The potential ROI in those areas is large. So are the potential risks. In the near future, companies may begin to see more evidence of the negative aspects of cloud adoption as the hype begins to taper.
“Organizations that have been early and successful adopters of cloud have obviously promoted that success, and so have their vendors,” says Rob Livingstone, who heads an IT advisory practice in Sydney, Australia. “But the cloud projects that have failed or fallen short of expectations have not generally been visible. That has led to an asymmetry in perceptions of benefits from the cloud.”
More cloud failures, such as unintended disclosures of lists of customer credit-card data or Social Security numbers, will be disclosed as the cloud market matures, Livingstone says. And a recent “hype cycle” report by David Mitchell Smith of Gartner points to signs of fatigue and disillusionment starting to show in the cloud-solutions marketplace. There is also “rampant cloud washing”—marketing by companies that are trying to get on the cloud bandwagon, even when they’re offering something that really doesn’t fit into the definition of cloud.
Smith says companies likely won’t completely abandon on-premises models or soon buy complex, mission-critical processes as services through the cloud. On the other hand, they will consume more cost-effective cloud services with “capabilities that are not easily done elsewhere.”
Gartner tracks 42 components of the cloud market through a timeline where the “innovation trigger” phase is followed by a “peak of inflated expectations,” then a “trough of disappointment” and a slow rise to a “plateau of productivity.” Only four components of the cloud market are within two years of the plateau, including the one CFOs are most interested in: software as a service (SaaS). Among the other 38 components that are wallowing in hype, the climb to hype or disappointment until at least 2015, finance chiefs should be interested in at least two: infrastructure as a service (IaaS), which is two to five years from the plateau, and Big Data (five to 10 years).
The most rapidly maturing use of IaaS, or on-demand computing capacity rented from a service provider, is the hosting of websites and web-based applications. Before IaaS is adopted by the mainstream, costs must come down and security, risk and compliance issues must be addressed, Gartner says.
Companies that haven’t tried IaaS should consider pilot projects, expanding successful trials into broader use, and reevaluate the suitability every six months, Gartner recommends. Cost benefits will be significant for small and midsize businesses, and large companies will benefit from greater flexibility.
As to Big Data, two facts will drive it into the disillusionment trough, Gartner reports. For one, tools and techniques likely will be adopted before learned expertise and optimization exists, creating confusion. Also, businesses are still fairly poor at spotting Big Data opportunities.
About 75% of respondents to Gartner polls say they will pursue a private cloud-computing strategy — where a company’s data does not reside on servers that also contain others’ data — for at least some purposes by 2014.
Also by the end of 2014, the adoption rate for cloud office systems, such as Microsoft Office 365 and Google Apps for Business, will accelerate, Gartner expects.
“Adoption of cloud solutions is getting a little easier and, more important, predictable,” says John Lovelock, a Gartner research vice president. For example, mature SaaS applications — those that have been around for several years — are getting more predictable to install and run. By 2015 about 50% of customer relationship management activity will be cloud-based, “and sales-force automation is going to be leading that charge,” says Lovelock.
Still, according to a recent KPMG report based on a survey of 674 C-level and IT executives in 16 countries, there is a “growing recognition that cloud adoption is significantly more complex than originally anticipated, particularly in terms of data management, system integration and the management of multiple cloud providers.” But, the survey respondents said, over the next 18 months they expect to spend less time building and defending their business cases for moving more processes to the cloud.
One underreported cloud issue that soon will gain more publicity is loss of control, says Livingstone, noting that cloud vendors are often unable to accommodate the change requests of clients that they’ve engaged. For example, when a company takes on a significant new client or acquisition that shifts the company into a new business sector, the inflexible response of its cloud provider can force the company to run two systems, change cloud providers or make modifications to accommodate the inflexible cloud solution.
Another little-publicized cloud problem that will draw more attention in 2014 is cost. While the cloud is extensively promoted as less costly than traditional software, in some cases the expense of integrating a cloud solution with other company systems may be far higher than that of procuring the service, according to Livingstone.
One of the key challenges in integrating cloud solutions and existing IT systems will be their different architectures for infrastructure, data and applications, he says. Related costs will come not only from the integration process but also from data leakages.
The main cause of problems with cloud implementation will continue to be organizations focusing on the short term, without performing appropriate prepurchase due diligence for the lifespan of the overall system, Livingstone says.
Another risk that will be overlooked in the near future will be data security, suggests Franco DeBlasio, a CFO partner at Tatum, a professional-services firm, who has been a finance chief for several companies. Beyond the obvious risk of exposing credit-card information and Social Security numbers, there is a long list of back-office data sets that will cause considerable stress for a company if released, he says. Those include data on customer relationship management, supply-chain management, general ledger accounts and invoicing.
