Does your CFO feel safer in the Cloud?

This article was written by Roger Camrass, director of CIONET UK and a visiting professor of the University of Surrey, and is based on the conversations during a dinner on ‘data security and back-up in the cloud’ sponsored by Solutions and Veritas in London this November.

The CIO of a global trading house has adopted a ‘cloud-first’ policy. However, the move has created dramatic variations in monthly bills. Under public cloud it has become almost impossible to predict annual IT operating costs.

The CIO of a global logistics group recognises that despite high levels of security in some public cloud offerings, the ultimate responsibility still rests on his shoulders. Cost is just one factor in comparing cloud arrangements. Security comes a close second.

These and many more interesting cloud insights emerged at a dinner on ‘data security and back-up in the cloud’ sponsored by Solutions and Veritas in London this November. Most of the fourteen IT and business executives around the table were committed to a hybrid on-premise/public cloud arrangement, but many raised concerns over where this might take them and how their CFOs might react.


It is just ten years since public cloud emerged as a disruptive force across the IT services sector. With the advent of powerful new players such as Amazon and Salesforce, many traditional IT vendors such as HP and CSC have been decimated by its effects. Only incumbents Microsoft and Adobe have truly grasped the ‘cloud moment’. Analyst projections suggest that Cloud will overtake on-premise spend by 2025 heralding a revolution in the way IT services are provided.

But what is the customer’s perspective? According to our delegates, take-up has been relatively sluggish despite the many announcements of a ‘cloud-first’ strategy. Most companies are adopting public cloud in their office suites such as Microsoft’s 365, Skype and Google Apps. Equally, Software as a Service (SaaS) such as CRM and HR have begun to chip away at monolithic ERP systems such as SAP or ORACLE. Cloud also provides a convenient platform for Test and DevOps. But for the most part, opinion favoured on-premise for core applications.

How might Cloud appeal to the CFO?

Delegates were forthcoming in naming some of the advantages of public cloud that might appeal both to IT and the CFO. This included platform scalability, ability to spin-up new applications and associated businesses rapidly. Also, for those with limited funds to invest in IT, cloud offered an opportunity to swop-out CAPEX for OPEX. In addition, Public Cloud provides a practical and well proven solution to data storage, back-up and disaster recovery.

However, there was considerable debate over the economics and security of public cloud around the table. Most concluded that equivalent levels of security to on-premise are bought at a premium price from cloud vendors. One executive said that he required all his DevOp staff to close cloud-based applications every eight hours to avoid penal ongoing charges. Time to access data in the cloud also appeared to be a stumbling block for companies operating real-time transactions such as trading houses.

We were left feeling that ‘C’ Suite executives, especially the CFO, would have growing concerns about a wholesale transition to public cloud services both from a cost and security point of view. This seemed to reflect current realities around the table.

The CFO needs to address Cloud issues

As has been the case for virtually every era of IT disruption, effective governance at the ‘C’ Suite level came high on the delegate’s list of priorities. Of importance here was:

  • Controlling costs – the advantages of ‘pay-as-you-go’ OPEX spend on public cloud often obscures the high levels of volatility that some companies may encounter. For those with low margins, such volatility is unacceptable to the Board
  • Enforcing end-to-end security – public cloud is only one component of the end-to-end data supply chain. Few if any cloud vendors will contract to guarantee a fully secure solution. This leaves organisations vulnerable to cyber-attacks
  • Dealing with Legacy – the time and cost of migrating legacy applications to public cloud may be impractical even under a ‘cloud-first’ strategy. Instead, organisations can progressively surround legacy with a complement of SaaS offers such as CRM
  • Working in Multi-cloud – to avoid fragmentation of data many companies are adopting open standards and APIs that allow interworking between different public clouds. We all need to learn lessons from the era of distributed processing in the eighties.

Now is the time to adopt tighter governance

Cloud is no longer a technical issue that is confined to the IT organisation. Business executives are adopting different forms of cloud on an as-needed basis, and IT has difficulty monitoring take-up. It is likely that most functions will migrate to SaaS based solutions given the savings in people and constant flow of feature upgrades. This will blur boundaries between traditional IT responsibilities and those of other areas of a company.

The advent of vertical sector clouds could also begin to transform supply chains and associated business models, as we are seeing in pharmaceuticals, automotive and media. Most companies are adopting horizontal cloud platforms within their functions. Few have ventured yet into vertical cloud adoption.

Within IT itself, the transition from Waterfall development to DevOps and Agile implies a much greater dependence on cloud platforms that provide scalability and an ever-wider range of tools, including AI. In this current ‘multi-modal’ world of IT development and test, CIOs need to be vigilant about costs, security and back-up. Just one failure can impact both internal and external reputations.

The dinner concluded by stressing the importance of bring the CFO into the ‘cloud’ discussion and gaining support for tighter governance that will be needed to ensure data integration and integrity.

Share your experience and join the conversation

  • Is your CFO in or out the ‘cloud’ discussion?
  • How has that contributed, positively or negatively, to adoption and effective governance?

For more information please visit us at CIONET-UK