Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

# 'Calculating Cloud ROI' gives IT managers the math to argue for cloud budget

When the time comes to get in line to ask the chief financial officer (CFO) for budget money for cloud services, will you be ready to compete with everyone else in the organization who also has their hand out? Financial managers want to see return on investment, and a written guide now out entitled "Calculating Cloud ROI: From the Customer Perspective" gives you step-by-step advice on how to do the math to argue for cloud-based services, whether public or private.

Published by ISACA, the membership organization for IT security and audit professionals, the Cloud ROI guide gets right to the point to say it's calculated using return on investment cost to estimate financial outcome. "This calculation considers both the costs of an investment and its expected gains, and yields an estimate of how favorable the investment will be," the guide points out.

The formula is expressed as:

ROI = (Gain from Investment - Cost of Investment)                                 _______________________________

Cost of Investment

In other words, says one of the Cloud ROI's authors, Marc Vael, head of internal audit at Brussels-based IT company Smals and president of ISACA's Belgium chapter, it's expected that anyone using the Cloud ROI calculation should define "gain from investment." By way of example, if there's an estimated \$900,000 gain in cost savings and new revenue over a specific period of time, minus the cost of the investment, which might be \$600,000, divided again by the cost, then the ROI would be said to equal 50%.

This "gain from investment" variable can include things such as "not having the infrastructure or maintenance people" that might otherwise be needed for a traditional enterprise network. It could also include the prospect of "new revenue" because the cloud provider may have a service and application that "will give you access to other markets" and "a broader global reach" than you might not otherwise have, Vael points out. This is one reason why IT professionals should always be carrying on discussions with business unit managers about cloud-based options.

The ISACA Cloud ROI guide also has long list of likely expenditures associated with cloud, such as upfront, recurring and termination cost items that anyone considering cloud service should think about. Not only might there be a question of "technical readiness" to deal with cloud use, there are various fees that might be overlooked, such as change and vendor management. There is also the question of "termination costs" to revert to an on-premises model or switch to another provider.

Some of this detailed financial information will be readily available in cloud-provider contracts, but there will also likely be times you'll need to pry this out of them, Vael acknowledges. The guide also covers "business challenges" that focus on possible negative aspects of cloud, such as "incompatibility" with corporate IT infrastructure that has to be integrated, or security and compliance issues, or fear of vendor lock-in.

The ISACA Cloud ROI guide is intended to cover service models that include infrastructure as a service, platform as a service and software as a service. It defines several characteristics, as well as deployment models defined as private, community, public and hybrid.

The other key financial concepts applied to cloud are "total cost of ownership" (intended to "uncover the lifetime costs of acquiring, operating and maintaining something") and "net present value," defined as a calculation of "the present value of an investment by the discounted sum of cash flow disbursements over a period of time," plus "internal rate of return." The ISACA guide gives these formulas, too.

While all this financial calculation may strike some as excessive, the thing to remember is that when the IT department or any business unit goes in front of the enterprise CFO or executive management to ask for money, this is exactly the type of discussion they want to hear, with numbers ready to defend ideas about spending corporate dollars on technology, says Vael. One other idea he offers is to try and find a "neutral party" in the organization to make sure everyone asking for budget dollars is counting everything in the same fashion, so it's fair and even playing field.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: @MessmerE. Email: emessmer@nww.com.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

1

You are on the right track with this approach. Yes, of course, it may be overkill for some, and for others it may not be enough.

What matters is that clients, vendors AND media understand that cloud is not a panacea, it has costs, and it has risks. In return, it offers great savings, great flexibility and great scalability.

Imran Anwar
http://blog.imran.com

Related Whitepapers
Latest Stories
Latest Blog Posts

• ### Avoiding your cloud vendor’s success trap

Whitepapers
• Building a Better Mousetrap in Anti-Malware
This story is becoming frustratingly old. Cyber threats are continuously advancing in their adaptability speed, sophistication, and degree of stealthiness. At the same time, the exposed footprint is expanding. More business operations are moving online and end-user devices—corporate-issued and user-owned—are expanding in number and variety. A reasonable question asked by executives responsible for making decisions on their organisations’ security budgets is whether their money and resources are being spent wisely. Are their businesses buying and using the best mix of security technologies to meet their needs and obligations? Read on.
• The Big Data Security Analytics Era is Here
Large organisations can no longer rely on preventive security systems, point security tools, manual processes, and hardened configurations to protect them from targeted attacks and advanced malware. Henceforth, security management must be based upon continuous monitoring and data analysis for up‐to-the‐minute situational awareness and rapid data-­driven security decisions. This means that large organisations have entered the era of big data security analytics. Learn more.
• Best Practice in BYOD
The key trend affecting enterprise mobility today can be summarized in four letters: BYOD – Bring Your Own Device. As the number of end-users bringing devices into your organization grows, so does the need for an effective Enterprise Mobility Management (EMM) solution. Learn how to manage devices across multiple platforms all from a single, centralised and unified management console. Download for more!
• 1

• 2

• 3

• 4

• 5

• 6

• 1

• 1

• 1

• 1

Latest Jobs
Zones

Visit zone »

Visit zone »

Visit zone »