As economies worldwide, and particularly in New Zealand, have hit the brakes, businesses are taking a hard look at their expenses. The burning question on everyone's mind is: "Are we really getting the bang for our buck we thought we were?"
One line item that's often in the hot seat is public cloud spend. It's an OpEx cost, it's typically been on the up and up, and more often than not, it's a hefty chunk of change. But let's not forget that the same argument can be made for a slew of services that have jumped on the subscription bandwagon, like SASE and ZTNA products. We're seeing this reflected in the public sector too, with the Department of Internal Affairs (DIA) evaluating the ballooning costs of public cloud in government agencies.
Now, the sales pitch for these technologies was pretty enticing - "Transform your business," they said. Increase your digital agility to churn out products and services for your customers, they promised. Boost the productivity and security of your staff as work evolves, they assured. And in some cases, it's been spot on. But in others? Not so much.
So, are we about to see a boomerang effect, with businesses ditching these newer technologies and retreating to the comfort of on-premise computing or traditional firewalls?
Well, to answer that, we need to dig into why these technologies haven't delivered what they promised. More often than not, it boils down to a simple lack of planning or poor execution in rolling out this change across the business. Why? Because this isn't a tech-led change but a business-led change.
Let's take a real-world example. Moving your servers to the public cloud and just hosting IaaS for the next five years? That's a recipe for costs spiralling out of control. If you were justifying it by offsetting a hefty capital investment like a data centre refresh, fair enough. But if you've found yourself regularly supersizing your instances, you might be bleeding more money than you realise (and that's not even counting the hidden costs that often slip through the cracks of a TCO analysis).
As per the Gartner chart, public cloud spend is undeniably growing, which therefore will increase optics
But flip the script, and you could be looking at a very different picture. Take one of our customers as an example. They have embraced a full DevOps model and, over a few years, slashed their Azure costs roughly in half while actually increasing usage. How? They automated CI/CD pipelines and trimmed their code base from a whopping 100k lines to a svelte 10k. The payoff was considerable and now they can continuously add "features" to their services - further increasing business value.
Similarly, a half-baked SASE deployment that's still clinging to on-premise firewalls, with limited licensed features enabled, no SSL inspection, and no one bothering to look at the security data or tune policies, might offer some benefits, but more often than not, it just ends up being a clunky user experience. The same goes for zero trust access products with the equivalent of an ANY:ANY rule. You might have removed your VPN endpoints as attack surfaces, but you've missed the boat on achieving the granular access policies that are the bread and butter of a zero trust architecture.
In most cases, the root cause of a disappointing ROI isn't the technology itself. It's the lack of a solid plan for how the business will change its mode of operation in line with the tech shift, and the follow-through on that plan. And let's be clear - that follow-through takes time. It's not achieved the day you flip the switch on a new platform. It's a gradual, continuous improvement across three areas - people, processes, and yes, the technology itself.
So, before you start eyeing that old server room longingly, take a step back. Are you really using these new technologies to their full potential? The promise of cloud computing and advanced security services is still there - but like any tool, their value lies in how you use them. Are there use cases for on-prem computing? Absolutely, but it is about clearly identifying those use cases, not repeating the same mistakes in the reverse.