Cloud Computing Is a Board-Level Strategic Issue

Asian economies are well-placed to take advantage of the potential benefits of cloud computing.

Photo: Sean Gallup/Getty Images

Cloud computing is both old and new. The availability of on-demand computing power is as old as the “time-sharing” concept of the 1970s and “remote data storage” that was developed in the 1980s, mainly to secure data off-site in case of a disaster. The outsourcing of hardware and software to third parties became a valid computing strategy for businesses in the 1990s. But in the last decade, the emergence of faster and smaller computers, high-density data storage and very fast and ubiquitous fiber optic networks has changed the economic equation that governed the placement of computer capabilities in the past.

Asia may have been a bit slower to get off the blocks, but Asian businesses have now joined the race.

Cloud computing, or the provision of access to computer power and/or data without having to have detailed knowledge of its location, is a logical extension of the long-standing concept of “virtualization.” For example, is a virtual address, and to access technical news, a reader does not have to know where the computers running BRINK’s website are. That is resolved, when needed, by a huge network of computers in the Internet Domain Name System.

But cloud computing is also relatively new—particularly in Asia—and as a result, what has been called the “hyper-convergence” of advances in computing, data and networks, also signals a fundamental change to how technology will, in future, support the strategic objectives of a firm.

Today, IT departments are experimenting with moving some of their business applications or databases onto a “public” or “private” cloud, which is provided by a new breed of technology suppliers, such as Amazon, Google or Alibaba, or by old hands at computing, such as Microsoft or IBM. These cloud suppliers claim to be able to provide access to additional computing or data storage on demand, or at least in rapid fashion, and certainly faster than the traditional model of purchasing additional computers. This business model is all about flexibility and (possibly) cost savings.

Risks and Benefits

The vision of cloud computing is extremely enticing for accountants and IT managers. Just move all of our expensive hardware to the cloud, they say, and we will be able to get rid of our huge, expensive data centers and, with a bit of luck, some of our costly staff as well. Though there is a modicum of truth in that vision, it is far from the whole story.

The real story is not about cost savings but about enabling businesses to do things that were not possible before. And there is a second story about the new types of business risks that are created by adopting cloud computing. One major class of risks that is turbocharged in a cloud environment is cyber risks. For instance, an early adopter of cloud computing, the small UK bank Tesco, was the victim of a “monster cyberattack.”

Traditionally, because computers were large, expensive and had to be housed in special data centers, IT purchase decisions were somewhat disconnected from business strategy. Purchases of computers and data centers were considered capital expenses, the costs of which had to be recovered from business savings over a prolonged period (typically 3-5 years). In that process, the chief information officer had to guesstimate what might be needed in the future and propose some very expensive IT purchases ahead of time. But more importantly, for directors, IT has been considered an afterthought—a detail left to be sorted out by technicians.

Cloud computing is a supercharged form of outsourcing, entailing all the risks of traditional outsourcing and more.

But what if IT capabilities could be switched on and off when needed? This is the vision of cloud computing. What if the firm went into a new market and supporting technology could be “switched on” from day one? What if the venture didn’t work; could we then just get rid of the computing costs in the same way as we lay off staff? In theory, with cloud computing, yes.

This changes the dynamics of IT costs, which become an operational, rather than a capital, expense.

This seemingly mediocre change in how IT is accounted for, means that when making strategic decisions, board members will be forced, in future, to consider what type of computing capabilities they will need because that is now an integral part of the strategic cost-benefit analysis. In fact, when products and services are supplied to customers through technology rather than face to face contacts, technology is the strategy.

In turn, this means that directors in future must have a deep understanding of technology capabilities to make better (even adequate) strategic decisions. And if they don’t, more tech-savvy competitors can beat them to market with better products at a lower cost.

But there are some new and potentially devastating risks in this new world.

Risks in the ‘New World’

First, if directors do not realize that they are operating in a new paradigm, then their strategies will fail to achieve their business objectives as nimbler competitors will beat them to market, again and again. This is known as strategic technology governance risk, or a failure to put in place the correct governance structures to manage the strategic impacts of technology.

Additionally, cloud computing is like traditional outsourcing but supercharged, and hence creates all the risks that firms have experienced in the past with outsourcing, and more. For example, which cloud provider? Today, the choice might be obvious—for example, Amazon, Alibaba or Google, because they have thousands of computers and millions of terabytes of data available in their data centers, and they are very successful companies.

But will Amazon or Alibaba be in the cloud business five or 10 years from now, just when a new strategy is about to come into its profitable phase? It is not a reflection on either of these great companies to suggest they might not. These companies are in the business of cloud computing not as their main business but as a way of making marginal profits on unused resources. But if those resources need to be used to support their core business or if the marginal profits do not cover their costs, or importantly their increasing risks, economics would dictate that they exit, or spin off their cloud businesses, which would dramatically change the risk/return equation.

