was moving email, and that transition was surprisingly quick and seamless. In fact, moving email exceeded our expectations and was relatively easy.
We put in a big planning effort to migrate email. Key to this was having regular engagement with Microsoft. The Microsoft team has done many of these and they were able to highlight concerns and issues very early in the process, which simplified and reduced the amount of effort required by our internal teams for the migration. Sure, there were some hills to overcome, but no mountains. Historically, when you move from one on-premise Exchange server to another, you expect a heavy lift. The fact that we spent time in pre-planning resulted in a much more streamlined process than expected.
How did you scope the migration?
With anything new, you expect challenges, such as migrating data and users, and you can’t do it overnight. We considered how to move to Office 365 – by function or by area. Despite being a global company, where area rollout could be an option, it would not make sense to move users or groups by geography. We decided that it has to be by function. For example, you can’t have half of your global sales on one type of email system, or groups or Teams, and then have others working in a disparate system. Group entities and integration across different stakeholders was key, and we worked closely with Microsoft to make that happen.
What considerations were given toward network traffic?
We examined our ingress/egress points, and the overall increase in traffic was minimal. What surprised us was the impact to our endpoints, mostly because of users’ old habits. Users have been trained over the years to download everything to their endpoint when they view, edit or manipulate data in any way. Things are different with Office 365 and we are training our users to interact with their data directly in the cloud, and that has changed things for the better. We initially saw sizeable loads coming from SharePoint and OneDrive. We were seeing substantially increased levels of file movement and management that could easily overwhelm endpoints.
What was your biggest hurdle?
SharePoint was our biggest hurdle. Moving SharePoint was a heavy lift, requiring more than nine months to complete. SharePoint online does not have the same implementation capabilities as our on-premise SharePoint, which added to the complexity. You also have to take into consideration the volume of data, the structure of your data, and how you are going to map from the old data structure to the new one. Overall, it required more planning that we initially anticipated, but again we were able to leverage Microsoft’s help to get past our concerns.
What about access controls?
We really didn’t need to make any changes to policy and access controls; however, we noted that with Teams, Microsoft’s collaboration tool, we didn’t get the granular permission controls that we would have liked. It’s secure from a corporate standpoint, but internally, there can be control, permission and access challenges.
Any thoughts about regulatory or compliance concerns?
For the most part, no. However, there is still a debate about GDPR going on right now. There is nothing explicit stating that data has to be segregated. Also, the data could reside in the U.S. or elsewhere. This is a big issue and many related aspects remain unanswered at this time. My recommendation is to be ultra-cautious. Check with your legal counsel and look for where Microsoft and other security as a service (SaaS) providers locate data to ensure that you are meeting the requirements set forth for your organization. If you don’t know what to do or if it is okay, ask for help.
Any security or threat considerations?
For starters, users need to understand their license levels with Microsoft in great detail, as there are many feature differences based on these different levels. In particular, note that these differences may also impact security capabilities. Also, Macintosh compatibility tends to lag on releases of endpoint solutions, so users need to plan their rollouts knowing this.
Expanding on this, you also need to look at your Cloud and SaaS providers. Today there are so many different cloud applications that have their own APIs, and even within each of the cloud solutions they also have individual architectures for the individual services that they provide. This is a tremendous challenge to keep track of. CIOs need to ask about Cloud and SaaS-based security architectures and not just at the high level, but the actual details early on so they can map things out and plan accordingly.
If you were to do this again, what would you do differently?
Knowing the vendor roadmap sooner in the process would have been helpful. We learned from that and adapted our plans accordingly. I can’t stress enough that having a tight relationship with Microsoft is critical for knowing what is coming up. You need to stay in regular contact with them and always validate what you are planning to do next. You can’t assume that the roadmap presented yesterday will be there today or what is there today is going to be the same in a year from now.
Things change and they can change very quickly. Sometimes items you thought were going to be issues are resolved by new capabilities or features, and sometimes something you were planning for gets pushed back. You need to stay tight with the Microsoft account team in order to keep your plans up to date. You also need to be ready to adapt quickly.
What other advice do you have for CIOs?
Migrate early and assume nothing. The process is much better understood now that Microsoft has more experience, but things are still dynamic. It’s a two-way street when working with a vendor such as Microsoft. Show them your roadmap and understand theirs. Plan on sequencing things. Be patient.
That wraps up this CIO Viewpoint. We would like to thank Colin Carmichael for taking time out of his day to discuss considerations for moving to Office 365. Keep an eye out for future blog posts to read more FireEye executive views on a variety of timely and relevant industry trends.