John Kogan, who headed up finance at four different technology firms before becoming CEO of Proformative, an online resource for finance professionals, agrees. “CFOs’ lives are going to be directly impacted by cloud computing,” he says, “but they don’t know much about what public and private clouds are, or how they differ.”
Telford says both types of cloud computing save money compared with a traditional IT infrastructure, with private clouds producing about 60% to 80% of the savings compared with public clouds.
But results vary widely from one company to another, and in some cases opting for a public cloud may actually cost more. In particular, companies with large numbers of highly virtualized servers may not gain anything from putting most workloads into a public cloud, where the meter would be constantly running for thousands of employees. “We have 100,000 servers, so we always have sufficient capacity,” says Diane Bryant, CIO of Intel Corp. “I have no reason to pay for a service that I have the scale to provide internally.”
Despite its vast and efficient infrastructure, however, Intel does use some public-cloud services for a handful of back-office tasks, like payroll and employee expense reporting. “But there are very few of those,” Bryant says.
At the other end of the spectrum, Asahi Kesai Spandex America, a $70 million, independently operated subsidiary of Japanese conglomerate Asahi Kesai, maintains its manufacturing and warehouse systems in-house, but relies on a public-cloud service (from NetSuite) for its ERP. “It’s a necessity given the size of our company,” says CFO David Stover. “I can’t afford to have an IT specialist whose sole function is to manage an SAP system.”
Cloud computing has huge momentum, and plenty of genuine promise. But CFOs need to lead a careful financial analysis before their companies rush to either shed infrastructure in favor of a public cloud or invest in it further with the goal of creating a private cloud (not to mention “hybrid clouds” that shift work back and forth between public and private clouds; externally managed private-cloud services; and other permutations of the cloud concept). “Don’t do it for the sake of doing it,” says IBM’s Telford. “Too many times in the history of IT, companies have heard about some new thing and jumped on the bandwagon without doing the appropriate ROI analysis.”
David McCann is senior editor for technology at CFO.
Safe and Sound?
Regardless of its cost-saving potential, cloud computing often faces an uphill battle when it comes to concerns over data security. After all, data is flowing over a public network. While cloud firms can get a SAS 70 certification for their transaction-processing controls, there are not yet any widely accepted standards specifically for certifying cloud-computing security. Still, a recent report from Deloitte found that, “generally, the level of computer security, data-privacy practices, and expertise of major cloud-service providers are likely to be greater than those provided by an in-house IT staff and systems.”
“Everybody in the cloud business is working on hardening security,” says Brian Ott, vice president of the worldwide cloud program at Unisys. “Within two years, I believe it will no longer be the number-one issue making people hesitate to go into a public cloud.”
Cloud computing also poses a different sort of data-security risk: the chance that your data may be hard to move should you switch providers. Deloitte cautions cloud users about the danger of “lock-in,” that is, having your data managed in an operating system and associated architecture that inhibits portability. Intel CIO Diana Bryant agrees. “Providers will make it very easy for you to develop and run applications in their clouds,” she says, “but it may be very expensive to port it into a different one, and they know it. The last thing you want is to have no choice.” — D.M.