That reality is unlikely to go away in 2014. But eventually, DeBlasio says, well-defined rules and roles for cloud vendors and customers will develop, much as regulations for bonded warehouses — physical locations where imported goods and commodities were stored securely — were established in the 1700s and 1800s after issues had been hashed out over decades.
“As people feel the pain of failures, the market and the government will address the issues,” he says. “In today’s age, we’re just starting to cut our teeth on cloud contracts and service-level agreements. They just need to become more sophisticated and defined.”
For 2014, finance chiefs will have to make sure contracts with cloud providers clearly define who is responsible for security, what happens when security is breached, who is responsible for identifying breaches and who will bear related costs, DeBlasio says. For example, if a company’s customer credit-card data is breached, will the company or the vendor pay for the credit-card company’s costs of canceling and reissuing cards?
“Too many companies don’t define those things clearly,” he says. “Very large companies do, but others think they don’t have the time or haven’t even thought of it. And CFOs shouldn’t outsource that to legal. It’s a very detailed process, and people have to sit down and think through the risks they’re taking. That’s purely the CFO’s job.”
Technology on the Go
Gartner’s recent hype-cycle report on mobile devices tracked 49 technologies, four of them expected to reach the “plateau of productivity” within two years. They are:
• High-performance multicore application processors, which allow smartphones and tablets to handle high-definition video and context-aware computing. The technology will allow phone users to accomplish more tasks without PCs and thereby increase their productivity while on the move.
• Magnetometers, or digital compasses, which help significantly with pedestrian navigation, will affect workers who rely on navigation and affect contactless gesture control on mobile devices that use magnetic sensors.
• Multitouch displays, where two or more fingers are used together to control objects or navigate screens.
• Wireless video in wireless LAN settings, which will have its widest impact on the consumer market, such as with home theater systems.
With mobile devices, including smartphones and tablets, the main concern for CFOs in the near future will be establishing centralized mobile device security management plans, Livingstone says. Ideally those plans will follow guidelines established by the National Institute of Standards and Technology.
“Rolling out mobile devices needs some due diligence first,” he says. “Questions need to be asked: Where’s the data? Who’s securing it? How is it secured? What mobile device management regimes need to be put in place?”
Mobile-device use will also raise significant regulatory and compliance issues, depending on where a company operates, Livingstone says. The European Union, Australia and other countries and international organizations are passing data-security laws and creating regulations that will be effective in 2014. These will require companies to safeguard private data, including names, addresses, phone numbers and other information that could be used for identity theft.
Part of a CFO’s due diligence will be to ensure that a cloud service provider complies with current and future cloud privacy legislation, as well as regulatory requirements to keep data and backup data within certain countries, Livingstone says.
Privacy issues will be another area of responsibility for finance chiefs as their companies utilize sophisticated mobile device technology, such as tracking user location, says Jack Bergstrand, chief executive of management consultant Brand Velocity and a former CFO and CIO of publicly traded companies. Because CFOs are seen as keepers of common sense, they will be in the perfect independent position to ask the right questions about the technology’s use, advantages and risks.
“There’s no doubt that mobile devices are continuing to become the center of the user-interface universe,” Bergstrand says. “But I do think companies will need to be conscious of customer privacy issues. With mobile that is even more important than it was in the old days.”
When it comes to the trend toward increasing employee use of mobile devices in the workplace, among the first steps for a finance chief will be to assign value to the devices and determine how much employees will be willing to pay for them, says Bergstrand.
Many organizations are currently buying mobile devices for employees, but often it’s not a coordinated effort, making costs higher than they need to be. Finance chiefs will have to reverse the current trends of company units buying tablets, smartphones and hybrid mobile devices with their discretionary budgets and employees logging on to the network infrastructure without the knowledge of the CIO, Lovelock says.
“Reactions to people bringing their own mobile devices to work have been tentative,” Lovelock says. “Most CFOs haven’t said, ‘The value of the phones to this organization is based on this premise’ or ‘This is how we will fund employees that need to have cell phones.’”
It is difficult and costly for companies to separate the business versus personal costs of mobile devices used part of the time for work, but more tools will be on the market in 2014 to make the process easier.
Company spending on mobile devices is predicted to increase in 2014, but not as much as in 2012, prior to the BYOD (bring your own device) trend, Lovelock says. “We know companies are spending less on phones because they are apportioning part of the cost to employees, and in some cases the entire cost.”