Calculating Cloud Cost: 8 Factors to Watch
If you're not careful and don't regularly assess the impact of your usage, moving to the cloud could have a negative impact on your bottom line.
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt64584548c2ac08d0/64f0d6681bf5366182bf979f/cloudcost-intro.jpg?width=700&auto=webp&quality=80&disable=upscale)
The decision to embrace cloud should not be purely based on cost. After all, there are many factors driving cloud adoption, and most aren't based on financial savings but agility, says JP Morgenthal, CTO of Application Services at DXC Technology.
"It's more of an operational concern than a cost concern," he explains, noting that, as you adopt cloud-based infrastructure and applications, what should be top-of-mind is not the price tag but the myriad ways in which the change will affect business processes. People are moving to cloud for improved agility, productivity, and quick access to sophisticated tools, he says, not to save money.
"A few years ago, I would have said most are enabling their business to get to the cloud, trying to save money," adds Robert LaMagna-Reiter, director of information security at First National Technology Solutions. "I think they quickly learned that's not the case."
Moving to the cloud is a process that affects the entire enterprise. So, while cost should not be the sole factor driving adoption, it's something all technology and business leaders will want to keep in mind. Cloud is also complicated with several factors driving the overall price. Consequently, cost reduction is no longer a top driver for cloud adoption. But as you prepare to embrace the cloud, you'll want to know how the change will affect your overall budget, and why.
Let's take a close look at eight common and often unforeseen costs that businesses face as they adopt, and operate in, cloud-based environments. Were there any unexpected costs you encountered as your company shifted to the cloud? Feel free to share in the comments.
Businesses may not be adopting cloud to save money, but many are still alarmed to find it could cost more than their on-prem processes. "The number one surprise is, 'Why do we have an increasing cost?'" says DXC Technology's Morgenthal. A major issue, he says, is most don't have the same sophisticated methodologies for protecting the public cloud as they do in on-prem data centers.
Moving applications to the cloud means relying on services and determining how to leverage the "economics of the cloud," he explains. If you have a monolithic application in the cloud, he says, you could ultimately pay more than if you ran it on-prem.
You can mitigate the effects of this change by redesigning applications so they maximize available cloud services and the business only pays for the resources it uses, he says. Instead of having a big Oracle cluster you operate yourself, for example, you might take advantage of Oracle's relational data services, or Amazon's Aurora services. It could help to rely on pay-per-use services from the cloud provider, as opposed to relying on a core set of vendor applications.
Businesses will need to determine how they are going to aggregate and correlate all event logs to get a uniform understanding of how their operations are running in real time, says First National Technology Solutions' LaMagna-Reiter. The power and processes needed to handle all that data can lead to unexpected bills.
"You need to consume and correlate data to get an accurate depiction of how to react and respond to network incidents," he says. As they handle more data in the cloud, businesses will need to learn how to manage larger and more diverse computing environments.
Once data is in the cloud, he continues, it can be expensive to get out. Any sort of auditing in the cloud, outside of publicly available documentation, will cost money. Data discovery, and copies of data stored in the cloud, may cost extra. LaMagna-Reiter says some larger cloud providers can't provide the flexibility that governments and other industries are used to.
A major expense will be the type of attestation or insurance you need on your cloud infrastructure, says LaMagna-Reiter. Some organizations, such as government agencies that require FedRAMP, may pay extra for an environment that's been vetted to meet required standards. Certain cloud services may not have the correct attestation or be PCI-compliant.
Security teams will need to ensure the controls they have in place match the controls they had in on-prem environments. Consider a business that handles sensitive credit card data, for example. If the data is moved from an on-prem environment to a PCI-certified cloud, it doesn't negate your responsibility to ensure you're also moving PCI framework items (tokenization, encryption, multi-factor authentication) that don't come to the cloud by default.
Everyone is always on the lookout to find all-inclusive solutions, he continues. While some providers offer turnkey solutions with everything included, most companies will end up with hybrid cloud infrastructure, keeping critical operations in-house and moving other workloads to Amazon Web Services and Azure. In some cases the apps will have to be slightly re-architected. All cloud providers have different architectures behind the scenes, he notes.
Using multiple vendors is the best long-term strategy for multiple reasons, one of which is cutting costs, says Bellasio. Some companies may use AWS for critical applications and move non-critical apps to Azure, where storage is cheaper. Some may want to run applications on a platform where they have better connectivity in certain regions.
Alex Brower, vice president of marketing for Cloud Academy, points out that using multiple providers could also cut costs in mitigating the risk to organizations. Many businesses use public cloud providers but don't fully understand where they're responsible for security. Major cloud providers are addressing this by highlighting which aspects of security they don't cover.
"Over the last 15 to 18 months, AWS, Azure, and Google have been building in features that make clear to teams using their solutions which aspects of the shared responsibility model fall into the realm of companies using the public cloud," he says. For example, teams operating in AWS are required to fully use the built-in security tools.
The complexity of cloud worsens, and price increases, if there's poor coordination between the business and security teams, says LaMagna-Reiter. Their partnership is key. Both parties must have a seat at the table when cloud projects and modifications are underway.
"It's not the intent of the business to exclude security," he notes. "But if there's not a well-established relationship between business and security, that's where it can sometimes bite the business at the end."
The two teams need to form a collective understanding of which protections apply to which types of systems and data in the cloud. When everyone's on the same page, it's just a matter of agreeing on how they're going to implement it.
Morgenthal points out how many cloud-related costs can vary and recommends implementing processes and tooling to keep an eye on them. Tools like CloudCheckr and other billing SaaS apps can alert you to abnormal costs related to your AWS or Azure environment. If you typically spend $10,000 to $12,000 and your cost spikes to $25,000 billing apps will make you aware of it.
Sometimes it's a simple mistake; for example, a developer unintentionally leaving a machine running longer than intended. If you're not careful and don't regularly assess the impact of your cloud usage, the cloud could have a negative impact on your bottom line.
Morgenthal points out how many cloud-related costs can vary and recommends implementing processes and tooling to keep an eye on them. Tools like CloudCheckr and other billing SaaS apps can alert you to abnormal costs related to your AWS or Azure environment. If you typically spend $10,000 to $12,000 and your cost spikes to $25,000 billing apps will make you aware of it.
Sometimes it's a simple mistake; for example, a developer unintentionally leaving a machine running longer than intended. If you're not careful and don't regularly assess the impact of your cloud usage, the cloud could have a negative impact on your bottom line.
The decision to embrace cloud should not be purely based on cost. After all, there are many factors driving cloud adoption, and most aren't based on financial savings but agility, says JP Morgenthal, CTO of Application Services at DXC Technology.
"It's more of an operational concern than a cost concern," he explains, noting that, as you adopt cloud-based infrastructure and applications, what should be top-of-mind is not the price tag but the myriad ways in which the change will affect business processes. People are moving to cloud for improved agility, productivity, and quick access to sophisticated tools, he says, not to save money.
"A few years ago, I would have said most are enabling their business to get to the cloud, trying to save money," adds Robert LaMagna-Reiter, director of information security at First National Technology Solutions. "I think they quickly learned that's not the case."
Moving to the cloud is a process that affects the entire enterprise. So, while cost should not be the sole factor driving adoption, it's something all technology and business leaders will want to keep in mind. Cloud is also complicated with several factors driving the overall price. Consequently, cost reduction is no longer a top driver for cloud adoption. But as you prepare to embrace the cloud, you'll want to know how the change will affect your overall budget, and why.
Let's take a close look at eight common and often unforeseen costs that businesses face as they adopt, and operate in, cloud-based environments. Were there any unexpected costs you encountered as your company shifted to the cloud? Feel free to share in the comments.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024