Examining the Sunny and Stormy Sides of Taking Your Business to the Cloud

September 12, 2019

By Rahul Mahna and Nina Kelleher

Sooner or later, organizations will have to decide if they should use the cloud for their business needs. The decision-making process can be complicated because for every benefit there can be a negative. As such, let’s take a look at both sides of the evaluation process.

Positives

Going to the cloud gives you the ability to scale and grow or shrink on demand. For example, you can have a full server during the day, but make it automatically become dormant at night. Cloud servers are often billed by the minute or hour, so the ability to have usage flexibility can greatly improve the financial aspect of cloud technology implementation and usage.
Backup and disaster recovery (BDR) is a major concern for organizations—and rightly so. Having data in the cloud is inherently a better BDR solution for typical users who use an on-premise solution.

The financial implications are clear. IT budgets are changing from a typical buy-and-install capital expense to more of a lease-and-use on-demand operational expense. This has a big impact on an organization’s profit and loss statement.

Negatives

Many feel like they do not want to lose control by housing sensitive data outside of their office; and it is true that by pushing to the cloud, you lose some control. IT governance now becomes a shared responsibility between the organization and the service provider. There may be gaps in control expectations. To avoid this pitfall, organizations need to think about their risk appetite and assess the types of data they secure. Adopting a risk-based approach while evaluating a cloud strategy are critical.

Many financial firms have questions about their data being on the same servers as, say, a small pizzeria. There is no way to completely separate where your data goes when it’s in the cloud. It generally will be co-mingled with many other users’ data, and you are relying on the service provider to have the proper security controls in place.

Although the financial implications change, as previously noted from capital expenditure to operating expenditure, so does cash flow. In a capital-expense model, you make a one-time purchase and then own. In a cloud-based model, you pay monthly forever, which certainly can be a long-term commitment. You must examine the cost/benefit ratio to determine the best fit for an organization.

Pros and Cons

You can make both pro and con arguments. Ultimately, the decision should rest on your particular application and use. You should have a strong subject matter expert to help you in the process. Collectively, try to create a flexible situation where you can change your approach with minimal costs should your business environment change.

Have Questions or Comments?

If you have any questions about this media item, we'd like to hear your opinion. Please share your thoughts with us.

* Required

Rahul Mahna is the Managing Director of Managed Security Services within EisnerAmper’s Process, Risk and Technology Solutions (PRTS), with extensive experience in information technology and cybersecurity solutions to our clients.

Nina Kelleher is a Senior Manager specializing in Process, Risk, and Technology Solutions (PRTS) with expertise includes planning, executing and leading audits, conducting risk assessments and completing financial statement due diligence.