Of the myriad of other strategic technology risks in cloud computing, one other is important. Handing over control of vital resources to a cloud provider may create additional options with respect to strategic flexibility, but it also creates additional complexity, which increases operational risks. The most obvious problem is with a firm’s core systems, which for most firms have been built on old hardware running old software. It is extremely unlikely, because they are old, that they could be moved easily to new technology (or they would have been moved before). So, the most likely situation is one where parts of a firm’s core systems will be migrated to the cloud. But that move increases complexity because the parts in the cloud are no longer under the firm’s control, and if something goes wrong, recovery from problems will be that much more complex and risky.

Going Forward

According to the latest annual Cloud Readiness Index, produced by the Asia Cloud Computing Association, Asian economies are well-placed to take advantage of the potential benefits of cloud computing.

However, the risks and opportunities of cloud computing are so new and potentially so large that decisions can only be made at the strategic level and cannot be outsourced to technologists or third-party providers. Boards will have to step up to the plate to drive cloud strategy, or competitors will.

Article source:

Aquarium Fine Tunes IT Security to a Significant Degree

Aquarium Software Director, Krzysztof Nagrabski

Information security is a field that doesn’t stand still, so due to the introduction of the new GDPR regulations, I’m currently conducting a Certified EU General Data Protection Regulation (GDPR) Foundation Course from IT Governance

The company sponsored training for Krzysztof Nagrabski is all part of Aquarium’s drive to have the best qualified people on the team, versed in the very latest thinking in data protection and information security management, so vital to its existing and future clients and for regulatory compliance.

Aquarium recently passed its three-year external review for both ISO27001 and ISO9001 and as a senior member of Aquarium’s ISO Management team, Nagrabski’s latest qualifications and experience is a key part of Aquarium staying ahead of the game.

“The Information Security course helped me develop advanced knowledge and awareness of the context in which information security operates in safety, environmental, social and economic aspects,” said Krzysztof. “My MSc complements my BSc in Computer Science but to support internal use of ISO 27001 and 9001, I have also completed ISO 9001:2015 Internal Auditor and ISO 27001:2013 Lead Auditor courses.”

The MSc course consisted of four taught modules (Information Security Technologies, Information Security in Practice, Information Security and Risk Management, Software Architecture and Security) and a formal dissertation; with Krzysztof’s entitled, “Prototype software for Small and Medium-sized Enterprises developing an Information Security System based on requirements of ISO/IEC 27001:2013.”

“On behalf of the team, I want to congratulate Krzysztof on his achievements,” said Aquarium Software Operations Director, Andrew Sherwin. “Aquarium operate in sectors where organisations only work with those who can demonstrate the highest standards, so ensuring our staff have the best qualifications possible is an essential part of our commitment to continuous professional development across the business.”

“Information security is a field that doesn’t stand still, so due to the introduction of the new GDPR regulations, I’m currently conducting a Certified EU General Data Protection Regulation (GDPR) Foundation Course from IT Governance,” added Krzysztof. “In the next six months, I will be taking the CISM exam too.”

“Krzysztof is proof there is far more to data security and ISO than mere box ticking,” added Sherwin. “The process is not just an opportunity to improve company performance, important though that is. Employees are the engine of any business and fine tuning our staff ensures we have the tools we need to deliver the standard of service our clients have come to expect and rely on us for.”

Aquarium Software is currently being implemented by a number of key pet insurers, and affinity partners in the UK, Europe, USA and Canada. For further information contact Aquarium Software on

+44 (0)161 927 5620 or visit

Article source:

Cloud Computing Growing Faster Than Expected, Reached $260 Billion in 2017

The global public cloud services market revenue is expetec to grow by 18.5 percent in 2017 reaching $260.2 billion, up from $219.6 billion in 2016, according to the latest report from Gartner, Inc. From the report: “Final data for 2016 shows that software as a service (SaaS) revenue was far greater in 2016 than expected, reaching $48.2 billion. SaaS is also growing faster in 2017 than previously forecast, leading to a significant uplift in the entire public cloud revenue forecast. … SaaS revenue is expected to grow 21 percent in 2017 to reach $58.6 billion… The acceleration in SaaS adoption can be explained by providers delivering nearly all application functional extensions and add-ons as a service. … The highest revenue growth will come from cloud system infrastructure services (infrastructure as a service, IaaS), which is projected to grow 36.6 percent in 2017 to reach $34.7 billion.”

Worldwide Public Cloud Services Revenue Forecast:

(Billions of U.S. Dollars / Source: Gartner – October 2017)

Related topics: Cloud Computing

Article source: