Cost cutting vs cost optimisation

Issue 5 2023 Information Security

While South Africa has fended off the threat of recession after recording a slight growth in the first quarter of 2023, the global tech industry is still being cautious as it prepares to weather a storm.

Tech companies are looking at optimising their costs across the board, with one such area topping the list of CIOs being controlling cloud expenditure. The cloud’s recent fortunes have also been closely tied to the pandemic, with the market for cloud services more than doubling in just three years since 2020. So, if the pandemic bubble is truly over, is the cloud going to burst with it? Not necessarily, as cutting cloud costs doesn’t always have to mean cutting back on the cloud altogether.

Michael Cade.

Great expectations

It might seem obvious, but at times it’s worth reminding ourselves that optimising costs was one of the main reasons for adopting cloud strategies to begin with. And it’s not simply a case of too much of a good thing – despite research indicating that 61% of South African organisations spent more on cloud solutions in 2021 than 2020, with the public cloud services market expected to increase at a compound annual growth rate of 24,5% through to 2025.

So, despite the cloud promising cheaper pastures, in reality, many CIOs are still waiting for the initial investment to pay off. How has this happened?

When leveraged correctly, the cloud can greatly reduce costs, but it’s important to remember that cloud providers aren’t in the business of saving you money. If you’re ordering from your favourite pizza chain, and adding extra topping after extra topping, they aren’t going to stop you and ask, “Are you sure you need all that?”

The cloud’s value is that you pay for what you need, but therein lies the issue – its flexibility is a double-edged sword. This has caught out many a CIO to the point where ‘bill shock’, a term once reserved for utilities, has become synonymous with cloud computing. Bills can scale out of hand, not just because it’s easier than ever to build out new environments, but because IT teams can often be focused on looking forward to what they will need next, and not always looking back to what they don’t need anymore.

Enter FinOps

This is why we’ve seen the rise of Financial Operations (FinOps) in recent years. Operations teams have historically never had to worry about day-to-day costs, but the rise of the cloud has brought with it opex-dominated budgets. Looking at IT operations through a financial lens is vital to controlling these rising costs, particularly on an enterprise scale.

The options for beginning to optimise cloud costs are broad, and choosing the right strategy for your environment is often the first hurdle. Re-platforming or repatriating to a new cloud or back to the good-old physical server are both viable options. However, they both present a big initial lift, while often not necessarily fixing the issue at the source, not to mention having to navigate around vendor lock-in.

Rather than trying to pull away, many opt to dive even deeper into the cloud and re-architect with cloud-native models and services to try and offload costs. This might include better managing of VM instances, implementing intelligent tiering for storage costs or implementing containers and Kubernetes. The latter needs to be set up correctly, however, or it can wind up being just as much of a drain on budgets. If the cloud’s flexibility is a double-edged sword, Kubernetes is an even bigger blade, offering more upside but more financial risks if mismanaged.

This is a good example of how key a consideration personnel and skills are, when optimising cloud spend. The cloud skills gap is an ongoing issue for the industry and a large factor in why we’re in this position to begin with. The pandemic essentially forced many businesses (and their IT teams) to launch into the cloud without enough time to prepare and now many are (quite literally) still paying the price. Since then, while the gap might be closing slowly, many teams lack the expertise to undertake the large scale re-architecting that may be required to optimise costs. Businesses need to look at outside expertise where needed, or alternatives such as dedicated cost saving modules, or automated cloud cost optimisation solutions.

The missing piece

Finally, it’s crucial that during this cloud optimisation, decision making, security and data protection aren’t neglected. With cyber threats like ransomware becoming increasingly ubiquitous, businesses need to ensure that they are staying as resilient to these threats as possible, or short term savings could lead to long term pain. According to the 2023 Veeam Ransomware Trends Report

(, 85% of organisations suffered at least one cyberattack in a twelve-month period; an increase from 76% experienced in the previous year, so now is definitely not the time to cut back on protection in the cloud.

It’s important this stays top-of-mind, for example, when looking at storage costs for cloud-hosted backups, or changing storage tiers for existing workloads. Essentially, decisions for each workload in the environment need to be made considering these three factors – operations, finances and data protection. This may mean that while businesses aim to push overall cloud spending down, data protection as a fraction of this may continue to increase. Indeed, most organisations around the world expect to increase their data protection budget in 2023 by 6,5% (5,8% in Middle East and Africa) according to the Veeam Data Protection Trends Report 2023, which is notably higher than overall spending plans in other areas of IT.

Even during a boom, you’d argue that businesses need to get wasted cloud expenditure under control, but against the backdrop of economic uncertainty and a technology sector that’s licking its wounds, it’s more important than ever. While strictly speaking, the best time to act was early on, when workloads were first moved to the cloud, the next best option is now. After all, you know what they say about the best time to plant a tree.

For more information, contact Veeam, +27 10 822 1120,


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Time is of the essence
Information Security
Ransomware attacks are becoming increasingly common. Yet, many individuals and organisations still lack a clear understanding of how these attacks occur and what can be done to secure their data.

From the editor's desk: A sad but exciting goodbye
Technews Publishing News & Events
Welcome to the final monthly issue of SMART Security Solutions. This is the last issue of the year and the last monthly issue we will print. The SMART Security Solutions team wishes all our readers and advertisers a relaxing festive season and a peaceful and prosperous 2024.

All aspects of data protection
Technews Publishing Editor's Choice Information Security Infrastructure AI & Data Analytics
SMART Security Solutions spoke to Kate Mollett, Senior Director, Commvault Africa, about the company and its evolution from a backup specialist to a full data protection specialist, as well as the latest announcements from the company.

The song remains the same
Sophos Information Security
Sophos report found that telemetry logs were missing in nearly 42% of the attack cases studied. In 82% of these cases, cybercriminals disabled or wiped out the telemetry to hide their tracks.

How hackers exploit our vulnerabilities
Information Security Risk Management & Resilience
Distractions, multi-tasking, and emotional responses increase individuals’ vulnerability to social engineering, manipulation, and various forms of digital attacks; 74% of all data breaches included a human element.

Projections for 2024’s Advanced Threats Landscape
News & Events Information Security
Kaspersky Global Research and Analysis Team (GReAT) experts offer insights and projections for 2024 in the Kaspersky Security Bulletin, with a focus on the evolution of Advanced Persistent Threats (APT).

Veeam and Sophos in strategic partnership
Information Security
Veeam and Sophos unite with a strategic partnership to advance the security of business-critical backups with managed detection and response for cyber resiliency, and to quickly recover impacted data by exchanging critical information.

Unmasking insider risks
Information Security
In today’s business landscape, insider risks can manifest in various forms, including data theft, fraud, sabotage, insider trading, espionage, whistleblowing, negligence, truck hijacking, goods robbery from warehouses, and more.

When technology is not enough
Information Security
[Sponsored] Garith Peck, Executive Head of Department for Security at Vodacom Business, writes about the importance of creating a cybersecurity strategy in a world where threats never sleep.

Identity verification and management trends
Technews Publishing Information Security
Insights into what we can expect from identity fraudsters and the industry next year, ranging from criminal exploitation of AI and digital IDs to multi-layer fraud protection and the need for more control over personal information sharing.