Perry Menezes, Managing Director, Cybersecurity – MorganFranklin Consulting
Tom Kartanowicz, US CISO – European Bank
John Rogers, Global CISO – FinTech Firm
Reliable, resilient, scalable, and secure…what’s not to like? The cloud offers numerous benefits for businesses in today’s (and tomorrow’s) digital and automated world. With the acceleration of cloud adoption, a review of the associated costs and savings is warranted to ensure an optimal cloud experience.
The growing remote workforce and changing business environment bring more magnification to the value of cloud adoption. To drive the greatest return on investment, companies should ensure the cloud service model it adopts aligns with the business’ current and future needs. Considerations should include:
- Current functionality and features and scalability for growth
- Tech and non-tech risks
- Identification of applications/services that should not be moved to the cloud due to sensitive data, regulatory concerns, etc.
- Pricing, subscriptions, usage, data transfer, and other related costs
- Exit plans (reducing the risk of vendor lock-in)
- Cloud provider accountability and oversight (vs. shared responsibility)
Cloud Strategy and Value Considerations
The primary reason companies switch to the cloud is to save on infrastructure and upgrade costs since the cloud services provider (CSP) is responsible for the underlying infrastructure, application patches, and security. However, other potential expenses should be considered in the cost/benefit modeling.
- Data transfer fees
- Subscription/network design (can impact costs if multiple apps share data)
- Services that automatically launch or auto-scale
- Cloud databases (more costly with higher availability requirements)
- Idle resources created by “orphaned” resources or overprovisioning
- Legacy, unoptimized code that racks up cloud costs
- Infrastructure-as-Service (IaaS) virtual machines can be expensive and a straight lift and shift may not result in the efficiencies expected (inefficiencies may simply be transferred from one environment to another); where possible, more cost-efficient Platform-as-a-Service (PaaS) providers should be considered
- Cloud Services Downtime from “single point of failure” (e.g., Amazon cloud’s recent outage highlights the need for solid planning, especially around mission-critical requirements)
- Lack of cost monitoring when companies are more focused on quickly building their apps in the Cloud, resulting in additional pressure on the aforementioned bullets
- Regulatory concerns, especially related to financial services regulators’ heightened focus on operational resilience and concentration risk due to the limited set of CSPs
According to a publication, “How reliant are banks and insurers on cloud outsourcing”; 17 January 2020, by the Bank of England: “Our survey indicates that for banks and insurers, the provision of IT infrastructure in the cloud is already highly concentrated.” …….. “We will use the results of the survey to inform and adjust our supervisory approach to cloud oversight.”
Provided internal controls of accountability, oversight and governance are in place, the cloud provides a variety of cost savings, such as:
- Faster to Market: Cloud resources can be deployed more quickly than on-premises, enabling an organization to take better advantage of market opportunities.
- Competitive Edge: The operating expense (vs. capital expense) approach to IT investment provides organizations the agility and flexibility to meet their stakeholders’ needs in this ever-changing marketplace.
- Companies secure the flexibility and agility they need to foster cloud innovation and “failing fast,” and without a large upfront investment.
- Built-In Security, Redundancy, and Resiliency: Achieving security, redundancy, and resiliency in-house can be difficult and expensive since redundant sites, Internet service providers, power, and more are required. In the cloud, these are built into the services and offerings, and tailored to an organization’s needs, providing significant cost savings.
- Public cloud vendors and/or partner firms (like MorganFranklin Consulting) provide resources to help their customers evaluate, plan and even execute cloud transformations/migrations.
- Patch Management: Staying current with software patches is vital to enterprise cybersecurity, but it is also a demanding and time-consuming task.
- In the cloud, the patching of certain components becomes the responsibility of the CSP and is commonly automated. Ultimately, the CSP assumes responsibility for keeping their platforms up to date (if organizations are using PaaS services). Customers of CSPs may still need to patch other software components.
- End-of-Life System Management: Performing system upgrades and replacing end-of-life systems can be complex and expensive for an organization.
- Since infrastructure in the cloud is part of the role of the CSP, the CSP is responsible for ensuring that all systems are up to date.
- Simpler Network Segmentation: In the cloud, networking is commonly implemented using software, which can be configured and managed via CSP-provided tools.
- The use of software-defined networking (SDN) makes it simple and less expensive to implement network segmentation and redesign network architectures to meet evolving business needs.
- Cloud-Specific Solutions: Several different service models exist for cloud infrastructure, and some of these are unique to the cloud, such as support for serverless applications.
- The ability to tune the portion of the infrastructure stack outsourced to the CSP to the unique needs of the business provides opportunities for significant optimizations and cost savings.
- Real Estate/Energy Savings: Cloud computing enables an organization to downsize or eliminate its on-premises data center and footprint.
- Significant cost savings in terms of rent and energy usage can result.
The cloud was a key factor to businesses surviving through the pandemic, proving to be an efficient platform that kept many diverse industries uninterrupted. This combined with ongoing efforts to digitally transform operations result in accelerated cloud adoption rates. According to Gartner:
- Worldwide end-user spending on public cloud services will jump from $242.6B in 2019 to $692.1B in 2025, attaining a 16.1% compound annual growth rate (CAGR)
- Spending on SaaS cloud services is predicted to reach $122.6B this year, growing to $145.3B next year, attaining 19.3% growth between 2021 and 2022
The time is now to carefully evaluate and plan cloud migration to enable sustainable business value.
How MorganFranklin Can Help
Making the move to the cloud can reduce company costs by saving time and eliminating the need for redundant infrastructure and expensive system upgrades. MorganFranklin Consulting has extensive experience in analyzing, leading, and supporting organizations’ move to the cloud to ensure an optimal experience with the greatest ROI.
Talk to one of our cybersecurity experts