The COVID-19 pandemic has been an accelerator of cloud services adoption. According to a report by International Data Corp., total worldwide spending on cloud computing, including hardware, software, and supporting services, will surpass $1 trillion in 2024, sustaining a compound annual growth rate of 16%.
Of course, most of those dollars are being sucked out of the budgets of small and large enterprises at a sometimes astonishing pace. After all, the cloud delivery model for all kinds of IT resources is one of the pillars of the digital transformation underway at many organizations. More significantly, in many companies, new cloud service purchases aren’t closely tracked.
Finance executives, previously more familiar with budgeting for server hardware and software licenses, have a new IT-related challenge: How to get a handle on and best manage the costs of burgeoning cloud services.
If that isn’t a high priority for a CFO, it should be. A 2020 study by International Data Group and IT services provider Insight revealed that public cloud cost overruns are strikingly common. The study was based on a survey of 200 U.S. business and IT executives. About 70% of the respondents said their organizations had experienced public cloud costs as much as 62% higher than initially anticipated.
A separate survey of senior enterprise IT professionals by Pepperdata found that cloud spend for 2020 was expected to be over-budget by between 20% and 40%.
Unplanned cloud adoptions, lack of merger and acquisition integration, and data egress charges (for removing data from a cloud service in a large file transfer) were the top reasons cited for cost overruns. When asked to identify the top three IT modernization challenges, nearly one-third of the executives cited the need to optimize their current cloud environment to manage cloud costs. That included the aim of leveraging cloud services more “natively” — running cloud applications that are purpose-built and tailored to take full advantage of the cloud’s benefits.
The nature of cloud services and how they’re deployed make controlling costs inherently tricky. Many organizations have adopted a multi-cloud strategy — acquiring business applications, software development capabilities, and infrastructure components from more than one provider.
Moreover, many employees and contractors potentially have access to cloud resources, which can quickly expand as needs grow. After all, the cloud, by its nature, has virtually limitless capacity, which can mean overspending if there’s no one watching.
“We’ve seen this [struggle] accelerate since the pandemic,” says Tracy Woo, a senior analyst at Forrester Research. The pandemic compressed timelines for cloud adoption and forced enterprises to provide on-demand data-access and applications to remote employees in days or weeks, not months. For some organizations, that meant spending money on the cloud without going through an exhaustive review of other vendor options and the all-in costs of operating in the cloud. That lead to the underestimation of things like security and compliance-related expenses, which are significant factors in cost overruns.
“Overestimation of product usage and architecture type contribute to uncontrolled cloud costs as well,” says Kurt Ishaug, CFO at Entrust, a provider of data protection technology.
Deciphering cloud vendors’ invoices after-the-fact requires substantial effort. “Even though cloud providers claim transparency with their line-by-line billing, what the charges mean can be very confusing,” Woo says. Bills can contain hidden fees for such things as storage for deleted or stopped instances, application programming interface (API) gateways, and undetected workload configuration changes.
Finally, adding to the lack of controls are the expectations executives have for cloud services. Even this late in the game, organizations still have the mistaken belief that moving to the cloud will lead to cost savings. “So, the focus on managing costs isn’t there,” Woo says. “We tell clients that shifting workloads from the data center to the cloud doesn’t mean cost savings, but rather should be seen as a tool for innovation.”
Cloud services deployment is typically managed and maintained by IT or business line executives. But (and it shouldn’t require mentioning) given the rising expenses and the importance of cloud services to the business, CFOs need to be involved.
“Public cloud costs can easily grow when uncontrolled and are difficult to reduce without significant business or customer impact,” Ishaug says. CFOs should work closely with the chief information officer and IT team to carefully manage resources, purchase approvals, and other elements.
One area in which CFOs can make a valuable contribution is in fleshing out the real costs of available cloud options, says James Meadows, managing partner and CFO of law firm Culhane Meadows. Often, the cloud offers a temporary benefit in the form of lower ‘per transaction’ costs,” Meadows says. The CFO, rightly, will expand the discussion to include the full lifecycle of the cloud service, including the initial conversion, operations, and end-of-term implications, along with a consideration of the operational risks.
Besides CFO involvement, critical to any cloud optimization strategy is governance. Governance is important because analysis of cloud services should not end with evaluating and selecting a cloud provider.
“Business needs and strategies evolve — organically and in reaction to ‘emergencies’ — and the cloud solution needs to evolve with those needs and strategies,” Meadows points out. As workloads in the cloud are scaled and become increasingly complex, proper governance policies for the use of public, private, and hybrid clouds are essential.
Governance should happen on two levels. At the organizational level, it is used to manage the overall cloud optimization strategy. At the solution level, it is used to manage each cloud service and each service provider relationship. Solution-level governance enlists a sourcing or procurement department to oversee all cloud contracts and consolidate the cloud payment process.
“The sourcing process maintains visibility, especially financial, across the organization’s solutions, and will provide that information up to the top governance level,” Meadows says.
The sourcing process also provides a contract management function, serving as an interface or clearinghouse of input from constituencies throughout the company, including the risk management, IT, and legal departments.
The success of governance efforts relies on a tight feedback loop between application developers, cloud managers, and business leaders. Says Woo, “Cloud managers and app developers must have a strong collaboration, to help guide developers to the cloud platforms and services best suited for each application.”
