5 Hidden Costs of Cloud Migration: New ISACA White Paper
“Calculating Cloud ROI” Cuts Through Hype
Wellington, New Zealand (22 August 2012) — Cloud computing promises a low cost of entry and fast return on investment, but that ROI can fall short of expectations
if hidden costs are left out of the equation.
A new white paper from global IT association ISACA, “Calculating Cloud ROI: From the Customer Perspective,” takes a close look at the true costs of cloud migration and offers a practical framework for calculating returns on
migrating to the cloud.
The free white paper outlines five hidden costs that enterprises may fail to anticipate when moving quickly to
cloud-based services:
1. Cost of bringing services back in-house due to regulatory change (e.g. stricter data privacy laws)
2. Cost of implementing and operating countermeasures to mitigate risk
3. Unexpected expenses involved in initial migration of systems
4. Loss of internal IT knowledge providing competitive differentiation
5. Lock-in with specific cloud provider or proprietary service model, which may slow down future adoption of open
standards-based services
“Cloud computing represents significant changes to the delivery of traditional IT services, and its advantages have been
well documented for a number of years. However, any movement to a new IT delivery model should identify the proposed
benefits and the cost to achieve these over its entire life cycle,” said Vaughan Harrison, President of the ISACA
Wellington Chapter and Director at PricewaterhouseCoopers New Zealand.
“Organisations should consider the impact of moving to a cloud environment by identifying potential movements in its
current strengths and weaknesses, the ability to achieve future aspirations, cost of service movements and changes to
its risk profile. This does not need to be a complex analysis; however, it should be thorough enough to enable an
informed and supported decision."
Enterprises are increasingly turning to public, private or hybrid cloud models to achieve such benefits as shifting cost
from capital to operational, becoming more agile, and redeploying IT resources to higher-value-added activities.
While these benefits are achievable, this latest guidance from ISACA details a 12-step process that takes a frank look
at the complexity of cloud computing options and the importance of making an informed decision about long-term costs and
payback.
An example of positive ROI as a result of cloud migration is global organisation CA Technologies, which uses a private
cloud to enable resource pooling and on-demand and scheduled resource acquisition, and to support data centre
consolidation and standardisation.
“Early in our deployment we consolidated 44 locations and were able to drive millions in real estate savings and in
productivity gains, as well as a 25 percent reduction in budget,” said George Watt, vice president of strategy, CA
Technologies, who led the cloud deployment.
“Yet, our newfound agility was the unsung hero. From our perspective, one of the most important steps in calculating ROI
is ensuring second-order costs are considered so there is a legitimate understanding of the complete cost of cloud and
non-cloud options.”
To help more companies effectively calculate the ROI for their cloud initiatives, the “Calculating Cloud ROI” white
paper offers the following practical tips:
- Balance the need to be accurate with the need to reach a decision. An overly complex ROI calculation can make it hard to understand why a decision was made or measure its effects. Do as
thorough a job as possible, but don’t let perfect be the enemy of good.
- Cloud is not right for every organisational need. The type of cloud service selected—and the decision to use cloud computing services—depends on the specific enterprise’s
risk appetite.
- ROI is a good start, but other financial indicators should also be calculated. ROI coupled with total cost of ownership (TCO), net present value (NPV), internal rate of return (IRR), or payback
period will provide a more accurate financial picture across the life span of the cloud investment.
- It is far easier and less costly to change a decision when it is still on the drawing board. The time an enterprise spends considering the ROI of various options and selecting the best fit for its needs is time
well spent.
“Calculating Cloud ROI: From the Customer Perspective” is available as a complimentary download at www.isaca.org/cloud-ROI.
This topic will also be discussed at ISACA’s upcoming Oceania CACS2012 conference, which focuses on ‘embracing uncertainty and delivering value in turbulent times’. Held in Wellington from 10-12 September 2012, the conference will feature highly respected industry experts from New
Zealand, Australia and around the world who will present their latest thinking, research and practical experience in
topical presentations and workshops.
For more information on the Oceania CACS2012 conference, including registration details, please visit: www.oceaniacacs2012.org. For more information about ISACA, please visit www.isaca.org.
--
About ISACA’s Cloud Computing Initiative
ISACA has been a pioneer in cloud governance, risk and compliance (GRC). A member of the Cloud Security Alliance, the
association has published IT Control Objectives for Cloud Computing, a cloud computing audit program and cloud-related white papers, and holds cloud-related education sessions worldwide. Its flagship COBIT 5 framework for the governance and management of IT helps enterprises worldwide with effective governance of cloud
initiatives. Members can take advantage of this extensive body of cloud knowledge through the ISACA Knowledge Center Cloud Computing group, which offers expert-led discussions, peer networking, publications, survey data, wikis and online learning.
About ISACA
With more than 100,000 constituents in 180 countries, ISACA (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems
(IS) assurance and security, enterprise governance and management of IT, and IT-related risk and compliance.
Founded in 1969, the nonprofit, independent ISACA hosts international conferences, publishes the ISACA Journal, and develops international IS auditing and control standards, which help its constituents ensure trust in, and value
from, information systems. It also advances and attests IT skills and knowledge through the globally respected Certified
Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of
Enterprise IT (CGEIT) and Certified in Risk and Information Systems Control (CRISC) designations.
ISACA continually updates and expands the practical guidance and product family based on the COBIT framework. This helps
IT professionals and enterprise leaders fulfil their IT governance and management responsibilities, particularly in the
areas of assurance, security, risk and control, and deliver value to the business.
• Participate in the ISACA Knowledge Center: www.isaca.org/knowledge-center
• Follow ISACA on Twitter: https://twitter.com/ISACANews
• Join ISACA on LinkedIn: ISACA (Official), http://linkd.in/ISACAOfficial
• Like ISACA on Facebook: www.facebook.com/ISACAHQ
ENDS