What the CFO needs to know about the cloud?

When it comes to any IT spend, discussions are typically led by those in technical roles. 

However, in recent years, we have seen more of the C-suite take an active interest in what technology is brought into the organisation. 

The CFO is one such position which has become more involved in technology decisions. Rather than their role being solely focused on spend and risk, we have seen a notable evolution in the remit of a CFO extending to include that of procurement – including that of IT procurement. 

During such a process, there are typically three core areas that we find they are interested in knowing more about when it comes to the cloud – cost, security and business value. 

In this blog, we look at each of these three areas in a little more depth and address the key questions we are asked:

Cost:

 

What is the total cost of ownership (TCO) implication of moving to the cloud? 

While on-premises TCO involves upfront capital expenditure (CapEx) investment (such as hardware/ software licenses, network infrastructure etc), cloud TCO is typically based on an operational expenditure (OpEx) model that is based on usage and the resources consumed. This allows businesses to work on a subscription-based model which is much more flexible to their changing needs. 

Such a model can also result in an overall IT spend saving as organisations only pay for what they need and use – which can also result in increased flexibility as they can scale up (or down) their cloud use accordingly.

While there are cloud subscription fees, data transfer costs, and cloud management tools to consider as part of the overall TCO, these are still lower in cost than an on-premises solution. 

How will cloud adoption and migration impact our existing IT budget? 

In any kind of IT budget planning, it is important to take a snapshot of where the organisation is now, and how/if this might change in the future. 

By analysing current workloads and needs, organisations can determine the most cost-effective cloud deployment model to suit them with a pricing structure to match. 

Rather than buying more than you need to be future-ready, the scalability that the cloud provides means that it is ready to extend when you are. 

This also allows you to adapt your cloud investment to your IT budget and you can use cost management tools provided via your cloud provider to track spending, identify potential areas for optimisation thus preventing budget overruns. 

In effect, the cloud is much more intelligent when it comes to IT budgets than on-premises and its billing transparency can provide CFOs with the clarity that they need to keep on top of spend. 

What are the pricing models for different cloud services, and how can we maximise our spending? 

There are a variety of cloud pricing models to cater to the specific needs of every organisation. 

The most common pricing models include:

•  Pay-as-you-go: This model allows organisations to only pay for the resources that they use with no upfront commitment. It is worth noting, however, that while this model provides a high level of flexibility, it is typically a little more expensive than other pricing models when supporting consistent workloads. 
•  Reserved instances: With this option, organisations can commit to using a specific cloud model for a fixed term (such as 1 or 3 years) in return for a significant discount. This option is ideal for organisations with predictable workloads. 
•  Spot instances: Organisations using this model tap into spare compute capacity in the cloud in exchange for a discounted rate. Not suitable for organisations that require guaranteed and consistent cloud capacity, it is more suited for those using the cloud for fault-tolerant and flexible workloads. 
•  Subscription-based: Here, organisations pay a fixed monthly or annual rate for a specific cloud service or set of features. 

To maximise spending within each of these pricing models, there are several activities organisations can follow. These include:

•  Rightsizing: Organisations select the appropriate instance types (spot or reserved) and sizes for your workloads to avoid over-provisioning resulting in unnecessary costs.
•  Cost optimisation tools: Organisations can use cloud cost management tools to track spending, identify areas for optimisation, and receive recommendations for cost savings.
•  Negotiation: Finally, if in doubt, open a conversation with your cloud provider – particularly for larger-scale deployments – to tap into favourable pricing and terms.

Security and compliance:

 

How secure is our data in the cloud, and what measures are in place to protect it? 

The simple answer here is – very!

Cloud providers continually invest in security measures to keep customer data protected and safe. 

