CLOUD COMPUTING FOR ACCOUNTANTS
12.30 – 13.00 ICAEW
Risk and Return
Mark Skilton,
Global Director, Capgemini Applications Outsourcing
Co-Chair , Cloud Computng Workgroup, Cloud Business Artifacts Project
+447787692197
Mark.skilton@capgemini.com
Version 2
September 24, 2010
Cloud Computing for Accountants
Risk and Return
An overview of security, risk and return, providing guidance on
risk assessment, ROI (contracting cloud to traditional
investment), and models to help decision making
Agenda
- The ROI Value of Cloud
- The Risks of Cloud
- The Risk-Reward Trade-off
- Example Cloud Scorecards
Cloud Computing
© Copyright Capgemini 2010 All Rights Reserved
2
Expectations are High !
The ROI Promise of Cloud Computing
Cost Compression
20-80% reduction in support costs
1:2 to 1:5 times reduction in support and maintenance costs
through virtualization and redistribution of FTE resources from internal
to external
Time Compression
weeks  Hours / minutes provisioning
1:5 to 1:500 times faster Provisioning and de-provisioning
Business capability
weeks  Hours / minutes sourcing
1:5 to 1: 100 times faster Transformation
Access to new business services and solutions.
Continual service support and development 50-200% faster
1:2 to 1:10 times faster access to development and continuous
improvement, leverage shared ecosystem
Cloud Computing
© Copyright Capgemini 2010 All Rights Reserved
3
Cost/ Performance
The trade-off
IMPROVE
BUSINESS-IT
Performance
COST
SAVINGS
AddedValue
QoS
“Race to the Bottom”
Time
Cloud Computing
© Copyright Capgemini 2010 All Rights Reserved
4
The ROI Value of Cloud
Cloud Computing
© Copyright Capgemini 2010 All Rights Reserved
5
A “Cloud Icon”
The Myth of Capacity Utilization
Predictions Cost Money…
Capacity-Cost Performance
Capacity
Compute
Storage
…
You just lost
customers
Large
Capital
Expenditure
Opportunity
Cost
Predicted
Demand
Traditional
Hardware
Actual
Demand
Automated
Cloud capacity
Source: Amazon Web Services
Time
Cloud Computing
© Copyright Capgemini 2010 All Rights Reserved
6
Cloud Computing is more … a range of Business Operating
Metrics
Increase Margin
(Make more money)
Dynamic capacity,
utilization
Speed of Cost reduction
- Cost of adoption / de-adoption
Optimize
Ownership
use - faster
access to new
assets,
capabilities
Dynamic usage
- Elastic
provisioning &
service management
Risk and Compliance
Improvement
Rapid Provisioning
Skills, and capabilities
dynamic sourcing
Cloud Computing
© Copyright Capgemini 2010 All Rights Reserved
7
Capital and Cash flow leverage
Speed of Cost reduction
- Cost of adoption / de-adoption
Optimize Ownership use - faster
access to new assets, capabilities
Rapid Provisioning
Cloud Computing
© Copyright Capgemini 2010 All Rights Reserved
8
Value creation
Increase Margin
(Make more money)
Dynamic usage – Elastic provisioning
& service management
Risk and Compliance
Improvement
Cloud Computing
© Copyright Capgemini 2010 All Rights Reserved
9
The Risks of Cloud
Cloud Computing
© Copyright Capgemini 2010 All Rights Reserved
10
BUT for the Returns there are Risks ….
There are three key considerations within a fourth business Context
What Benefits ?
Business goals
Qualitative
Quantitative
ROI
TCO
Value
WACC
Cash flow
Value Creation
What Risks ?
What performance ?
QoS
Risk
Scorecards / Metrics
SLA Objectives
Impact severity
Planned
Unplanned
Mitigated
Devolved
Remove / Urgent
Shared
Cloud Computing
© Copyright Capgemini 2010 All Rights Reserved
11
What security, compliance risks in Cloud ?
 Provider lock-in, lock-out
 Data security
 Compliance and regulations
 Service Level Agreements
 Customization and service assembly
 Backup/Recovery entrusted to vendor
 Higher long-term cost
Cloud Computing
© Copyright Capgemini 2010 All Rights Reserved
12
Lessons Learnt – 1
1. Organizational Security Management – does the cloud
certify to your industry standards and work with your IDM ?
2. Authentication (use, admin, both) of guest OS or at VM
hypervisor – can you get the level of control and audit of
the cloud services ?
