How to balance cloud investment risk
- 14 January, 2019 14:52
The C-suite and boards of directors often think about investment decisions under three key pillars – Will this decision make money? Will it save money elsewhere? And what is the risk?
Risk assessment is a key element to any investment. When it comes to IT, there is a line in the sand between being cautious and positioning a business to be flexible to meet the demands of digital services, and this is where IT leaders find themselves from a risk perspective today.
Outages are the main risk when it comes to IT. Research from Vertiv estimates that unplanned IT outages cost businesses an average of A$11,750 per minute, lasting an average of 64 minutes. That is only the initial financial risk – there are further risk around customer and stakeholder relationship damage that must be weighted.
On the flipside, businesses are told they must be agile and ready to deploy new digital services at the snap of a finger. Failure here can affect the ‘time to market’ risk and put businesses at a competitive advantage. Conversely, spinning up services quickly can put pressure on the IT environment and raise the risk of a costly outage.
The public cloud has emerged as a solution to satisfy the often-conflicting demands of flexibility versus risk. It is widely perceived as being highly secure while also offering services that can be quickly deployed and consumed within a business, a perfect match.
The way it is purchased also makes it easier to digest from an investment perspective, as it comes in ‘little and often’ waves rather than one large up-front cost, speaking to the criterion of budgetary risk.
But all may not be what it seems. In the midst of public cloud’s growth, there has been a faction of former advocates bucking the trend and retreating from the public cloud.
The dangers of public cloud
Michael Dell stated his company has seen a public cloud ‘boomerang effect’. Sure, you could argue it’s in his interest to say so, but there are reasons to believe public cloud might not be all it’s cracked up to be, and that it creates new problems that don’t exist in the private sphere.
Major public cloud outages, such as Amazon Web Services’ (AWS) US-East-1 region power outage in March, which reportedly took down hundreds of services offline worldwide, are legitimate cause for concern. Running services through public cloud providers takes a layer of security outside of your control.
Even if you’re happy to trust the confines of the public cloud, its security is only as good as the service level agreements in place to manage your relationship. Moreover, depending on the nature of your business and compliance requirements, public cloud may not be an option at all.
Cost is another issue causing concern among public cloud users. Initially, the incremental spending model seems positive and easy to maintain and budget for. But over time, as businesses deep dive further into it, they often find those costs continue to rise and that reversing out of the cloud is more expensive and difficult than they thought. We recently conducted our first annual Enterprise Cloud Index that highlighted almost a third of Australian businesses investing in public cloud services were breaking their budget to do so.
This changes the conversation around risk and the public cloud and makes us wonder what other options might be out there that better balance the risk v flexibility debate.
Finding a better balance
The answer is still cloud – just not in the way it is primarily considered, but private or enterprise-level cloud.
Private cloud uses similar technology to its public counterpart, but remains inside the business. That ticks the security and compliance requirements highlighted above and means you’re not at the mercy of public cloud outages, just your own – and if you’ve invested in the right private cloud environment, these risks should be minimised.
These systems also satisfy the favoured OPEX spend criteria, but without the penalties of public cloud lock in – another risk box ticked. Businesses can buy enough infrastructure software to run what their IT environments need today, and more tomorrow if something flexible comes up.
The bottom line is that public cloud does not satisfy the risk criteria of IT spend as well as it may be perceived. Businesses need to weigh the benefits and risks of public cloud against modern systems, not archaic ones the public cloud has easily made obsolete.
If public cloud is to be used, it should be as part of an overall hybrid cloud strategy, not as a panacea for IT woes and solution for all IT needs. Most importantly, it should not be viewed as the best answer to the all-important risk assessment questions.
Neville Vincent is Vice President, ASEAN, India and Australia and New Zealand, Nutanix.