Curtail Cloud Spend With These Strategies

The lack of collaboration between IT and security teams can have serious implications on your enterprise. The impact on cost and operational efficiency must be considered. For several organizations, the variable costs that come with cloud solutions have created a new set of challenges that directly impact the bottom line. Integrating security from the outset can improve cost efficiency and collaboration, ultimately benefiting cloud management.

In this archived keynote session, Juliet Okafor, CEO and founder of RevoulitonCyber, reveals effective strategies to optimize cloud spend. This segment was part of our live virtual event titled, “The Essential Guide to Cloud Management.” The event was presented by InformationWeek and ITPro Today on October 17, 2024.

A transcript of the video follows below. Minor edits have been made for clarity.

Juliet Okafor: Today, we're going to talk a little bit about what I would like to call the cloud paradox. But we're going to focus on how to optimize your use of the cloud and save costs, while integrating security. So, I talk about the cloud paradox often, because I would say I'm seeing this from a cybersecurity element.

One of the most invisible costs that people don't consider when they're building out clouds are the security costs. Oftentimes, when people make the decision to move from on-prem into cloud, they're often thinking only about the benefits that they get on the other end. They're either minimizing what the risks are or those invisible costs.

We've seen that about 70% of businesses are starting to think twice about their expenditures in cloud. They've figured out that sometimes with the lack of planning, there's uncontrolled spend, or they're finding that they have more resources than they needed.

Maybe they are using systems and tools that may not be aligned with their environment. We see that 30% of cloud spending leads to waste, but it could be mitigated and minimized by better management of cloud overall.

We also see the companies that started in the cloud with specific budgets, oftentimes using three- or five-year plans, they're going beyond their budgets and spending way more than anticipated. There are also new ways that we can think about the cloud. When I first got introduced to the cloud, it was this kind of amorphous idea of someone else's server.

We're putting data in places where we can't see. Some people embraced it as early adopters, and said, wow, this makes perfect sense. It removes the need to have the cloud on site or takes them out of our data centers. They started to think about the cloud much differently.

We're going to give our cloud, the liability, and the management to another company better suited to do it. The idea was fundamentally around a shared resources model and economies of scale.

This means that if one company fills multiple data centers with the idea that parts of that data center, or parts of those resources will be shared among many companies, then companies might spend less to get access to a similar quality of data and management. What wasn't talked about in the beginning was the issue of security.

So, there is a security conundrum. You want to have access to the best tools, but you also want to ensure that the cost of security is built into the way that organizations are building out their cloud infrastructure. We know today that the mismanagement of cloud governance and security leads to about 50% of the incidents we're seeing.

So, it's not enough to put the information in the cloud. Organizations are facing the repercussions of not having a strategic security plan in place to handle misconfigurations. They need to ensure that there are people who have the ability and the skills to properly manage the cloud.

They also need to ensure that there isn't data leakage and ensure that they're giving the right access to the right people inside the organization. We're also seeing that the cost of breaches is going up, especially in cloud-native companies.

Why? Primarily because we're noticing that the cloud misconfigurations are based on data that may not be used often. This is data that was sensitive and no longer useful to the company but hasn't been disposed of. And then what we're finding is that the company is having two different conversations.

The security team is talking about how to protect the data in the cloud, while the IT team is talking about how to optimize and manage the cloud. And sometimes, those two teams aren't talking. All of this leads to a fundamental issue with trust, and it can also impact the bottom line.

With the way IT and security organizations run, they might have different budget line items that often don't consider a duplication of effort. They don't consider what could be used together to minimize cost. Also, they don't consider the planning that will allow for both teams to collaborate and optimize the cost of cloud overall.

So, it's impossible for the board or the C-suite to really see the full cost of cloud because they're being handled in silos. Ultimately, security, the cloud, and costs go hand in hand. We figured out that the better we're able to include security at the beginning of the conversation, the better we're able to bridge security and IT teams.

This leads us to seeing less costs overall, because then there is an openness about what both teams need and how they can work together to get a better cloud management process in place.

Watch the archived “The Essential Guide to Cloud Management” live virtual event on-demand today.