Cost: The Most Telling Factor in System Security

Why shedding your hardware brings value.

Scott Studio 2 595e678cbfebc

It’s a battle as old as time. Well, at least it feels like it. I’m talking about the debate between having your enterprise system operate in the cloud ecosystem or through on-premise hardware. Lines have been drawn with chief information officers and IT directors, choosing sides based on several factors, and their idea of the pros and cons of each.

Me? I’m a believer in the cloud.

There are a lot of reasons why running your enterprise system on the cloud is a good idea, but the only one that matters is cost. I don’t mean purely dollars and cents of hardware from an accounting perspective, but the real costs (savings) of using the cloud environment versus on-premise. In fact, cost is permeated throughout every facet of the discussion between cloud and on premise. 

The S-Word

When discussing pros and cons of the two main system environments, one cautionary tale that always pops out to me is the case of the four $1.38 million computers. About four years ago four computers were stolen from a large health care provider in Illinois. This provider used an on -remise environment and had infrastructure which encouraged stored data (including hyper-sensitive personal information about patients) on its devices, including those computers. After it was all said and done, the health provider paid a $5.55 million settlement because of the breach. Four computers. $5.55 million. That kind of costs shows that having your system hosted and managed on-premise is borderline negligent in most cases.

The impact of system breaches is only going to grow. Actually, IT Web reports that the cost of data breaches and data loss will surpass $2.1 trillion by 2019, as more and more information is kept in digital form. Most of those breaches will come from existing IT systems and not form sloppy deployments or emerging technologies. Even small data breaches of less than 100 records lost could cost an organization as much as $555,660, so any way you look at it, the cost of weak system security is steep.

This begs the question: what’s the cost of strong system security? Well, to be truly “strong” you need various levels of authentication, multiple layers of redundant backups in different locations, sophisticated disaster recovery plans, a self-healing service fabric that allow business continuity plans to be implemented seamlessly, geo-restrictions, encryption and other tools. It also calls for a team of enterprise system security experts who focus all their energies on preventing breaches and intrusions before they happen. The investment to create this on-site is massive, as the cost of buying servers and placing them in the janitor’s closet doesn’t cover this.

The cost of hosting your system in the cloud, however, does cover this. 

Availability and Access

When you’re strategizing on how to grow your business, you focus on grabbing more market share, innovating faster than competitors, continually improving your customer experience and reducing overhead. In developing those plans, you assume you’ll always have a working system with all devices and data accessible. So, what happens when that’s not the case? The industry standard for high availability is 99.999 percent uptime, which all but guarantees you will always have access to your system and data. To achieve this, you must eliminate opportunities for single points of failure, develop reliable redundancies, and have a maintenance system that detects failures as they occur so that it never reaches the user.

Major cloud providers can provide infrastructure that achieves this 99.999 percent uptime, but it’s virtually impossible for small- or medium-sized businesses to mimic the infrastructure required to achieve this.

A small percentage of downtime doesn’t seem like a big deal (hint: it is), but the unpredictability of when that downtime will hit is what is scary. For some organizations, downtime can mean missing a deadline for a huge customer and losing that business. Or, it could mean opening the door to an intrusion that could cost an extraordinary amount of money in fines and settlements.

The cost of buying servers and placing them in the janitor’s closet doesn’t cover the cost of downtime, while the cost of cloud prevents downtime from ever happening.

Need for Speed

The old saying “time is money” is true in just about every situation, but especially when building and deploying enterprise systems. Having an IT department build out an on-premise system hosting environment is pure overhead. Having reviewed the costs of deploying a system with weak security (see above), an organization isn’t going to want to cut corners, which means a lot of overhead.

To build a system the right way is going to take months. That means months of costs to build the system and months of not having the system your organization needs to achieve its goals. The overhead is not just pure IT costs, but a delay in the ability to accelerate deployment of new systems, which means a longer route to achieve the ROI of a new system because the access to new markets, improved efficiency and overall readiness for growth takes longer.

On the other hand, developing or migrating a system to the cloud is more like the flip of the switch, with certain respects. The speed of deploying the cloud saves months and months of costs and lost productivity.

The cost problems don’t stop once the system is built. Any on-premise system was built for a certain capacity—either for the capacity the organization is hoping to grow to need or for the capacity it does currently. Either way, there is no flexibility and a lot of inefficiency, which leads to higher costs.

With a cloud environment, not only are costs predictable, but an organization is able to control costs based on their needs. Whether scaling down or up because of a change in needs, cloud costs adjust accordingly. For many businesses, this supports their true revenue cycle, where system capacity can expand for two months to accommodate a busy season, or scale down for slower times. The best part is that the cloud provider is responsible for scaling and maintaining the high availability.

The cost of buying servers and placing them in the janitor’s closet doesn’t cover the costs of building a system with high availability or scaling. 

Keep it Simple

In business, complexity usually means additional costs. In addition to the complexity of building a system, there is the complexity of doing the accounting that surrounds it. An on-premise system becomes a capital expenditure with depreciation that requires ongoing costs for housing, powering, cooling, managing, tracking and insuring—all of which are costs that fluctuate.

Choosing to use the cloud environment for a system is a simple and straightforward line-item expense. No unexpected fees or costs.

Are you growing, shrinking, plan to move, or perhaps not planning to move but lost a lease? Relocating your server equipment is costly, takes a lot of planning and time, not to mention the downtime. With a cloud environment, you can move your business, but your critical systems stay put—no additional costs, no headaches. You get your weekends back, too.

The cost of buying servers and placing them in the janitor’s closet doesn’t cover the unexpected. In fact, there are a lot of costs that come with building an on-premise system, which make such an environment only justifiable for businesses whose margins are huge. Of course, there are many factors to consider when evaluating on-premise versus cloud environments for your enterprise system, but everything boils down to cost. And when it comes to cost, the cloud can’t be beaten, penny per pound.

Scott Kameron is the chief operating officer at EVS, a provider of ERP software. He has served as the COO and as a principal at EVS since 2008. He began his career in high tech enterprise systems in 1998 at Hewlett Packard while still in college. Kameron later spent nearly seven years working for IBM Global Services, primarily in project leadership roles. Following IBM, he worked for Xerox Global Services in various regulatory compliance and technology-based services consulting roles before returning to graduate school. Kameron joined EVS shortly after earning his master’s degree from the University of Denver. Today, he brings Fortune 500 process and operation experience to the small and mid-sized market space through his management and delivery of EVS’ product and service offerings.