Cloud Computing is a Board Level Strategic Issue

As a rule, when I wish to republish a paper or article I request permission from the original publisher. The paper here was published in October 2017 by Brinks News, a subsidiary of Marsh MacLennan. However, the Brinks website has long gone, and the paper is no longer available on the rebranded Marsh.com website, so the original article is republished here.

Cloud computing is both old and new. The availability of on-demand computing power is as old as the ‘time-sharing’ concept of the 1970s, and ‘remote data storage’ was developed in the 1980s, mainly to secure data off-site in case of a disaster. The outsourcing of hardware and software to third parties became a valid computing strategy for businesses in the 1990s.  But in the last decade, the emergence of faster and smaller computers, high density data storage and very fast and ubiquitous fibre optic networks has changed the economic equation that governed the placement of computer capabilities in the past.

Cloud computing, or the provision of access to computer power and/or data without having to have detailed knowledge of its location, is a logical extension of the long-standing concept of ‘virtualisation’.  For example, ‘www.brinknews.com’ is a virtual address, and to access technical news, a reader does not have to know where the computers running Brink’s website are, that is resolved. when needed, by a huge network of computers in the Internet Domain Name System (DNS). 

But Cloud computing is also very new, and, as a result what has been called the ‘hyper-convergence’ of advances in computing, data and networks, it signals a fundamental change to how technology will, in future, support the strategic objectives of a firm.

Today, IT departments are experimenting with moving some of their business applications or databases onto a ‘public’ or ‘private’ Cloud, which is provided by a new breed of technology suppliers, such as Amazon, Google or Alibaba, or by old hands at computing, such as Microsoft or IBM. These ‘cloud’ suppliers claim to be able to provide access to additional computing or data storage ‘on demand,’ or at least pretty quickly, and certainly faster than the traditional model of purchasing additional computers.   This business model is all about flexibility and (possibly) cost savings.

The vision of Cloud computing is extremely enticing for accountants and IT managers. Just move all of our expensive hardware to the Cloud, they say, and we will be able to get rid of our huge, expensive data centres and, with a bit of luck, some of our costly staff as well.  And there is a modicum of truth in that vision, but it is far from the full whole story.

However, the real story is not about cost savings but about enabling business to do things that were not possible before. And there is a second story about the new types of business risks that are created by adopting Cloud computing.

Traditionally, because computers were large, expensive and had to be housed in special data centres, IT purchase decisions were somewhat disconnected from business strategy. Purchases of computers and data centres were considered capital expenses (CAPEX), the costs of which had to be recovered from business savings over a prolonged period (typically 3-5 years).  In that process, the chief information officer (CIO), had to guesstimate what might be needed in the future and propose some very expensive IT purchases ahead of time.  But more importantly, for directors, IT has been considered an afterthought, and a detail that would be left to be sorted out by technicians. 

But what if IT capabilities could be switched on and off when needed, which is the vison of Cloud computing? What if the firm went into a new market and supporting technology could be ‘switched on’ from day one? What if the venture didn’t work, could we then just get rid of the computing costs in the same way as we lay off staff? In theory, with Cloud computing, yes!

This changes the dynamics of IT costs, which become an operational, rather than a capital, expense (OPEX).

This seemingly mediocre change in how IT is accounted for, means that when making strategic decisions, board members will be forced, in future, to consider in some detail what type of computing capabilities they will need because that is now an integral part of the strategic cost-benefit analysis. In fact, when products and services are supplied to customers through technology rather than face to face contacts, technology is the strategy!

In turn, this means that directors will in future have to have a deep understanding of technology capabilities in order to make better (even adequate) strategic decisions.  And if they don’t, those competitors that are more tech-savvy will beat them to market with better products, at a lower cost.

 However, there are some new and potentially devastating risks in this new world.

First, if directors do not realise that they are operating in a new paradigm, then their strategies will fail to achieve their business objectives as nimbler competitors beat them to market, again and again.  This is known as strategic technology governance risk, or a failure to put in place the correct governance structures to manage the strategic impacts of technology.

And there are other risks that directors must recognise. Cloud computing is outsourcing on steroids and hence creates all of the risks that firms have experienced in the past with outsourcing, and more.  For example, which Cloud provider? Today, the choice might be fairly obvious, for example Amazon, Alibaba or Google, because they have thousands of computers and millions of terabytes of data available in their data centres and they are very successful companies.

But will Amazon or Alibaba be in the Cloud business, five or ten years from now, just when a new strategy is about to come into its profitable phase.  It is not a reflection on either of these great companies to suggest they might not be. These companies are in the business of Cloud computing not as their main business but as a way of making marginal profits on unused resources. But if those resources need to be used to support their core business or if the marginal profits do not cover their costs or importantly their increasing risks, economics would dictate that they exit, or spin-off, their Cloud businesses, which would dramatically change the risk/return equation. 

Of the myriad of other strategic technology risks in Cloud computing, one other is important. Handing over control of vital resources to a Cloud provider may create additional options as regards strategic flexibility but also creates additional complexity which increases operational risks. The most obvious problem is with a firm’s ‘core systems’, which for most firms will have been built on old hardware running old software. It is extremely unlikely, because they are old, that they could be moved easily to new technology (or they would have been moved before!) So, the most likely situation is one where parts of a firm’s core systems will be migrated to the Cloud. But that move increases complexity because the parts in the Cloud are no longer under the firm’s control and if something goes wrong, which it invariably will, recovery from problems will be that much more complex and risky.

The risks and opportunities of Cloud computing are so new and potentially so large, decisions can only be made at the strategic level and cannot be outsourced to technologists nor third party providers.

Boards will have to step up to the plate to drive Cloud strategy, or competitors will.