To do this, they invest in and provide organisations with:

•  Physical security: The data centres that cloud providers use to store data are protected by physical security measures such as fences, surveillance cameras, and access controls.
•  Network security: Cloud providers ensure that firewalls, intrusion detection systems, and other network security measures which protect against unauthorised access are put in place and continually monitored.
•  Data encryption: Data is encrypted both in transit and at rest, making it unreadable to unauthorised individuals.
•  Access controls: There are strict access controls in place to ensure that only authorised personnel can access sensitive data – something which should be extended in your organisation too.
•  Ongoing security audits: Cloud providers undergo ongoing security audits and maintain certifications to ensure compliance with industry standards to provide users of their services with peace of mind. 
•  How does cloud computing impact our compliance with relevant regulations (e.g., GDPR)? 

The cloud can provide organisations access to tools and services to comply with specific regulatory requirements, including data encryption, access controls and audit logs. This results in cloud environments being more easily audited than on-premises infrastructure. 

It is worth being mindful, however, that organisations share responsibility with cloud providers from a governance perspective. For example, data residency requirements may necessitate using specific cloud regions or providers. Equally, it is crucial for organisations to carefully assess the compliance implications of cloud adoption and select a provider that can support and meet your often specific compliance needs.

What are the risks associated with the cloud, and how can we mitigate them? 

As with any technology investment, there is an element of risk in investment in the cloud – though these are rare. Risks can include:

•  Data breaches: Despite investments from cloud providers in security, the threat landscape is such that data breaches can still occur.
•  Vendor lock-in: Switching cloud providers can be complex and expensive.
•  Service disruptions: Cloud services can experience outages or disruptions.
•  Compliance violations: Failing to manage data in the cloud can lead to compliance violations.

To mitigate any risks, organisations need to ensure that they opt to work with a reputable cloud provider with a strong security and compliance track record and which implements strong security measures as mentioned above. Organisations should also regularly back up data in a separate location and be clear on what their cloud exit strategy is should there be a need to switch providers or return some workloads to on-premises. 

Business value and strategy:

 

How will the cloud support our business strategy and goals? 

The cloud is a hugely powerful enabler of an organisation’s strategy and goals. As we have mentioned, it not only provides the flexibility and scalability to adapt to an organisation’s evolving needs – be that expanding into new markets, launching innovative products or services, or simply improving operational efficiency – it can also help organisations to gain competitive advantage by providing an environment whereby innovation can be accelerated and customer experiences enhanced.

Additionally, the cloud can provide a launchpad for organisations to fuel digital transformation. With a modern IT infrastructure, organisations have a technical foundation upon which AI and machine learning can happen as well as empower organisations to become more data-driven in their decision making. 

Finally, due to the ability to optimise investments, the cloud can help organisations to reduce IT spending by removing the need for costly CapEx investments. 

What are the potential benefits of the cloud for our business, such as increased agility, scalability, and innovation? 

The cloud provides the ultimate flex for organisations. As more or less capacity is needed, organisations can adapt what they invest to suit their situation. While this can have a positive impact on cloud spend, organisations can also have a more informed view of what is in the cloud, how much capacity is being used and who in the system might be spinning up new workloads. This transparency also extends to a governance perspective, as we have mentioned above, as clarity around where data is and how it is being accessed means that organisations can align use with industry compliance needs. 

The enhanced security profile over that of on-premises infrastructures are second to none. This benefits those who may not have the internal resources to implement the same level of protection on their own. 

How will it impact our existing IT infrastructure and processes? 

Whether you have a little (or a lot of) data in the cloud, cloud integration is no longer a challenge. At the scoping stage of a cloud project, it is important to take a high-level snapshot of what your infrastructure looks like and what vendor stacks make it up. It is also important to confirm what processes and governance structures need to be complied with. Once this evaluation is complete, it can be valuable to work with a cloud partner who can support in recommending specific cloud stacks to integrate with your wider IT architecture. They will ensure that there is limited impact to what currently exists, but should there be a need for change, will also guide you on how to limit any wider impact. 

As a result of a move to the cloud and workloads being optimised, we have seen customers realise a 30% reduction in monthly AWS spending whilst improving overall performance of their cloud. 

When it comes to IT investments, the cloud not only makes financial sense, but it can also ensure organisations have the scalability they need to grow in the future, all while providing security measures to reduce risk and provide peace of mind.

If you are a CFO and have additional questions about the cloud, please get in touch