This article was first published on LinkedIn on April 21, 2022.

Cloud is moving from being the platform on which a business runs to the product of the business. Much of the value inherent in a company’s operations can now be delivered in the form of a cloud service, rather than packaged into the kind of products and services organizations have traditionally sold. Even short of this, using cloud reduces capital investment by allowing companies to focus budgets on value creation rather than building data centers, maintaining hardware, or operating infrastructure.

Despite cloud’s potential, many financial services firms have been spending material time and money on cloud adoption without achieving the desired benefits. To derive full value and avoid wasting millions of dollars because of inefficiencies and regulatory scrutiny, you need to have a clear cloud strategy from the outset. In fact, research from Flexera shows that almost one-third of corporate spending on cloud is wasted on inefficient activities, with limited financial or strategic returns. 

Rather than seeing a transformation of the overall landscape and a rationalization of their operating models and technology estates, many companies end up with higher costs and bandwidth issues associated with lifting and shifting technology. In addition, a spate of recent, high-profile outages have disrupted end-to-end customer services for both business-to-business and business-to-consumer players. Those disruptions and threats, and an expected heavy-handed response by regulators, are pushing financial-services firms to consider ways to think differently about how to deliver on business ambitions in a safe and cost effective way.

In some cases, things don’t go to plan. Common problems that crop up include unwieldly governance that could delay approval of a project by as much as a year, lack of cloud training across relevant departments, and limited reusability of key assets, such as application programming interfaces, or APIs. In addition, millions of dollars could be spent on regulatory review and remediation.

One challenging area of note is the ineffective oversight across three lines of defense (LoD). For example, information shared with the board may not sufficiently draw attention to the scale, complexity, and risk associated with cloud adoption to enable effective understanding, challenge, and control.

Cloud presents an opportunity to transform your overall business operating model and to change the way departments interact and collaborate. Viewing cloud transformation as a structural and organizational change could save money and avoid regulatory scrutiny, as well as spark innovation across a company’s functions, processes, and technology.

Here are three steps to remediate cloud and derive its full business benefits faster:

1. Invest in cloud talent and embed a clear cloud-operating model across the entire organization, not just IT. A big part of cloud’s allure is the idea of third-party outsourcing, but there are still major in-house skill gaps when it comes to management and oversight of cloud. This requires upskilling existing staff across the organization and sourcing new talent so there is a consistent and efficient internal function. It’s equally important to develop early engagement, content knowledge, and new ways of working between technical, business, and risk teams across the three LoD. The lack of a clear operating model can cost time and money if at some point a company attempts to reorganize its cloud capabilities.
2. Proactively manage cloud risk across three LoD and engage early with regulators. Ensure that your cloud strategy is aligned with your wider business strategy and risk appetite. To avoid costly rebuilds, embed regulatory guidelines in the operating model and cloud technology platform from the outset. Enable risk reporting across the three LoD straight up to the board, ensuring the board can effectively govern and make decisions based on understanding the broader aggregate risk.  
3. Invest in automation to support efficiencies. Use automation and analytics to continuously monitor compliance and proactively manage cloud risk. Automated compliance frees employees from time-consuming work, as well as improving the level and efficiency of risk governance. We commonly see teams drowning in governance and spending hours on meetings and manual activities without increasing value. This results in risks not being addressed, a lack of time to solve what matters most, and ultimately money being wasted. Often, the level of deep ‘content knowledge’ is limited, leading to layer upon layer of governance in the hope that potential problems will eventually be discovered after multiple reviews. By shifting your mindset from an audit mentality to a value-creation mentality, you can move from a waterfall approach to an Agile innovation mode.

Cloud as Catalyst

Every company may soon be a cloud company, just as every company eventually adopted computers, mobile telephones, and the internet. Think of cloud holistically, not as a technology silo and as a catalyst to revamp your organization’s strategy, operating model, and ways of working. It’s a catalyst for change rather than change itself.

Now is the right time for all companies to think differently about cloud adoption and remediate cloud to achieve its full business benefits. Not acting to address cost inefficiencies and cloud risks in a safe way can lead to commercial, regulatory, and reputational consequences that will slow your transformation and result in wasteful spend.