Any worthwhile cloud cost-management program requires diving into the nitty-gritty of contracts. For already deployed applications or new ones, cloud managers should monitor performance, availability, and compliance to maximize cloud spending and ensure that service-level agreements (SLAs) are met. Woo says the performance metrics should be reported back to the business to guide the next phase of cloud development.
SLAs require particular attention upfront. Organizations should aim to negotiate customer-specific SLAs and reach an agreement on price protection and termination language, Meadows says. “Contractual protections are critical, in part to ensure that remedies are available if needed,” he says. But even more important, they ensure that service providers pay an appropriate level of attention to the company.
Termination language tends to be the most overlooked area of the contract, Meadows says, and poses some of the greatest risks. At the end of term, when a vendor is losing the organization’s business, simple cooperation language is rarely enough, he says. Specific obligations and associated cost protections are required to ensure that this does not become, at best, the vendor’s last opportunity to make a profit, or at worst, a nightmare for the customer trying to leave the relationship.
Finally, a good cloud cost management and optimization plan should include regular communications and training.
Says CFO Ishaug: “Determine the cloud expertise your business needs, ensure the appropriate executive-level support is involved in decision-making, and develop and require continuous training, so employees are equipped with the skills they need to be successful as the business scales.”
Effective cloud cost management requires all of the above. But, points out Woo, CFOs should make sure management teams understand that cost management also fills the operational gaps created when using cloud service providers.
“Cloud providers present abstracted and standardized services for consumption and offer basic metrics to monitor those services, she says. But “it remains a cloud consumer’s responsibility to understand whether the services rendered meet the company’s operational requirements.”
Cloud costs can be hard to see. But amidst a rapid shift to cloud platforms, CFOs need to find the time to make them visible and hold managers accountable for them.
Bob Violino is a freelance writer based in Massapequa, N.Y.
COVID-19 brought an initial burst of investment, but then buying moderated.
Total business spending on cloud computing services rose at the onset of the pandemic. However, fluctuations occurred over time, and organizational size played a big role. Enterprise organizations analyzed by VMware’s CloudHealth unit increased cloud spending levels by only 3% in March 2020, but in May 2020 showed a 23% increase in cloud investment. According to CloudHeath, that was because many suppliers offered discounts on on-demand service rates in exchange for long-term usage commitments.
On the other hand, after upping spending 7% in March, the hard-hit small business segment showed a consistent drop in cloud spending levels. By May, spending had fallen 5% compared with January. CloudHealth attributed that to cost-cutting efforts among a segment “with the least financial stability to withstand the pandemic’s economic uncertainty.”
Spending by midmarket companies showed the least volatility, rising 1.7% in March and changing within a small band through September. At that point, midmarket cloud investment was up 11% over January. According to CloudHealth, the segment “contains younger organizations with IT systems ‘born in the cloud.’” These organizations tended to have “processes for scaling usage efficiently before the onset of the pandemic,” enabling them to stay on course.
CloudHealth is one of a large group of companies offering cost management tools for cloud spending. The tools’ primary function is reducing costs by optimizing efficiency and cloud resources, says Tracy Woo of Forrester Research. An important secondary function is their role as a collaboration platform that acts as a mediator between application developers, IT or cloud centers of excellence, finance, and executives, she says.
Cost management tools can provide the right level of granularity on the use of infrastructure resources and their effect on cost, Woo says. For instance, they can indicate that cloud costs have escalated due to a particular new application that requires significant resources to run.
Egnyte, a provider of content collaboration systems, has begun using a software tool to manage cloud-based applications costs, says CFO Suzanne Colvin. The product monitors the quantity of services purchased and actively used. It also helps with provisioning and de-provisioning cloud services to ensure that they’re only turned on where needed, says Colvin. | B.V.
When going through a new cloud services contract, pay particular attention to these five areas.
Various statutes govern the privacy and confidentiality of specific kinds of information. Whatever those requirements may be, the privacy and confidentiality of customer data must be protected. Any such requirements or desires should be set forth expressly in the contract, or they may not be enforceable.
If a contract addresses the issue at all, it is likely to promise to provide only “reasonable” data security, or perhaps to adhere to “industry standard” security practices. While such promises sound good in the abstract, they are open to considerable interpretation and argument. It is preferable to specify an actual, specific, independent security standard and require that it be updated, and perhaps audited, regularly.
The amount of guaranteed “uptime,” the process and timeline for dealing with “downtime,” and the consequences for any failures to meet those requirements should be spelled out clearly. In the context of a “free” service, additional “free” service may be of no great customer benefit and no great disincentive to the provider.
The contract should expressly make clear that all data belongs to the customer (and/or its users) and that the provider acquires no rights or licenses, including without limitation intellectual property rights or licenses, to use the data for its own purposes by virtue of the transaction.
Contracts typically give the cloud provider the right to suspend the service or to terminate it altogether upon certain events or conditions. Such provisions may not be unreasonable in the abstract, but they should be limited in scope to only truly significant matters, provide for an opportunity to cure the alleged violations or some form of escalation rather than instantaneous implementation (except in the case of true emergencies), and give the customer an adequate time to make alternative arrangements for its data or service.
Source: The CommLaw Group
This information does not, and is not intended to, constitute legal advice.