Tech Media Book
Image default
Cyber Security Software & Updates

Do techies need financial skills to avoid overspend in the cloud? Introducing… DevSecFinOps

An angry CFO with an unexpected $50,000 invoice on their desk may not be one of the intended outcomes of a cloud migration project. After all, isn’t the move supposed to save you money?

However, this scenario isn’t uncommon among enterprises that move from the on-premise environment that they have become accustomed to.

It goes without saying that organisations running their systems in a data centre are typically concerned with network and infrastructure issues such as heating and cooling. The overwhelming focus is on hardware. In this traditional environment there are typically a set group of people worrying about the financial and security aspects, allowing the technical infrastructure people to go about their jobs, so long as they operate within those constraints.

When moving to the cloud it is an alarming misconception that the business can carry this same infrastructure perspective into the cloud, treating it as just another data centre, which it simply isn’t. The ability to spin things up at speed creates great opportunity for innovation through agility, but cost and security challenges without having the appropriate controls in place as well.

This means a huge degree of education for the team operating in the cloud. The ability to do things easier and faster requires a new set of skills, known as DevSecFinOps.

Financial awareness may be the last thing on the mind of the tech team, but is frankly no longer an option when operating in the cloud. Rather than be daunting, there should be three core areas of focus:

  • DevOps (development and operations): As we have discussed, do not think of the cloud as another data centre – and that you can simply lift and shift. Any company taking this journey should keep in mind the benefits of optimising and evolving beyond their current ways of working. The key difference is the digitisation of infrastructure and the immediacy of the resulting servers or services
  • FinOps (finance). Building awareness of cost into all actions will empower the IT teams to cover all the bases when undertaking IT improvements. This also demands a level of governance and control around the approval of the spend incurred by seemingly innocuous actions. The challenge is to create a light touch approval process that keeps things moving, rather than a cumbersome ITIL process intended to limit change
  • SecOps (security). A mantra that guides accountability for security within the development process. Similar to finance, there are security implications to most actions. Cloud providers have tried to shield customers from the most serious implications of their actions, but it still requires a significant amount of customer knowledge to keep their organisations safe

The latter two are simply less of a concern when operating on-premise. But, in many cases, the internal resources within the enterprise do not have the experience and expertise around how things work in the cloud. This can lead to mistakes, brought about simply by failing to take advantage of discount programmes or utilising alerts and notifications in case things are trending in the wrong direction. This can result in surprises and overspend simply by not understanding the implications of their actions.

When the CFO asks why they have to spend $50,000 more than planned, the infrastructure team will say they have just been doing what they’re accustomed to, without an understanding of the implications.

This scenario is typical of a major IT transformation project carried out to meet short term objectives. Too often, simply ‘getting to the cloud’ is the end of the journey. Instead, organisations should look beyond the migrate phase and concentrate far more effort on how they ‘operate’ on the cloud. At a practical level, notifications, reports and budgeting tools help monitor spend, along with training to understand how to work in the cloud and pick up on anomalies.

Armed with the right mindset, an understanding of the financial and security implications of their actions, the technical team will be able to leverage the benefits of the cloud and deliver truly game-changing innovation for the business.

Related posts

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy