Scoop has an Ethical Paywall
Work smarter with a Pro licence Learn More

Video | Agriculture | Confidence | Economy | Energy | Employment | Finance | Media | Property | RBNZ | Science | SOEs | Tax | Technology | Telecoms | Tourism | Transport | Search


5 Hidden Costs of Cloud Migration: New ISACA White Paper

5 Hidden Costs of Cloud Migration: New ISACA White Paper
“Calculating Cloud ROI” Cuts Through Hype

Wellington, New Zealand (22 August 2012) — Cloud computing promises a low cost of entry and fast return on investment, but that ROI can fall short of expectations if hidden costs are left out of the equation.

A new white paper from global IT association ISACA, “Calculating Cloud ROI: From the Customer Perspective,” takes a close look at the true costs of cloud migration and offers a practical framework for calculating returns on migrating to the cloud.

The free white paper outlines five hidden costs that enterprises may fail to anticipate when moving quickly to cloud-based services:

1. Cost of bringing services back in-house due to regulatory change (e.g. stricter data privacy laws)
2. Cost of implementing and operating countermeasures to mitigate risk
3. Unexpected expenses involved in initial migration of systems
4. Loss of internal IT knowledge providing competitive differentiation
5. Lock-in with specific cloud provider or proprietary service model, which may slow down future adoption of open standards-based services

“Cloud computing represents significant changes to the delivery of traditional IT services, and its advantages have been well documented for a number of years. However, any movement to a new IT delivery model should identify the proposed benefits and the cost to achieve these over its entire life cycle,” said Vaughan Harrison, President of the ISACA Wellington Chapter and Director at PricewaterhouseCoopers New Zealand.

Advertisement - scroll to continue reading

Are you getting our free newsletter?

Subscribe to Scoop’s 'The Catch Up' our free weekly newsletter sent to your inbox every Monday with stories from across our network.

“Organisations should consider the impact of moving to a cloud environment by identifying potential movements in its current strengths and weaknesses, the ability to achieve future aspirations, cost of service movements and changes to its risk profile. This does not need to be a complex analysis; however, it should be thorough enough to enable an informed and supported decision."

Enterprises are increasingly turning to public, private or hybrid cloud models to achieve such benefits as shifting cost from capital to operational, becoming more agile, and redeploying IT resources to higher-value-added activities.

While these benefits are achievable, this latest guidance from ISACA details a 12-step process that takes a frank look at the complexity of cloud computing options and the importance of making an informed decision about long-term costs and payback.

An example of positive ROI as a result of cloud migration is global organisation CA Technologies, which uses a private cloud to enable resource pooling and on-demand and scheduled resource acquisition, and to support data centre consolidation and standardisation.

“Early in our deployment we consolidated 44 locations and were able to drive millions in real estate savings and in productivity gains, as well as a 25 percent reduction in budget,” said George Watt, vice president of strategy, CA Technologies, who led the cloud deployment.

“Yet, our newfound agility was the unsung hero. From our perspective, one of the most important steps in calculating ROI is ensuring second-order costs are considered so there is a legitimate understanding of the complete cost of cloud and non-cloud options.”

To help more companies effectively calculate the ROI for their cloud initiatives, the “Calculating Cloud ROI” white paper offers the following practical tips:
- Balance the need to be accurate with the need to reach a decision. An overly complex ROI calculation can make it hard to understand why a decision was made or measure its effects. Do as thorough a job as possible, but don’t let perfect be the enemy of good.
- Cloud is not right for every organisational need. The type of cloud service selected—and the decision to use cloud computing services—depends on the specific enterprise’s risk appetite.
- ROI is a good start, but other financial indicators should also be calculated. ROI coupled with total cost of ownership (TCO), net present value (NPV), internal rate of return (IRR), or payback period will provide a more accurate financial picture across the life span of the cloud investment.
- It is far easier and less costly to change a decision when it is still on the drawing board. The time an enterprise spends considering the ROI of various options and selecting the best fit for its needs is time well spent.

“Calculating Cloud ROI: From the Customer Perspective” is available as a complimentary download at

This topic will also be discussed at ISACA’s upcoming Oceania CACS2012 conference, which focuses on ‘embracing uncertainty and delivering value in turbulent times’. Held in Wellington from 10-12 September 2012, the conference will feature highly respected industry experts from New Zealand, Australia and around the world who will present their latest thinking, research and practical experience in topical presentations and workshops.

For more information on the Oceania CACS2012 conference, including registration details, please visit: For more information about ISACA, please visit
About ISACA’s Cloud Computing Initiative
ISACA has been a pioneer in cloud governance, risk and compliance (GRC). A member of the Cloud Security Alliance, the association has published IT Control Objectives for Cloud Computing, a cloud computing audit program and cloud-related white papers, and holds cloud-related education sessions worldwide. Its flagship COBIT 5 framework for the governance and management of IT helps enterprises worldwide with effective governance of cloud initiatives. Members can take advantage of this extensive body of cloud knowledge through the ISACA Knowledge Center Cloud Computing group, which offers expert-led discussions, peer networking, publications, survey data, wikis and online learning.

With more than 100,000 constituents in 180 countries, ISACA ( is a leading global provider of knowledge, certifications, community, advocacy and education on information systems (IS) assurance and security, enterprise governance and management of IT, and IT-related risk and compliance.

Founded in 1969, the nonprofit, independent ISACA hosts international conferences, publishes the ISACA Journal, and develops international IS auditing and control standards, which help its constituents ensure trust in, and value from, information systems. It also advances and attests IT skills and knowledge through the globally respected Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT) and Certified in Risk and Information Systems Control (CRISC) designations.

ISACA continually updates and expands the practical guidance and product family based on the COBIT framework. This helps IT professionals and enterprise leaders fulfil their IT governance and management responsibilities, particularly in the areas of assurance, security, risk and control, and deliver value to the business.

• Participate in the ISACA Knowledge Center:
• Follow ISACA on Twitter:
• Join ISACA on LinkedIn: ISACA (Official),
• Like ISACA on Facebook:


© Scoop Media

Advertisement - scroll to continue reading
Business Headlines | Sci-Tech Headlines


Join Our Free Newsletter

Subscribe to Scoop’s 'The Catch Up' our free weekly newsletter sent to your inbox every Monday with stories from across our network.