How To Ease Executives’ Concerns About Moving To The Cloud

6200 0

Believe it or not, cloud computing has been around in practice (if not in name) since the 1950s. Back then, computers cost millions of dollars per machine, so companies shared them to cut costs.

It wasn’t until 50 years later, in 2006, that we began to call CPU time-sharing “cloud computing.” At an industry conference that year, Google’s then-CEO Eric Schmidt remarked, “What’s interesting is that there is an emergent new model…It starts with the premise that the data services and architecture should be on servers. We call it cloud computing — they should be in a ‘cloud’ somewhere.”

Sure enough, Schmidt was right, and his term stuck. Today, 93 percent of organizations use cloud services, according to McAfee, and 80 percent of their IT budgets will soon be devoted to cloud computing.

Despite the obvious and long-standing movement toward the cloud, some executives still fear off-site IT. Many of them know that cloud-based services cost an average of 30 percent less than comparable on-site solutions. Some of their predecessors even shared time on yesterday’s mainframe machines.

It’s time to help such executives see what’s already in front of them: For corporate IT, the cloud is a safe, secure, and cost-effective solution.

What Executives Worry About

Without the cloud, IT cannot move toward the complete utility model it must become. As the backbone of modern business, IT must be both reliable and flexible, capable of meeting today’s needs while evolving toward tomorrow’s. It must be always-on, highly functional, and seriously secure.

Those needs, coupled with the falling costs of subscription models, make the cloud an ideal IT platform. But four concerns often stop executives from making the switch:

  1. “Does our team have the right skill set?”

It’s no secret that the business world is short on workers with cloud skills. Just as executives see a shortage in systems administrators and architects, they see a shortage of people who understand how to architect business processes in the cloud. With rapidly changing tools, they wonder whether their existing teams can keep up.

Fortunately, migrating to the cloud doesn’t mean companies need to hire a whole new team. Explain that smashing silos and moving to cross-functional teams can provide IT with the talent it needs.

To shore up any skill gaps, provide IT professionals with access to cloud courses. The “big three” — GoogleAzure, and Amazon Web Services — all offer certification programs and educational courses. For businesses that don’t keep major IT roles internal, managed service providers can help offset the expense of hiring a full team of cloud architects and engineers.

  1. “Does it cost too much?”
    When executives look at the upfront costs of cloud migration, they don’t exactly see savings. They then start to worry about the utilization costs of pay-as-you-go services. It’s true that costs can get out of control in a cloud environment if a company doesn’t understand the resource demands of its applications and services.

The first step is to define a target operating model specific to the cloud. Then, contrast that with the company’s current operating model to help executives envision the cloud’s full value chain. By creating a TOM to identify the processes to migrate — as well as associated costs — a cloud transition can be transparent, minimally invasive, and driven by long-term ROI.

To mitigate utilization costs, cloud access security brokers can help. CASBs act as middlemen between providers and users, monitoring data usage and, in some cases, recommending optimizations.

  1. “Does it align with business objectives?”

Moving to the cloud doesn’t have to feel like ripping off a Band-Aid. While migrating legacy processes to new platforms isn’t easy, migration can be done incrementally to minimize business disruption.

When presenting a cloud proposal to executives, split the migration into manageable chunks. Start by moving email and other resources that cannot afford downtime. Plan the migration of customer-facing software, such as portals, for periods of low utilization. Consider hybrid options that integrate on-site resources with cloud technology, making use of new capabilities while limiting interruptions.
As for objective alignment, highlight how infrastructure improvements will boost productivity and allow for as-needed scaling. Before Dunkin’ Brands migrated to AWS, it struggled to predict and manage on-site capacity for its digital customer experiences. After beginning the migration, it quickly realized benefits like lower costs and improved reliability.

  1. “Is the cloud secure?”

Despite myths to the contrary, the cloud tends to be more secure than on-site environments. Only poor usage of cloud technology can render it less secure. By implementing and enforcing access guidelines, companies can prevent breaches without lagging behind the latest technology.

To keep the cloud secure, urge executives to maintain robust visibility into processes, APIs, key management, and access controls. Multifactor authentication and access logging, for example, are musts in any cloud environment.

Security responsibilities vary by specific model and provider. Cloud service providers offer third-party attestation reports outlining their shared responsibility model to clarify which partner is responsible for which security roles. Most providers also provide implementation guides outlining best practices for using their services. As long as both parties understand their roles and adhere to their policies, cloud security should not be a concern.

Change — especially change on a grand scale — can understandably frighten executives. Don’t let fear hold the company back. Anticipate executives’ questions, prepare for them in advance, and show company leaders why cloud migration is the right choice.

About Brad Thies
Brad Thies is the founder and president of BARR Advisory, an assurance and advisory firm specializing in cybersecurity, risk management, and compliance. Brad speaks regularly at industry events such as ISACA conferences, and he is a member of AICPA’s Trust Information Integrity Task Force. Brad’s advice has been featured in Entrepreneur, Cloud Computing Journal, Small Business CEO, and Information Security Buzz. Prior to founding BARR, Brad managed KPMG's risk consulting division. He is a CPA and CISA.

In this article