3. Customer own defined standard Catalog & Virtual
images – can you define your own catalog standards ?
4. Monitoring management – does cloud link to your
configuration and licence management systems?
5. Incident handling management – is this verifiable and
managed to your standards ?
6. Specify which geographic areas would be permissible
for location of customers’ data – do you have control of
location and service access ?
Cloud Computing
© Copyright Capgemini 2010 All Rights Reserved
13
How a CIO made a business case for a cloud computing solution
http://searchcio.techtarget.com/news/2240021582/How-a-CIO-made-a-business-case-for-a-cloud-computing-solution
Case Study : 3 by 3
Harvard Medical School
DEMAND
SUPPLY
3 Types of Cloud Service
e.g Extra
1000 cores
for short
period
Burst Services
“Plug the
node”
Users but own IT assets
and contribute to Cloud
node Network Total capacity
Incremental
Server
Cluster
Shared Common
Service Platform e.g. email,
Storage
1000 To 5000 Core roadmap
Demand and Supply
Stakeholder liaisons
Private Cloud
3 Chargeback methods
Burst
Tactical
Cloud
Services
Leasing
Strategic
Cloud
Services
Support
Charge backs
Commodity
Cloud
Services
Blanket Subsidized
Capacity
Service Charge for
per Core for period
Service Support
Charge
Group charge
allocation
Investigating Hybrid Cloud – burst to Pubic cloud to get
public cloud cost savings
questions on HIPPA compliance…
Cloud Computing
© Copyright Capgemini 2010 All Rights Reserved
14
The Risk-Reward Trade-off
Cloud Computing
© Copyright Capgemini 2010 All Rights Reserved
15
Cloud ROI model
FASTER, BETTER , CHEAPER…
SUPPLY
DEMAND
What type of Workload and Service ?
Seasonal, Peak
loads
Identify Candidates for OPEX Transition?
Burst
Tactical
Cloud
Services
Expanding Growth
Strategic
Cloud
Services
Short term Peak
Commodity
Cloud
Services
HIGH COST
OF CAPITAL
HIGH COST
OF CAPITAL
LOW CASH
FLOW Vol/Freq
HIGH CASH
FLOW Vol/Freq
Cost Of
Capital
LOW COST
OF CAPITAL
LOW COST
OF CAPITAL
LOW CASH
FLOW Vol/Freq
HIGH CASH
FLOW Vol/Freq
Cash Flow
Cloud Computing
© Copyright Capgemini 2010 All Rights Reserved
16
Target your Workloads for Cloud
40k
Strategic
Cloud
Services
30k
Cost/
annum
20k
Economic
Click barrier
TRANSITION
Zone
$
OPERATIONS
Zone
Commodity
10k
Cloud
Services
Burst
Tactical
Cloud
Services
DEV/TEST
Zone
1 Hour 1 Month
1 Year
1k
3 Years
Period
Cloud Computing
© Copyright Capgemini 2010 All Rights Reserved
17
Economics of the Cloud
Predictable Workload – Steady Demand
Scenario 1
Predictable workload + Variable workloads
Scenario 2
Cloud versus On-premise
Cloud
Purchase
Off-premise
On-Premise
e.g. $35K annual Cost
amortized over 3 years
Burst
Tactical
Cloud
Services
Strategic
Cloud
Services
Commodity
Cloud
Services
Reserved Cloud
Purchase
Co-Location
Scenario 3
Hybrid Cloud versus On-premise
Purchase
On-Premise
e.g. $17K pa
Purchase
On-Premise
+ Cloud
e.g. $16K pa
e.g. $15K pa
OPEX
e.g. $8K pa
CAPEX
CAPEX
e.g. $10K pa
CAPEX
CAPEX
CAPEX
CAPEX
Cloud Computing
© Copyright Capgemini 2010 All Rights Reserved
18
Cloud ROI model
Traditional TCO
FASTER, BETTER , CHEAPER…
CLOUD TCO
Other
Other
Security costs
Type of Security costs
Monitoring costs
Type of Monitoring costs
Upgrades//Maintenance
Part of Service Charge
Enhancements
Outsourced..
Migration costs
Migration costs
Customization
Configuration vs Customization
Software
Software
Software Licences
OS Licences
Fixed Monthly
Pay-per use Service Charge
Hardware
Hardware
PC/ Device costs
Network costs
PC/Device costs
Outsourced
Part of Service Charge
Annuity / Monthly
Pay-as-you-go
Service Charge
Transition
Costs
Server costs
Storage costs
Buildings/ Staff
Buildings/ Staff
FTE Staff Costs
Partial FTE Staff Costs
Energy, Cooling
Outsourced
Facility Costs
….
