Moving to the Cloud to Save Money? Think Again…

Image

When I meet with customers, I always ask about their primary objective in moving to the cloud. The majority of these customers have the same response: “to save money.” I can’t blame customers for taking this position. Google “cloud deployment” and the headers are dominated by positive articles that offer up anecdotal evidence of how the cloud can save customers money.  Most commonly, either cloud consultants or platform providers (who have a vested interest in selling the financial benefit of the cloud) are responsible for these articles. Cloud deployments can and should be cost effective over time, but initially, these deployments can generate unforeseen expenses. Part of the problem has to do with the actual effort involved, but it’s also important to consider how customers practically execute cloud computing as a function of their corporate cultures, and how this figures into the success of cloud deployments.

The impact on cloud in terms of capital and operational expenditures

Related to capital expenditures, costs related to Platform as a Service (PaaS or Cloud OS) deployment and support are substantial. In particular, often customers cannot find experienced certified cloud technicians in a timely manner, and as a result tend to outsource these capabilities, which leads to unanticipated expenses. As Alex Hickey, Associate Editor, posts in CIO Today,

“Employer demand for cloud computing roles, including infrastructure, security, architecture and engineering, rose almost 33% in the last three years. But job seeker interest in these positions, which has risen almost 108% in the same period, still falls short of meeting demand, according to an analysis of Indeed job data.”

What’s more, as customer teams need to be trained to operate on PaaS, training costs contribute to these expenditures. In terms of operational expenditures, while cloud computing creates economies of scale in the long term, customers must remember that they will be now paying both their PaaS provider (Azure, AWS, GCP, Oracle) AND migrating their existing security stack to their PaaS provider, some of which does not seamlessly migrate, due to the technical inefficiencies of their existing stack in cloud migration. Additionally, this expenditure does not include the likely cost of Security Assertion Markup Language (SAML) and Cloud Access Security Brokers (CASB) implementations, should those options be pursued as well.  As Tara Seals, Senior Editor, notes in InfoSecurity Magazine,

“Only 16% of organizations report that the capabilities of traditional security tools are sufficient to manage security across the cloud, which is a 6% drop from 2017. A full 84% of these organization say traditional security solutions either don’t work at all in cloud environments or have only limited functionality.”

Outside of the quantitative costs, cloud computing is sold to customers under the assumption that customers will proactively and independently reduce dependency on traditional software licenses, increase automation and reduce staff through cloud operations. All of this will serve to achieve timely cost savings when accomplished comprehensively. In practice customers execute upon little or none of these objectives and, as a result, do not position themselves well to achieve short-term cost savings. Researchers at Druva expanded on this in a survey quoted by ZDNet: Despite efforts to maintain lean data sets, organizations still struggle with the fact that large amounts of duplicate data exist. Companies want the data flexibility, scalability and mobility that the cloud provides but they only want to pay for what they need. This is a corporate culture issue that must be addressed over time as customers become better educated and more comfortable with the features and functionality of the cloud. As a result of all these issues, the return on investment for cloud deployments will necessarily take longer to achieve. Customers must create a practical and flexible business case for cloud deployments with these thoughts in mind.

Helping you build a cloud deployment business case

So how should customers proceed with their cloud deployment business cases?

• Begin with the end in mind - Set short term goals that focus on what can be gained from the cloud in the short term such as additional uptime, work collaboration and virtualization as well as the longer-term goals for a financial return on investment
• Streamline vendor focus to work with those vendors whose cloud approach either matches, or closely aligns, with their on-premise approach so that deployments can be as seamless as possible.
• Incorporate organizational behavioral factors into the business case to determine what are realistic and pragmatic expectations
• Establish a cloud committee that includes both IT and Security personnel that meets periodically to monitor and review the progress of cloud deployments.

All of this said, there’s something that’s missing. As David Linthicum, Chief Cloud Strategy Officer at Deloitte Consulting, writes from InfoWorld notes,

“What you need to watch out for is not the spending, but the value delivered. The dirty little secret in the world of cloud computing is that operational cost savings do not provide the value. Rather, the value comes in the operational agility of the cloud-based applications, considering elasticity and agility.”

Cloud deployments should be viewed as strategic projects that will provide efficiencies and economies of scale in the short term and ROI and cost reductions over time. But these deployments will fail across the board if companies don’t take the proper safeguards to secure them. Organizations can begin by gaining a firm understanding of how cloud security is a different concept than on-premise security, meaning that security solutions that work for the latter don’t necessarily advance the former. Next, organizations can apply their understanding to their cloud migration process so that they start off their cloud security on the right foot. Finally, they need to understand how they can apply the best security controls to the cloud so that they can continue to safeguard their cloud-based assets going forward. Explore how your organization can lay the foundation for and advance its cloud security using Tripwire.