How to avoid becoming a victim of ‘cloud shock’

Buyers of public cloud need to ensure that they understand the full cost of the services they require or they could have an unpleasant shock when their first bill arrives.

The headline costs for public cloud services can appear to be remarkably good value, with server/instances running at just a few pounds per month. However, there is much more to running a service/application, and organisations need to ensure they consider all aspects of how their services operate if they are to avoid an unpleasant shock when their first bill arrives.

This does not mean public cloud is necessarily more expensive or a bad choice – simply that it is vital to prepare a comprehensive business case before migrating services, as once you have migrated, you are stuck with what the provider gives unless you undertake another migration, which is likely to be time-consuming and risky, plus will bring further business interruption.

[easy-tweet tweet=”Buyers of public cloud need to ensure that they understand the full cost of the services they require” hashtags=”cloud, consumer, tech”]

All public cloud services are metered in some way; this can be both a good and bad thing, dependent on the application or service and its expected use.  The review should consider three factors; firstly, understanding what is included in the proposed cloud service and the service’s charging structure.  Are there other elements required to safely run the application not included in the base service price, such as security, resilience, management, patching and back-up?  Secondly, what is the application’s purpose and likely usage patterns?  Thirdly, how fast much is it likely to grow, in both users and data?

Think of buying public cloud as if you are buying space inside the shell of a building to create a flat. You get the basic premise, but have to decide how to provide everything else you need, including management and monitoring of back-end components, backup, anti-virus, and patching.  As you are sharing the facilities with other residents, you also need to provide your locks for the internal doors – in the case of cloud services, security.

Take a simple application that you believe your business uses 9am to 5pm weekdays.  With metered cloud costs, hosting this in public cloud can look significantly cheaper than fully loaded internal costs. However, the application will probably require additional systems such as login/authentication, network etc., and these need to be powered up beforehand, so the requirement quickly becomes 7-9. Then add multiple interactive systems, increasing complexity and cost. Shutting down and restarting has to be sequenced, and some employees will want access outside core hours, so you actually require 24×7 running. Your costs are now three times the originally budgeted price and you still need to add monitoring and management. Users tend to keep servers, data and all network traffic running 24×7, so end up paying significantly more than they originally anticipated.

The second aspect requires an understanding of the finer points of the applications you are planning to move. In public cloud services such as AWS, it costs 1p per GB each time servers in different domains talk to each other, and 8p per GB to send data over the Internet. This seems minimal, but with some applications, servers have a constant two-way dialogue and hence costs can quickly escalate. Similar problems can arise when trying to put a custom application into Microsoft Azure. If an application is not optimised for public cloud, it may be more appropriate to retain it in-house or use a managed cloud service.

Finally, organisations need to consider how much data they are storing in the cloud. Which organisation is hosting and managing less data than they were a year ago? The best way to keep this under control is data classification, followed by a visit to each department to say: “we have this volume of your data; how important is it to the business and can we delete it?” For this reason some people refer to cloud as ‘the revenge of the ITIL manager’!

[easy-tweet tweet=”With some apps, servers have a constant two-way dialogue and costs can quickly escalate.” hashtags=”cloud, tech”]

Despite these issues, public cloud is a good option in many cases. If there is a good SaaS available, it makes sense to use it. However, many providers are currently offering something that is more like PaaS, so you will need to provide some aspects of the service yourself, or use a managed cloud service.

To prepare a watertight business case for a potential move to cloud, the first step is to baseline your existing IT provision against business requirements. This enables you to categorise and prioritise the systems appropriate to be migrated to cloud. You can then design the new architecture for those services and plan the migration before going to market. Most suppliers have different cost models but armed with your definitive blueprint you can make a realistic comparison between the various offers.

It is also important consider the soft elements of service delivery, such as SLAs and how they provide ongoing support.  You could accidentally increase costs if you select a cloud platform or supplier that insists all transactions are via a portal with no opportunity for human interaction if all the processes your organisation uses demand human interaction.

Some services can and should run in the public cloud, some in private cloud and some should remain on-premise, creating a hybrid infrastructure that needs managing and monitoring. You should, therefore, retain key skills in-house to control both costs and security of your new hybrid cloud environment.  You have to take responsibility for asking your cloud provider to deliver the appropriate levels of information security and need to measure and audit them yourself to ensure that the relevant security is applied.

+ posts

CIF Presents TWF – Ems Lord


Related articles

The Future of Marketing: Automation vs Innovation

Does AI Understand Your Brand Voice? AI is dropping jaws...

AI Act – New Rules, Same Task

The first law for AI was approved this month...

Time to Ditch Traditional Tools for Cloud Security

Reliance on cloud technologies has significantly expanded the attack...

AI Show – Episode 3 – Guy Murphy

In this third episode of The AI Show! Host...

6 Ways Businesses Can Boost Their Cloud Security Resilience

The rise in cloud-based cyberattacks continues to climb as...

Subscribe to our Newsletter