Part of Service Charge
….
Cloud Computing
© Copyright Capgemini 2010 All Rights Reserved
19
Identify scenarios for Cloud ROI Projects
Examine the Cash flow Positions
Sensitivity Analysis
• Pricing
Cloud Solutions
• Forecast accuracy of use
ROI
iv
i ii iii
• Predicted workloads , fixed
and variable
v
• Under / Over provisioning
• Flexibility costs
• Cost avoidance
• Security & Compliance costs
Time
• Staff / Skills availability
• Business Risk cost impacts
•…
Identify what gaps and actions
Cloud Computing
© Copyright Capgemini 2010 All Rights Reserved
20
Lessons Learnt - 2
1. Conduct Assessments of the opportunities and risks and use cases of cloud
computing to test cases to understand the technical and business risks of cloud
2. Develop and Establish Governance requirements for cloud operations. Identify
who owns cloud in the business from a user perspective and service provider
management perspective ?
3. Identify the tools needed to monitor and manage application development and
infrastructure development lifecycles
4. Determine Data and privacy classification to prioritise risk criteria of what
goes in the cloud and what stays on-premise
5. Identify Demand - for cloud resources and tactical projects and work towards
common cloud standards usage, identifying “cloud champions” and service users
along the way
6. Choose Strategic Partners and Vendors -identify which vendors and partners to
work with, testing vendors and establishing requirements that fit your organization
7. Using benchmarks to validate project requests for the cloud. Create
scorecards and benchmarking procedures to assess projected and actual ROI.
Cloud Computing
© Copyright Capgemini 2010 All Rights Reserved
21
Potential gaps are possible between
Business provisioning Cloud services
versus
IT department managed services
So… establish your cloud service strategy today with all your stakeholders,
Sources of demand and supply for IT and business
Cloud Computing
© Copyright Capgemini 2010 All Rights Reserved
22
Example Cloud Scorecards
Cloud Computing
© Copyright Capgemini 2010 All Rights Reserved
23
Cloud ROI Scorecard
New Cloud KPIs
Funding profiles
• Cash flow after
taxes (CFAT)
• Capex
• Opex
• NPV
• WACC weighted
average cost of
capital
• ARPU Average
Revenue per user
• AMPU Average
margin per user
• CAR Cost of
asset recovery
24
Cloud Computing
© Copyright Capgemini 2010 All Rights Reserved
24
Cloud Risk Scorecard
Risk and Security
ROI of Security example Levers
Security services target:
• Identity federation costs  10-20% certification
• Integration services costs  20-30% prebuilt
• Industry Compliance costs  30% - 40% standards
25
Cloud Computing
© Copyright Capgemini 2010 All Rights Reserved
25
Cloud QoS Scorecard
Service management
in the Cloud
Key QoS factors
example Levers
• Fix on fail  Fix before Fail
• Service Level compliance & tool investment
• RTO effectiveness
• Certification of Factory services
• Catalog solutions compliance
• Continuous development & release
• Licensing compliance
26
Cloud Computing
© Copyright Capgemini 2010 All Rights Reserved
26
Examples of Benchmarking
Speed of Provisioning
27
Data and compute latency
Cloud Computing
© Copyright Capgemini 2010 All Rights Reserved
27
Cloud Compliance Checklist
28
Cloud Computing
© Copyright Capgemini 2010 All Rights Reserved
28
Thank you
Cloud Computing
© Copyright Capgemini 2010 All Rights Reserved
29
Introduction to the Speaker
Mark Skilton,
Outsourcing
Global
Director,
Capgemini
Applications
Mark joined Capgemini 2009 with responsibilities for Global service
offer development and delivery readiness. He has 25 years
experience in IT and has held various positions as European CTO,
Chief Architect, global Architecture community chair and founder of
an SOA academy and CoEs. He is currently a Co-chair of The Open
Group Cloud Computing Work Group Project for Cloud Business
Artifacts and Cloud ROI and has published and spoken globally on
the subject of Cloud computing. He recently authored a highly
successful white paper on Cloud ROI which has been widely
syndicated and has been published in the British Computer Society
Year Book for 2010. He is currently co-authoring a Book on Cloud
Computing with The Open Group due Q1 2011.
Cloud Computing
© Copyright Capgemini 2010 All Rights Reserved
30